diff --git a/integration/fixtures/k8s/02-secrets.yml b/integration/fixtures/k8s/02-secrets.yml new file mode 100644 index 000000000..031c8a195 --- /dev/null +++ b/integration/fixtures/k8s/02-secrets.yml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: tls-cert + namespace: default +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQUw4NThwY2k1WHlqTUEwR0NTcUdTSWIzRFFFQkJRVUFNQll4RkRBU0JnTlYKQkFNTUMzTnVhWFJsYzNRdVkyOXRNQjRYRFRFMU1URXlNekl5TURVMU5sb1hEVEkxTVRFeU1ESXlNRFUxTmxvdwpGakVVTUJJR0ExVUVBd3dMYzI1cGRHVnpkQzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEVkYyNXdFcm9TSVVPL2ROZ0h4bHl0OHBaRlZwSjhmTmFKdzdjbmxaMUpQMmhMdUVibWpBRlQKZEhxUzh3S0ROWUhrdHNCRU9VZk4vcWJrMEFpR2IrU3ZoUXc2a2ZNL1FTajlmWFZRN0toWVA5WFlPZWtUT0g3ZApNMFoyTDNSR2dxczh6KzgzZXhPT25BRlZ2SUpDTVpKWEVlaWpWNmlKbG1wQ2NKYTBLZy9KSGx4aG9XVEVlWnVVCkcraElUYWZrMXlXT0tvclRDUGxNaEIzMHd1UW9XZmJIUCszRzBic0VSTFhGaU1BTkU4RXRRdTgrWmhmc2VCVWgKNVR1NWdJQzRGbnJpYTdtUml4QVplRWlBYmxGUDloMHZyTlJjUDNubXVWejB0SFBJZVFzSlFpRWh4YVowOW9VVwpoOVdxVHNZQ1AxODIxK1NWYXpNOW9GUlRweTZjaFp5VEFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCU3o5bWJYCmlhMVRNNUZHNFpnYWdhZXQyNFM4SERBZkJnTlZIU01FR0RBV2dCU3o5bWJYaWExVE01Rkc0WmdhZ2FldDI0UzgKSERBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUI3OVc4WFR4bG96aDl3L1c3VAo1dkRldjY3RzRUL3dldEFCU2I2OENScnFvanQ3OFBNSnVTODlKYXJBOEkzdHMwME8rMEpZbnNIeHArOXFDN3BmCmpXSGNEU2lMd1JVTXU3TVhXL0tJZW4xRUI4QlFOQTB4V2JBaVFhV1lQSHpzQmxYNDgrOXdCZTBIVER4N0xjeGIKT3NtblhIQkY1ZmQyRVkrUjhxSnUrUHlURERMMVdMSXRGSnB6SGlGaUdpWUY4VHlpYzNra1BqamU2ZUlPeFJtVApocStxYndBcHpieno2aC9WRDV4UjN6QkRGQm8yWHM1dGRQMjY0S0l3L1lYRHBhWFZCaUo1RERqUTNkdEp3MUc1Cnl6Z3JIUVpXSk44R3M4WlpnR2RnUmY3UEhveDh4RVp0cVBpTWtDaER6NlQ3SGEzVTB4WU42VFpHTlpPUjZESHMKSzkvOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMVJkdWNCSzZFaUZEdjNUWUI4WmNyZktXUlZhU2ZIeldpY08zSjVXZFNUOW9TN2hHCjVvd0JVM1I2a3ZNQ2d6V0I1TGJBUkRsSHpmNm01TkFJaG0va3I0VU1PcEh6UDBFby9YMTFVT3lvV0QvVjJEbnAKRXpoKzNUTkdkaTkwUm9LclBNL3ZOM3NUanB3QlZieUNRakdTVnhIb28xZW9pWlpxUW5DV3RDb1B5UjVjWWFGawp4SG1ibEJ2b1NFMm41TmNsamlxSzB3ajVUSVFkOU1Ma0tGbjJ4ei90eHRHN0JFUzF4WWpBRFJQQkxVTHZQbVlYCjdIZ1ZJZVU3dVlDQXVCWjY0bXU1a1lzUUdYaElnRzVSVC9ZZEw2elVYRDk1NXJsYzlMUnp5SGtMQ1VJaEljV20KZFBhRkZvZlZxazdHQWo5Zk50ZmtsV3N6UGFCVVU2Y3VuSVdja3dJREFRQUJBb0lCQUJBZFFZREFLY29OTWU1YwppNm1xMm45ZEJQZ2hYOXFDSmtjc3djRUFrM0JpbHlTQ3Z2bllSSkZuRVkzalNxRlpmb1VwUE1qcisvNGI3OHNGCjRGOHFQd1QyN3NIUEg3SDgzM2lyOEI4NmhsQ0dJMG5DdDFsNHdEOUNEV1lLbUtSc1pUNm9DdE1MUDZOZE1NeW4KQU1LNHRQUllxbHNQMmZMdHFRTjFPREJQcmZucmFvTkh0T1ZFNzg0aUJDRDVkZXdJQ0E1UklRRzJpL2QyK0NHRgorYmFoRnFVWFZDcUhveEJ6NEFWdnJSRkw5OVZjUDdQMmlaeWs2aERRN2ZjaTdYYXk4V2IvSHV0Unh1cXZGMGFVCmJHNkVuazZDQ3ROWkhMd05QcDRIcWZ0MFVkdmcydEc4b2tZd2JFbW9FTzQwblFzQ1N6UkNwcTVVdnppK0xYMWsKTHlrUTYrRUNnWUVBN3g4dlFveU9LNjBRM0xQcEpGR0RlYzIrWEpQb2VzVGZKVFQ2aWRhUDd1a1VMOHAzRnNVbwo5dnR4UlJmaFNPZFBvQUlObXJMMFR5TWVrTzJCNnpYeDBwbVdWcE1yRndaVzZ6TXdaQW5McC93KzNVU3BiR0N5CksxMklJd3ZSWXpUekt3b01UVkFLVFhtMzZiNm9xcjJMYTRiVGRKUjdSRVk2RzM3NEZySmIvSDBDZ1lFQTVDSGsKWW0waDdjZjAwZnc5VUVIUmZ6VVp4bUNmUldZNks4SW5PdUhkTGkrdTRUaXlYenM4eDVzMGUvRE4vcmFObVRHeApRTzgxVXp1UzNuS3djNG41UXlYalZuaHpSNURiYlNBQ0R3SHRkbnhaQnlMMEQxS3ZQanRSRjhGK3JXWFZpWHYyClRNN1VpT21uNlIzNzVGUFNBUHhleU14OFdvbWMzRW5BQWZMV0drOENnWUVBdjhJMldCdjNkemNXcXFic2RGK2EKRy9mT2pOZGdPL1BkTHkxSkxYaVBmSHdWNEMxeFN5VlpNSmQ3d25qZ0JXTGFDK3NabGRHazhrR3JwWFdTRmxudwpUMzh6Zk1JUWNDcDVVYXgvUmZwRkE3WFpoQUFvRGUyTmRCRlJ0eWtuQlhQVS9kTFZBcnNKU0JBd1dKYTVGQk5rCjF4b01RUlZCdFFMTVhuaDM0MXV0UU5FQ2dZRUE0bzFSMi9rYTE2TmFXbXBQalhNL2xEOXNrRmdGODRwNHZGbjgKVVhwYUIzTHREZGNiTkgyRWQ0bUhUb291V0FSOGpDVVFMVGNnMHI1M3RSZGFhZk1jS2ZYblZVa2Eybmhkb0hwSAo4UlZ0OTl1M0llSXhVMEkrcStPR1BidzNqQVYwVVN0Y3hwd2o3cTl6dzRxMlN1Sit5K0hVVXo3WFE2WWpzNVE5CjdQRjJjL3NDZ1lFQWhkVm41Z1o1RnZZS3JCaTQ2dDNweFBzV0s0NzZIbVFFVkhWaTUrb2Q3d2crYXJhRGVsQWUKOFFFOGhjOHFkWkdiamRCL0FIU1BDZVV4Zk8ydm5wc0NvU1JzMjlvNnBEdlF1cXZIWXMrTTUzbDVMRVllT2pvZgp0NkovREs1UGltMkNBRmpZRmNaazgvR3lsNUhqVHczUHBkV3hvUEQ1djJYdzNiYlk1N0lJYm00PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/integration/fixtures/k8s/03-ingress-https.yml b/integration/fixtures/k8s/03-ingress-https.yml new file mode 100644 index 000000000..e214be777 --- /dev/null +++ b/integration/fixtures/k8s/03-ingress-https.yml @@ -0,0 +1,17 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: test.ingress.https + namespace: default + +spec: + rules: + - host: whoami.test.https + http: + paths: + - path: /whoami + backend: + serviceName: whoami + servicePort: http + tls: + - secretName: tls-cert diff --git a/integration/testdata/rawdata-ingress.json b/integration/testdata/rawdata-ingress.json index 79692c664..9a9e1b9d7 100644 --- a/integration/testdata/rawdata-ingress.json +++ b/integration/testdata/rawdata-ingress.json @@ -1,5 +1,16 @@ { "routers": { + "whoami-test-https/whoami-tls@kubernetes": { + "service": "default/whoami/http", + "rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)", + "tls": {}, + "status": "enabled" + }, + "whoami-test-https/whoami@kubernetes": { + "service": "default/whoami/http", + "rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)", + "status": "enabled" + }, "whoami-test/whoami@kubernetes": { "service": "default/whoami/http", "rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)", @@ -21,6 +32,8 @@ }, "status": "enabled", "usedBy": [ + "whoami-test-https/whoami-tls@kubernetes", + "whoami-test-https/whoami@kubernetes", "whoami-test/whoami@kubernetes" ], "serverStatus": { diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index ced73ef9a..c4874547e 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -323,6 +323,15 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl Service: serviceName, } + if len(ingress.Spec.TLS) > 0 { + // TLS enabled for this ingress, add TLS router + conf.HTTP.Routers[strings.Replace(rule.Host, ".", "-", -1)+p.Path+"-tls"] = &dynamic.Router{ + Rule: strings.Join(rules, " && "), + Service: serviceName, + TLS: &dynamic.RouterTLSConfig{}, + } + + } conf.HTTP.Services[serviceName] = service } err := p.updateIngressStatus(ingress, client) diff --git a/pkg/provider/kubernetes/ingress/kubernetes_test.go b/pkg/provider/kubernetes/ingress/kubernetes_test.go index cacccda4c..d5ef16a2e 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes_test.go +++ b/pkg/provider/kubernetes/ingress/kubernetes_test.go @@ -688,6 +688,11 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { Rule: "Host(`example.com`)", Service: "testing/example-com/80", }, + "example-com-tls": { + Rule: "Host(`example.com`)", + Service: "testing/example-com/80", + TLS: &dynamic.RouterTLSConfig{}, + }, }, Services: map[string]*dynamic.Service{ "testing/example-com/80": {