Add TLS-enabled Router
This commit is contained in:
parent
2895ad21f3
commit
9e3f549341
5 changed files with 53 additions and 0 deletions
9
integration/fixtures/k8s/02-secrets.yml
Normal file
9
integration/fixtures/k8s/02-secrets.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: tls-cert
|
||||||
|
namespace: default
|
||||||
|
type: kubernetes.io/tls
|
||||||
|
data:
|
||||||
|
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQUw4NThwY2k1WHlqTUEwR0NTcUdTSWIzRFFFQkJRVUFNQll4RkRBU0JnTlYKQkFNTUMzTnVhWFJsYzNRdVkyOXRNQjRYRFRFMU1URXlNekl5TURVMU5sb1hEVEkxTVRFeU1ESXlNRFUxTmxvdwpGakVVTUJJR0ExVUVBd3dMYzI1cGRHVnpkQzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEVkYyNXdFcm9TSVVPL2ROZ0h4bHl0OHBaRlZwSjhmTmFKdzdjbmxaMUpQMmhMdUVibWpBRlQKZEhxUzh3S0ROWUhrdHNCRU9VZk4vcWJrMEFpR2IrU3ZoUXc2a2ZNL1FTajlmWFZRN0toWVA5WFlPZWtUT0g3ZApNMFoyTDNSR2dxczh6KzgzZXhPT25BRlZ2SUpDTVpKWEVlaWpWNmlKbG1wQ2NKYTBLZy9KSGx4aG9XVEVlWnVVCkcraElUYWZrMXlXT0tvclRDUGxNaEIzMHd1UW9XZmJIUCszRzBic0VSTFhGaU1BTkU4RXRRdTgrWmhmc2VCVWgKNVR1NWdJQzRGbnJpYTdtUml4QVplRWlBYmxGUDloMHZyTlJjUDNubXVWejB0SFBJZVFzSlFpRWh4YVowOW9VVwpoOVdxVHNZQ1AxODIxK1NWYXpNOW9GUlRweTZjaFp5VEFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCU3o5bWJYCmlhMVRNNUZHNFpnYWdhZXQyNFM4SERBZkJnTlZIU01FR0RBV2dCU3o5bWJYaWExVE01Rkc0WmdhZ2FldDI0UzgKSERBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUI3OVc4WFR4bG96aDl3L1c3VAo1dkRldjY3RzRUL3dldEFCU2I2OENScnFvanQ3OFBNSnVTODlKYXJBOEkzdHMwME8rMEpZbnNIeHArOXFDN3BmCmpXSGNEU2lMd1JVTXU3TVhXL0tJZW4xRUI4QlFOQTB4V2JBaVFhV1lQSHpzQmxYNDgrOXdCZTBIVER4N0xjeGIKT3NtblhIQkY1ZmQyRVkrUjhxSnUrUHlURERMMVdMSXRGSnB6SGlGaUdpWUY4VHlpYzNra1BqamU2ZUlPeFJtVApocStxYndBcHpieno2aC9WRDV4UjN6QkRGQm8yWHM1dGRQMjY0S0l3L1lYRHBhWFZCaUo1RERqUTNkdEp3MUc1Cnl6Z3JIUVpXSk44R3M4WlpnR2RnUmY3UEhveDh4RVp0cVBpTWtDaER6NlQ3SGEzVTB4WU42VFpHTlpPUjZESHMKSzkvOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||||
|
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMVJkdWNCSzZFaUZEdjNUWUI4WmNyZktXUlZhU2ZIeldpY08zSjVXZFNUOW9TN2hHCjVvd0JVM1I2a3ZNQ2d6V0I1TGJBUkRsSHpmNm01TkFJaG0va3I0VU1PcEh6UDBFby9YMTFVT3lvV0QvVjJEbnAKRXpoKzNUTkdkaTkwUm9LclBNL3ZOM3NUanB3QlZieUNRakdTVnhIb28xZW9pWlpxUW5DV3RDb1B5UjVjWWFGawp4SG1ibEJ2b1NFMm41TmNsamlxSzB3ajVUSVFkOU1Ma0tGbjJ4ei90eHRHN0JFUzF4WWpBRFJQQkxVTHZQbVlYCjdIZ1ZJZVU3dVlDQXVCWjY0bXU1a1lzUUdYaElnRzVSVC9ZZEw2elVYRDk1NXJsYzlMUnp5SGtMQ1VJaEljV20KZFBhRkZvZlZxazdHQWo5Zk50ZmtsV3N6UGFCVVU2Y3VuSVdja3dJREFRQUJBb0lCQUJBZFFZREFLY29OTWU1YwppNm1xMm45ZEJQZ2hYOXFDSmtjc3djRUFrM0JpbHlTQ3Z2bllSSkZuRVkzalNxRlpmb1VwUE1qcisvNGI3OHNGCjRGOHFQd1QyN3NIUEg3SDgzM2lyOEI4NmhsQ0dJMG5DdDFsNHdEOUNEV1lLbUtSc1pUNm9DdE1MUDZOZE1NeW4KQU1LNHRQUllxbHNQMmZMdHFRTjFPREJQcmZucmFvTkh0T1ZFNzg0aUJDRDVkZXdJQ0E1UklRRzJpL2QyK0NHRgorYmFoRnFVWFZDcUhveEJ6NEFWdnJSRkw5OVZjUDdQMmlaeWs2aERRN2ZjaTdYYXk4V2IvSHV0Unh1cXZGMGFVCmJHNkVuazZDQ3ROWkhMd05QcDRIcWZ0MFVkdmcydEc4b2tZd2JFbW9FTzQwblFzQ1N6UkNwcTVVdnppK0xYMWsKTHlrUTYrRUNnWUVBN3g4dlFveU9LNjBRM0xQcEpGR0RlYzIrWEpQb2VzVGZKVFQ2aWRhUDd1a1VMOHAzRnNVbwo5dnR4UlJmaFNPZFBvQUlObXJMMFR5TWVrTzJCNnpYeDBwbVdWcE1yRndaVzZ6TXdaQW5McC93KzNVU3BiR0N5CksxMklJd3ZSWXpUekt3b01UVkFLVFhtMzZiNm9xcjJMYTRiVGRKUjdSRVk2RzM3NEZySmIvSDBDZ1lFQTVDSGsKWW0waDdjZjAwZnc5VUVIUmZ6VVp4bUNmUldZNks4SW5PdUhkTGkrdTRUaXlYenM4eDVzMGUvRE4vcmFObVRHeApRTzgxVXp1UzNuS3djNG41UXlYalZuaHpSNURiYlNBQ0R3SHRkbnhaQnlMMEQxS3ZQanRSRjhGK3JXWFZpWHYyClRNN1VpT21uNlIzNzVGUFNBUHhleU14OFdvbWMzRW5BQWZMV0drOENnWUVBdjhJMldCdjNkemNXcXFic2RGK2EKRy9mT2pOZGdPL1BkTHkxSkxYaVBmSHdWNEMxeFN5VlpNSmQ3d25qZ0JXTGFDK3NabGRHazhrR3JwWFdTRmxudwpUMzh6Zk1JUWNDcDVVYXgvUmZwRkE3WFpoQUFvRGUyTmRCRlJ0eWtuQlhQVS9kTFZBcnNKU0JBd1dKYTVGQk5rCjF4b01RUlZCdFFMTVhuaDM0MXV0UU5FQ2dZRUE0bzFSMi9rYTE2TmFXbXBQalhNL2xEOXNrRmdGODRwNHZGbjgKVVhwYUIzTHREZGNiTkgyRWQ0bUhUb291V0FSOGpDVVFMVGNnMHI1M3RSZGFhZk1jS2ZYblZVa2Eybmhkb0hwSAo4UlZ0OTl1M0llSXhVMEkrcStPR1BidzNqQVYwVVN0Y3hwd2o3cTl6dzRxMlN1Sit5K0hVVXo3WFE2WWpzNVE5CjdQRjJjL3NDZ1lFQWhkVm41Z1o1RnZZS3JCaTQ2dDNweFBzV0s0NzZIbVFFVkhWaTUrb2Q3d2crYXJhRGVsQWUKOFFFOGhjOHFkWkdiamRCL0FIU1BDZVV4Zk8ydm5wc0NvU1JzMjlvNnBEdlF1cXZIWXMrTTUzbDVMRVllT2pvZgp0NkovREs1UGltMkNBRmpZRmNaazgvR3lsNUhqVHczUHBkV3hvUEQ1djJYdzNiYlk1N0lJYm00PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
17
integration/fixtures/k8s/03-ingress-https.yml
Normal file
17
integration/fixtures/k8s/03-ingress-https.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: test.ingress.https
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: whoami.test.https
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /whoami
|
||||||
|
backend:
|
||||||
|
serviceName: whoami
|
||||||
|
servicePort: http
|
||||||
|
tls:
|
||||||
|
- secretName: tls-cert
|
13
integration/testdata/rawdata-ingress.json
vendored
13
integration/testdata/rawdata-ingress.json
vendored
|
@ -1,5 +1,16 @@
|
||||||
{
|
{
|
||||||
"routers": {
|
"routers": {
|
||||||
|
"whoami-test-https/whoami-tls@kubernetes": {
|
||||||
|
"service": "default/whoami/http",
|
||||||
|
"rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)",
|
||||||
|
"tls": {},
|
||||||
|
"status": "enabled"
|
||||||
|
},
|
||||||
|
"whoami-test-https/whoami@kubernetes": {
|
||||||
|
"service": "default/whoami/http",
|
||||||
|
"rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)",
|
||||||
|
"status": "enabled"
|
||||||
|
},
|
||||||
"whoami-test/whoami@kubernetes": {
|
"whoami-test/whoami@kubernetes": {
|
||||||
"service": "default/whoami/http",
|
"service": "default/whoami/http",
|
||||||
"rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)",
|
"rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)",
|
||||||
|
@ -21,6 +32,8 @@
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
"whoami-test-https/whoami-tls@kubernetes",
|
||||||
|
"whoami-test-https/whoami@kubernetes",
|
||||||
"whoami-test/whoami@kubernetes"
|
"whoami-test/whoami@kubernetes"
|
||||||
],
|
],
|
||||||
"serverStatus": {
|
"serverStatus": {
|
||||||
|
|
|
@ -323,6 +323,15 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
|
||||||
Service: serviceName,
|
Service: serviceName,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(ingress.Spec.TLS) > 0 {
|
||||||
|
// TLS enabled for this ingress, add TLS router
|
||||||
|
conf.HTTP.Routers[strings.Replace(rule.Host, ".", "-", -1)+p.Path+"-tls"] = &dynamic.Router{
|
||||||
|
Rule: strings.Join(rules, " && "),
|
||||||
|
Service: serviceName,
|
||||||
|
TLS: &dynamic.RouterTLSConfig{},
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
conf.HTTP.Services[serviceName] = service
|
conf.HTTP.Services[serviceName] = service
|
||||||
}
|
}
|
||||||
err := p.updateIngressStatus(ingress, client)
|
err := p.updateIngressStatus(ingress, client)
|
||||||
|
|
|
@ -688,6 +688,11 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
|
||||||
Rule: "Host(`example.com`)",
|
Rule: "Host(`example.com`)",
|
||||||
Service: "testing/example-com/80",
|
Service: "testing/example-com/80",
|
||||||
},
|
},
|
||||||
|
"example-com-tls": {
|
||||||
|
Rule: "Host(`example.com`)",
|
||||||
|
Service: "testing/example-com/80",
|
||||||
|
TLS: &dynamic.RouterTLSConfig{},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Services: map[string]*dynamic.Service{
|
Services: map[string]*dynamic.Service{
|
||||||
"testing/example-com/80": {
|
"testing/example-com/80": {
|
||||||
|
|
Loading…
Reference in a new issue