Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
a930d930
Commit
a930d930
authored
May 08, 2020
by
Geoff Simmons
Committed by
Tim Leers
Jul 06, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Reset the dataplane API password when an Ingress with TLS is updated.
parent
980c8c49
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
45 additions
and
0 deletions
+45
-0
ingress.go
pkg/controller/ingress.go
+14
-0
secret.go
pkg/controller/secret.go
+16
-0
haproxy.go
pkg/haproxy/haproxy.go
+15
-0
No files found.
pkg/controller/ingress.go
View file @
a930d930
...
...
@@ -998,6 +998,20 @@ func (worker *NamespaceWorker) addOrUpdateIng(ing *extensions.Ingress) error {
worker
.
log
.
Infof
(
"Ingress TLS Secret %s/%s: added certificate "
+
"%s"
,
offldrSpec
.
Namespace
,
offldrSpec
.
Name
,
offldrSpec
.
CertName
())
if
secrKey
,
dSecr
,
err
:=
worker
.
getDplaneSecret
();
err
!=
nil
{
return
err
}
else
if
dSecr
==
nil
{
worker
.
log
.
Warnf
(
"Service %s: Currently no known "
+
"dataplane Secret"
,
svcKey
)
}
else
{
worker
.
log
.
Infof
(
"Service %s: setting dataplane Secret"
+
" %s"
,
svcKey
,
secrKey
)
worker
.
hController
.
SetDataplaneSecret
(
secrKey
,
dSecr
)
err
=
worker
.
hController
.
SetOffldSecret
(
svcKey
,
secrKey
)
if
err
!=
nil
{
return
err
}
}
// XXX check if already loaded
if
err
=
worker
.
hController
.
Update
(
svcKey
,
offldrSpec
);
err
!=
nil
{
return
err
...
...
pkg/controller/secret.go
View file @
a930d930
...
...
@@ -241,6 +241,22 @@ func (worker *NamespaceWorker) enqueueIngsForTLSSecret(
return
nil
}
func
(
worker
*
NamespaceWorker
)
getDplaneSecret
()
(
string
,
[]
byte
,
error
)
{
secrets
,
err
:=
worker
.
secr
.
List
(
varnishIngressSelector
)
if
err
!=
nil
{
return
""
,
nil
,
err
}
for
_
,
secret
:=
range
secrets
{
data
,
exists
:=
secret
.
Data
[
dplaneSecretKey
]
if
!
exists
{
continue
}
key
:=
secret
.
Namespace
+
"/"
+
secret
.
Name
return
key
,
data
,
nil
}
return
""
,
nil
,
nil
}
func
(
worker
*
NamespaceWorker
)
setSecret
(
secret
*
api_v1
.
Secret
)
error
{
secretData
,
exists
:=
secret
.
Data
[
admSecretKey
]
if
!
exists
{
...
...
pkg/haproxy/haproxy.go
View file @
a930d930
...
...
@@ -739,6 +739,21 @@ func (hc *Controller) SetDataplaneSecret(key string, secret []byte) {
*
hc
.
secrets
[
key
]
=
string
(
secret
)
}
func
(
hc
*
Controller
)
SetOffldSecret
(
svcKey
,
secretKey
string
)
error
{
svc
,
ok
:=
hc
.
svcs
[
svcKey
]
if
!
ok
{
return
fmt
.
Errorf
(
"Cannot set secret %s for offloader %s: "
+
"offloader not found"
,
secretKey
,
svcKey
)
}
svc
.
secrName
=
secretKey
if
secret
,
ok
:=
hc
.
secrets
[
secretKey
];
ok
{
for
_
,
inst
:=
range
svc
.
instances
{
inst
.
dplane
.
password
=
*
secret
}
}
return
nil
}
// UpdateSvcForSecret(svcKey, secretKey string) error
// UpdateSvcForSecret associates the Secret identified by the
// namespace/name secretKey with the Varnish Service identified by the
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment