Merge pull request #4327 from leki75/proxyssl

Add proxy_ssl_* directives
2019-08-18 09:14:04 -07:00 · 2019-08-18 09:14:04 -07:00 · 75d65bbd15
commit 75d65bbd15
parent 443886e686 4624b5bc77
9 changed files with 591 additions and 0 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -481,6 +481,17 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in
 					server.Hostname, ingKey)
 			}

+			if server.ProxySSL.CAFileName == "" {
+				server.ProxySSL = anns.ProxySSL
+				if server.ProxySSL.Secret != "" && server.ProxySSL.CAFileName == "" {
+					klog.V(3).Infof("Secret %q has no 'ca.crt' key, client cert authentication disabled for Ingress %q",
+						server.ProxySSL.Secret, ingKey)
+				}
+			} else {
+				klog.V(3).Infof("Server %q is already configured for client cert authentication (Ingress %q)",
+					server.Hostname, ingKey)
+			}
+
 			if rule.HTTP == nil {
 				klog.V(3).Infof("Ingress %q does not contain any HTTP rule, using default backend", ingKey)
 				continue
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -682,6 +682,7 @@ func (s *k8sStore) updateSecretIngressMap(ing *networkingv1beta1.Ingress) {
 	secretAnnotations := []string{
 		"auth-secret",
 		"auth-tls-secret",
+		"proxy-ssl-secret",
 	}
 	for _, ann := range secretAnnotations {
 		secrKey, err := objectRefAnnotationNsKey(ann, ing)