Define a TLS section to group TLS, TLSOptions, and TLSStores.
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
This commit is contained in:
Ludovic Fernandez
Traefiker Bot
parent
c9b2a07bc7
commit
4245096be4
52 changed files with 717 additions and 628 deletions
|
|
@ -257,7 +257,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
|
|||
|
||||
ingresses := client.GetIngresses()
|
||||
|
||||
tlsConfigs := make(map[string]*tls.Configuration)
|
||||
tlsConfigs := make(map[string]*tls.CertAndStores)
|
||||
for _, ingress := range ingresses {
|
||||
ctx = log.With(ctx, log.Str("ingress", ingress.Name), log.Str("namespace", ingress.Namespace))
|
||||
|
||||
|
|
@ -341,7 +341,13 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
|
|||
}
|
||||
}
|
||||
|
||||
conf.TLS = getTLSConfig(tlsConfigs)
|
||||
certs := getTLSConfig(tlsConfigs)
|
||||
if len(certs) > 0 {
|
||||
conf.TLS = &config.TLSConfiguration{
|
||||
Certificates: certs,
|
||||
}
|
||||
}
|
||||
|
||||
return conf
|
||||
}
|
||||
|
||||
|
|
@ -350,7 +356,7 @@ func shouldProcessIngress(ingressClass string, ingressClassAnnotation string) bo
|
|||
(len(ingressClass) == 0 && ingressClassAnnotation == traefikDefaultIngressClass)
|
||||
}
|
||||
|
||||
func getTLS(ctx context.Context, ingress *v1beta1.Ingress, k8sClient Client, tlsConfigs map[string]*tls.Configuration) error {
|
||||
func getTLS(ctx context.Context, ingress *v1beta1.Ingress, k8sClient Client, tlsConfigs map[string]*tls.CertAndStores) error {
|
||||
for _, t := range ingress.Spec.TLS {
|
||||
if t.SecretName == "" {
|
||||
log.FromContext(ctx).Debugf("Skipping TLS sub-section: No secret name provided")
|
||||
|
|
@ -372,8 +378,8 @@ func getTLS(ctx context.Context, ingress *v1beta1.Ingress, k8sClient Client, tls
|
|||
return err
|
||||
}
|
||||
|
||||
tlsConfigs[configKey] = &tls.Configuration{
|
||||
Certificate: &tls.Certificate{
|
||||
tlsConfigs[configKey] = &tls.CertAndStores{
|
||||
Certificate: tls.Certificate{
|
||||
CertFile: tls.FileOrContent(cert),
|
||||
KeyFile: tls.FileOrContent(key),
|
||||
},
|
||||
|
|
@ -384,14 +390,14 @@ func getTLS(ctx context.Context, ingress *v1beta1.Ingress, k8sClient Client, tls
|
|||
return nil
|
||||
}
|
||||
|
||||
func getTLSConfig(tlsConfigs map[string]*tls.Configuration) []*tls.Configuration {
|
||||
func getTLSConfig(tlsConfigs map[string]*tls.CertAndStores) []*tls.CertAndStores {
|
||||
var secretNames []string
|
||||
for secretName := range tlsConfigs {
|
||||
secretNames = append(secretNames, secretName)
|
||||
}
|
||||
sort.Strings(secretNames)
|
||||
|
||||
var configs []*tls.Configuration
|
||||
var configs []*tls.CertAndStores
|
||||
for _, secretName := range secretNames {
|
||||
configs = append(configs, tlsConfigs[secretName])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -702,11 +702,13 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
TLS: []*tls.Configuration{
|
||||
{
|
||||
Certificate: &tls.Certificate{
|
||||
CertFile: tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
KeyFile: tls.FileOrContent("-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----"),
|
||||
TLS: &config.TLSConfiguration{
|
||||
Certificates: []*tls.CertAndStores{
|
||||
{
|
||||
Certificate: tls.Certificate{
|
||||
CertFile: tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
KeyFile: tls.FileOrContent("-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -973,7 +975,7 @@ func TestGetTLS(t *testing.T) {
|
|||
desc string
|
||||
ingress *v1beta1.Ingress
|
||||
client Client
|
||||
result map[string]*tls.Configuration
|
||||
result map[string]*tls.CertAndStores
|
||||
errResult string
|
||||
}{
|
||||
{
|
||||
|
|
@ -1080,15 +1082,15 @@ func TestGetTLS(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
result: map[string]*tls.Configuration{
|
||||
result: map[string]*tls.CertAndStores{
|
||||
"testing/test-secret": {
|
||||
Certificate: &tls.Certificate{
|
||||
Certificate: tls.Certificate{
|
||||
CertFile: tls.FileOrContent("tls-crt"),
|
||||
KeyFile: tls.FileOrContent("tls-key"),
|
||||
},
|
||||
},
|
||||
"testing/test-secret2": {
|
||||
Certificate: &tls.Certificate{
|
||||
Certificate: tls.Certificate{
|
||||
CertFile: tls.FileOrContent("tls-crt"),
|
||||
KeyFile: tls.FileOrContent("tls-key"),
|
||||
},
|
||||
|
|
@ -1099,7 +1101,7 @@ func TestGetTLS(t *testing.T) {
|
|||
desc: "return nil when no secret is defined",
|
||||
ingress: testIngressWithoutSecret,
|
||||
client: clientMock{},
|
||||
result: map[string]*tls.Configuration{},
|
||||
result: map[string]*tls.CertAndStores{},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -1108,7 +1110,7 @@ func TestGetTLS(t *testing.T) {
|
|||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tlsConfigs := map[string]*tls.Configuration{}
|
||||
tlsConfigs := map[string]*tls.CertAndStores{}
|
||||
err := getTLS(context.Background(), test.ingress, test.client, tlsConfigs)
|
||||
|
||||
if test.errResult != "" {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue