Only support SSL dynamic mode
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
333d9fd48d
commit
80bd481abb
40 changed files with 415 additions and 709 deletions
|
|
@ -141,7 +141,7 @@ extension for this to succeed.`)
|
|||
`Customized address to set as the load-balancer status of Ingress objects this controller satisfies.
|
||||
Requires the update-status parameter.`)
|
||||
|
||||
enableDynamicCertificates = flags.Bool("enable-dynamic-certificates", true,
|
||||
_ = flags.Bool("enable-dynamic-certificates", true,
|
||||
`Dynamically update SSL certificates instead of reloading NGINX. Feature backed by OpenResty Lua libraries.`)
|
||||
|
||||
enableMetrics = flags.Bool("enable-metrics", true,
|
||||
|
|
@ -171,6 +171,8 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
|
|||
flags.MarkDeprecated("status-port", `The status port is a unix socket now.`)
|
||||
flags.MarkDeprecated("force-namespace-isolation", `This flag doesn't do anything.`)
|
||||
|
||||
flags.MarkDeprecated("enable-dynamic-certificates", `Only dynamic mode is supported`)
|
||||
|
||||
flag.Set("logtostderr", "true")
|
||||
|
||||
flags.AddGoFlagSet(flag.CommandLine)
|
||||
|
|
@ -232,7 +234,6 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
|
|||
}
|
||||
|
||||
ngx_config.EnableSSLChainCompletion = *enableSSLChainCompletion
|
||||
ngx_config.EnableDynamicCertificates = *enableDynamicCertificates
|
||||
|
||||
config := &controller.Configuration{
|
||||
APIServerHost: *apiserverHost,
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ import (
|
|||
"k8s.io/client-go/tools/clientcmd"
|
||||
"k8s.io/klog"
|
||||
|
||||
"k8s.io/ingress-nginx/internal/file"
|
||||
"k8s.io/ingress-nginx/internal/ingress/controller"
|
||||
"k8s.io/ingress-nginx/internal/ingress/metric"
|
||||
"k8s.io/ingress-nginx/internal/k8s"
|
||||
|
|
@ -63,13 +62,6 @@ func main() {
|
|||
klog.Fatal(err)
|
||||
}
|
||||
|
||||
nginxVersion()
|
||||
|
||||
fs, err := file.NewLocalFS()
|
||||
if err != nil {
|
||||
klog.Fatal(err)
|
||||
}
|
||||
|
||||
kubeClient, err := createApiserverClient(conf.APIServerHost, conf.KubeConfigFile)
|
||||
if err != nil {
|
||||
handleFatalInitError(err)
|
||||
|
|
@ -98,8 +90,8 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
conf.FakeCertificate = ssl.GetFakeSSLCert(fs)
|
||||
klog.Infof("Created fake certificate with PemFileName: %v", conf.FakeCertificate.PemFileName)
|
||||
conf.FakeCertificate = ssl.GetFakeSSLCert()
|
||||
klog.Infof("SSL fake certificate created %v", conf.FakeCertificate.PemFileName)
|
||||
|
||||
k8s.IsNetworkingIngressAvailable = k8s.NetworkingIngressAvailable(kubeClient)
|
||||
if !k8s.IsNetworkingIngressAvailable {
|
||||
|
|
@ -125,7 +117,7 @@ func main() {
|
|||
}
|
||||
mc.Start()
|
||||
|
||||
ngx := controller.NewNGINXController(conf, mc, fs)
|
||||
ngx := controller.NewNGINXController(conf, mc)
|
||||
go handleSigterm(ngx, func(code int) {
|
||||
os.Exit(code)
|
||||
})
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package main
|
|||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
"testing"
|
||||
"time"
|
||||
|
|
@ -28,8 +29,8 @@ import (
|
|||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/fake"
|
||||
|
||||
"k8s.io/ingress-nginx/internal/file"
|
||||
"k8s.io/ingress-nginx/internal/ingress/controller"
|
||||
"k8s.io/ingress-nginx/internal/nginx"
|
||||
)
|
||||
|
||||
func TestCreateApiserverClient(t *testing.T) {
|
||||
|
|
@ -39,6 +40,15 @@ func TestCreateApiserverClient(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
// the default value of nginx.TemplatePath assumes the template exists in
|
||||
// the root filesystem and not in the rootfs directory
|
||||
path, err := filepath.Abs(filepath.Join("../../rootfs/", nginx.TemplatePath))
|
||||
if err == nil {
|
||||
nginx.TemplatePath = path
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandleSigterm(t *testing.T) {
|
||||
clientSet := fake.NewSimpleClientset()
|
||||
|
||||
|
|
@ -77,12 +87,7 @@ func TestHandleSigterm(t *testing.T) {
|
|||
}
|
||||
conf.Client = clientSet
|
||||
|
||||
fs, err := file.NewFakeFS()
|
||||
if err != nil {
|
||||
t.Fatalf("Unexpected error: %v", err)
|
||||
}
|
||||
|
||||
ngx := controller.NewNGINXController(conf, nil, fs)
|
||||
ngx := controller.NewNGINXController(conf, nil)
|
||||
|
||||
go handleSigterm(ngx, func(code int) {
|
||||
if code != 1 {
|
||||
|
|
|
|||
|
|
@ -1,37 +0,0 @@
|
|||
/*
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"k8s.io/klog"
|
||||
)
|
||||
|
||||
func nginxVersion() {
|
||||
flag := "-v"
|
||||
|
||||
if klog.V(2) {
|
||||
flag = "-V"
|
||||
}
|
||||
|
||||
cmd := exec.Command("nginx", flag)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
cmd.Run()
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue