Remove custom ssl code and add TLS support in Ingress rules

controllers/nginx-third-party/nginx/main.go

@@ -17,6 +17,7 @@ limitations under the License.
 package nginx
 
 import (
+	"os"
 	"runtime"
 	"strconv"
 	"strings"
@@ -27,7 +28,6 @@ import (
 
 	"k8s.io/contrib/ingress/controllers/nginx-third-party/ssl"
 
-	"k8s.io/kubernetes/pkg/client/record"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
 	k8sruntime "k8s.io/kubernetes/pkg/runtime"
 )
@@ -220,9 +220,9 @@ type NginxManager struct {
 	// path to the configuration file to be used by nginx
 	ConfigFile string
 
-	sslCertificates []ssl.Certificate
-	sslDHParam      string
-	servicesL4      []Service
+	sslDHParam string
+
+	servicesL4 []Service
 
 	client *client.Client
 	// template loaded ready to be used to generate the nginx configuration file
@@ -231,8 +231,6 @@ type NginxManager struct {
 	// obj runtime object to be used in events
 	obj k8sruntime.Object
 
-	recorder record.EventRecorder
-
 	reloadLock *sync.Mutex
 }
 
@@ -276,17 +274,25 @@ func newDefaultNginxCfg() *nginxConfiguration {
 // NewManager ...
 func NewManager(kubeClient *client.Client, defaultSvc, customErrorSvc Service) *NginxManager {
 	ngx := &NginxManager{
-		ConfigFile:      "/etc/nginx/nginx.conf",
-		defBackend:      defaultSvc,
-		defCfg:          newDefaultNginxCfg(),
-		defError:        customErrorSvc,
-		defResolver:     strings.Join(getDnsServers(), " "),
-		reloadLock:      &sync.Mutex{},
-		sslDHParam:      ssl.SearchDHParamFile(sslDirectory),
-		sslCertificates: ssl.CreateSSLCerts(sslDirectory),
+		ConfigFile:  "/etc/nginx/nginx.conf",
+		defBackend:  defaultSvc,
+		defCfg:      newDefaultNginxCfg(),
+		defError:    customErrorSvc,
+		defResolver: strings.Join(getDnsServers(), " "),
+		reloadLock:  &sync.Mutex{},
 	}
 
+	ngx.createCertsDir(sslDirectory)
+
+	ngx.sslDHParam = ssl.SearchDHParamFile(sslDirectory)
+
 	ngx.loadTemplate()
 
 	return ngx
 }
+
+func (nginx *NginxManager) createCertsDir(base string) {
+	if err := os.Mkdir(base, os.ModeDir); err != nil {
+		glog.Fatalf("Couldn't create directory %v: %v", base, err)
+	}
+}

controllers/nginx-third-party/nginx/nginx.go

@@ -16,13 +16,11 @@ limitations under the License.
 
 package nginx
 
-// NGINXController Updates NGINX configuration, starts and reloads NGINX
-type NGINXController struct {
-	resolver       string
-	nginxConfdPath string
-	nginxCertsPath string
-	local          bool
-}
+import (
+	"os"
+
+	"github.com/golang/glog"
+)
 
 // IngressNGINXConfig describes an NGINX configuration
 type IngressNGINXConfig struct {
@@ -113,3 +111,25 @@ func NewUpstream(name string) Upstream {
 		Backends: []UpstreamServer{},
 	}
 }
+
+// AddOrUpdateCertAndKey creates a .pem file wth the cert and the key with the specified name
+func (nginx *NginxManager) AddOrUpdateCertAndKey(name string, cert string, key string) string {
+	pemFileName := sslDirectory + "/" + name + ".pem"
+
+	pem, err := os.Create(pemFileName)
+	if err != nil {
+		glog.Fatalf("Couldn't create pem file %v: %v", pemFileName, err)
+	}
+	defer pem.Close()
+
+	_, err = pem.WriteString(string(key))
+	if err != nil {
+		glog.Fatalf("Couldn't write to pem file %v: %v", pemFileName, err)
+	}
+	_, err = pem.WriteString(string(cert))
+	if err != nil {
+		glog.Fatalf("Couldn't write to pem file %v: %v", pemFileName, err)
+	}
+
+	return pemFileName
+}

controllers/nginx-third-party/nginx/template.go

@@ -25,12 +25,9 @@ import (
 
 	"github.com/fatih/structs"
 	"github.com/golang/glog"
-
-	"k8s.io/contrib/ingress/controllers/nginx-third-party/ssl"
 )
 
 var funcMap = template.FuncMap{
-	"getSSLHost": ssl.GetSSLHost,
 	"empty": func(input interface{}) bool {
 		check, ok := input.(string)
 		if ok {
@@ -66,7 +63,6 @@ func (ngx *NginxManager) writeCfg(cfg *nginxConfiguration, upstreams []Upstream,
 	curNginxCfg := merge(toMap, fromMap)
 
 	conf := make(map[string]interface{})
-	conf["sslCertificates"] = ngx.sslCertificates
 	conf["upstreams"] = upstreams
 	conf["servers"] = servers
 	conf["tcpServices"] = servicesL4