Skip to content

k8s-ingress
k8s-ingress
Commit f8ce7f91 authored by Geoff Simmons's avatar Geoff Simmons
Browse files
Options

Add an example to verify choosing the TLS certificate based on SNI.

parent 05b9ab37
Hide whitespace changes
Inline Side-by-side
Showing with 270 additions and 1 deletion
examples/tls/sni/bar-tls-secret.yaml 0 → 100644
View file @ f8ce7f91
apiVersion: v1
kind: Secret
metadata:
name: bar-tls-secret
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ0VENDQTUyZ0F3SUJBZ0lVTDIzWTVJUHc1MFJOT3N5WFVnNFlrOWVsSHcwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2FqRUxNQWtHQTFVRUJoTUNSRVV4RURBT0JnTlZCQWdNQjBoaGJXSjFjbWN4RURBT0JnTlZCQWNNQjBoaApiV0oxY21jeEhUQWJCZ05WQkFvTUZGUm9aU0JPWlhoMElGZG9hWE5yWlhrZ1FtRnlNUmd3RmdZRFZRUUREQTlpCllYSXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1qQXdOVEV6TVRJME5ETXpXaGNOTkRBd05UQTRNVEkwTkRNeldqQnEKTVFzd0NRWURWUVFHRXdKRVJURVFNQTRHQTFVRUNBd0hTR0Z0WW5WeVp6RVFNQTRHQTFVRUJ3d0hTR0Z0WW5WeQpaekVkTUJzR0ExVUVDZ3dVVkdobElFNWxlSFFnVjJocGMydGxlU0JDWVhJeEdEQVdCZ05WQkFNTUQySmhjaTVsCmVHRnRjR3hsTG1OdmJUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUs0TFFlZmQKVE83UTE0Zmh4Zld3WjNwTS9WVUNTMVNFbzIrZWZGeDExa3dYVVk0aDNSM3VWOEV6eDdhZHZGbk1XQU5zeEExcwpOVU5uVm9QWjZqWjE3RElwL29CYkJIVWJaMG0vVWxINGZyUWx1Wlg0UmZiT3RkSEdqbnMxSHRmWk9rRTdxVzFKCnFodDJ0YUxkQ2p4R29iOHZKYy9FQmZLdHA0VGJsOVUxcmxrOUUycnhrMUtWcFZveGdLcmdubWJBQllEYi95QSsKS3NEcUhtUExuUWlWZVozQ29mbEk5YUZNQW1jTm53MThDZkdmblVXeWQ1dlZTZ1VDU3lhdzI4YlR3Ukp0V2hXRAo2ZkI5UnVzMkU1azVWYUJxQUw0OWJGaGFybFY0eml2ZmMydmNYZGFoMS9XNStWcnAvdlcvT2dwVTFwNHM3NDU0Cmt5SXRZWmIyR0dLeEtWdEgxdE5hdGIzWCthWTdhRmZZVEFpU2VlQ3Rwa01WMWExNHNBNkIzanczZTcrVXp3U2MKRTkvbGpnVitoL0pPdGJ4T2V4WVJDWkplbDNPTHhmS0txOVlyZEgydFVqQ1RXSmhaSDkxd3pSV0xjaWRObEZMMApJMVE4eGx1MUNpZjQ2cGlZVEJrZ3ljbzRNajNVSHhTcFFuVkc0KzNBN1pUNWFsZW1TNGl1a09aSVVFczk3Q3VJClJDQzlVZ0tESER6WEUzR04wUWg3c3lXaXl2cXN6ZHJDbkI5aUxOc3Y1MmVCQzRERzFENjVDOXdZLzFWZEkrazEKNnZKK0xxV2gyYW9LTWNjdExpcTZvNnozMnVKZmYzRlVrQjhxOGJXUS9PZW1Ed3RmV3Q5V1czcXhSeTlOdkJsWApON3cxWWVqVGxyQWVJQUVlaFpzemdiQmFEUVhVYWE2MGNuZ0hBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlR1CjRKSFlKT3JWR1Bsb29QckxaTDJUekRlVWhqQWZCZ05WSFNNRUdEQVdnQlR1NEpIWUpPclZHUGxvb1ByTFpMMlQKekRlVWhqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQnZhVUF5S3FNdgoxLzc3clg4Yk9rQlNnc2NsMlQ1MC9FbTRIT1hvMFdGVFY2TGVmM0xJYk5OdTV4QVNmL1RWWDlDa2ZycjQyQ0tQCnZTMUIvSEYyN0wra0IxY21kNzZCYWFMZDJtcUo5U1lpd3c4eTdOMjgwSXpvVlVUYzcya0V6Q1ZVdFkveTl6Q0oKb2xidDh6ZXRaMEI0dzVjYmEwVHFSUVlTY0RDQVdtcW5SVUdGMzdJRFNsdk4zYk5ub0dPdjhQVkZzdnN3dG4xbApwSUt1eUN5TzF3Q2s3QlBrZGx0TFh5c3hlMm0rY2ZJYm9zZENCS3BDS2oraXNvMUZxclBWWGFvSGlWSEd2YzlDCjM2dmdlOWdOaFI2OXNicmVQYlFyRUIxbUtwM0hWZjM4cXAwbWxpbk9jTmJ3ZFJWeHdhSzMzUTdrRE8ydzdKTDkKb3VjRmdkOHcvSE5xTlUvSGllbUtQS2pYcnJKR1FHUURsdHZ0R0VobldMcm84ZXowYlpacUFOU25XTFpkWHBKWAo4NExoYjU4Yk11eEJHOWpuVWMyd2NtTWJqaUlTcHE4b0doYWpVQUFUbmtjL0I4QjF2SFo3M2xOU2RJVUw2MVZBCm83bE9acllXNlBTR2gxUWl4SGE3RDFOaWQ1aGNqNmFheW1OS3lpN0VTajVYVGxicUphQmIrOHplVk9SNjRIeEoKQkZKRzBGelJqay9UaGVWTDhhTzFZN2NqOHdvUGNXR0pqMFpKaEJZNmt1RU40NG52N05ic1hraVc0aEoxd0hWUQpnV0xOc1FZQ3d5RVMzcElnbGlCa29nNTR1Rk1HanB5ZVVKZUFUQmNacGt2enRqWFM5R3JWUWhJNkwzakVnTjBDCjRzYTBTZ3ZYL05SL0w1MktCU1VXYjRQWCtWWVdIdzAxbkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ3VDMEhuM1V6dTBOZUgKNGNYMXNHZDZUUDFWQWt0VWhLTnZubnhjZGRaTUYxR09JZDBkN2xmQk04ZTJuYnhaekZnRGJNUU5iRFZEWjFhRAoyZW8yZGV3eUtmNkFXd1IxRzJkSnYxSlIrSDYwSmJtVitFWDJ6clhSeG81N05SN1gyVHBCTzZsdFNhb2JkcldpCjNRbzhScUcvTHlYUHhBWHlyYWVFMjVmVk5hNVpQUk5xOFpOU2xhVmFNWUNxNEo1bXdBV0EyLzhnUGlyQTZoNWoKeTUwSWxYbWR3cUg1U1BXaFRBSm5EWjhOZkFueG41MUZzbmViMVVvRkFrc21zTnZHMDhFU2JWb1ZnK253ZlVicgpOaE9aT1ZXZ2FnQytQV3hZV3E1VmVNNHIzM05yM0YzV29kZjF1ZmxhNmY3MXZ6b0tWTmFlTE8rT2VKTWlMV0dXCjloaGlzU2xiUjliVFdyVzkxL21tTzJoWDJFd0lrbm5ncmFaREZkV3RlTEFPZ2Q0OE4zdS9sTThFbkJQZjVZNEYKZm9meVRyVzhUbnNXRVFtU1hwZHppOFh5aXF2V0szUjlyVkl3azFpWVdSL2RjTTBWaTNJblRaUlM5Q05VUE1aYgp0UW9uK09xWW1Fd1pJTW5LT0RJOTFCOFVxVUoxUnVQdHdPMlUrV3BYcGt1SXJwRG1TRkJMUGV3cmlFUWd2VklDCmd4dzgxeE54amRFSWU3TWxvc3I2ck0zYXdwd2ZZaXpiTCtkbmdRdUF4dFErdVF2Y0dQOVZYU1BwTmVyeWZpNmwKb2RtcUNqSEhMUzRxdXFPczk5cmlYMzl4VkpBZkt2RzFrUHpucGc4TFgxcmZWbHQ2c1VjdlRid1pWemU4TldIbwowNWF3SGlBQkhvV2JNNEd3V2cwRjFHbXV0SEo0QndJREFRQUJBb0lDQUVkKzVHSUZiTmNsLzRRWVlTUGVoWU9lCklPdE05L2tPUzcxTWs3Vy95bnFUa2JNYmdpUUxodzBjNGt2SVhGbGZNa0NsNjV1LytkbG9tQWV0K3lMSUtuRXAKQXgxalJsOTlGRjhkTXdudFZNOVlOL2E5ZUxBOGxrQkltcnRPUlE5U2N6WGM5bXFvdWpKeC80ZVoyZHlNLzJEMApVMG9ZTW9GUWlPSncrdHhoSXZBUndPcEx0c05VS2dyMUR2QWpPYTduN3RyU2hPbVA0Q3hEZ0p4cVJtWUNVV1ZYClVRYUF6RGFvYk13OHNqdnQybi9obTgvSDBvNjNmYUsxSUg0U1pSWTJZcmZaS0FweW1DVnNzVGRxalg2Q0tRU3UKeHdOZlpDU2ZpOEljMEVVQmsvNlpGZ3RYak1tcXpoNWt4WkhhTGxPVUtsM3NBN1M1SDJnSTBIQWRSRU0ybDgvMApNZ0JDN3oxazkrMzFOb0xoWjVzVlBRMG5TMUVtK1NBTzBJNitOakpSeTdHa0tXa3A4S3dGRU1CRDRmOVJ1dXB3CjA1YUdtSXU5VTlnQk9Fcjc5c21oWWhQdnBsQWNnbEJ3OEtianE2M2QrTm94ajRRRzlJOWZ6amROY29XdmNINHoKREFNV0ZURVRrclNBTTRuUnpSYTFibG9PcUUwa1JoZ0tMTy9hY09scnpKVXErOEo0N0syWDZBSWVHL1pPT0ZkUgptVUVhSzVYTEJiWkZZQkl6NVRzaFJSOWNKQWpHaDlWcFJFeEkyeU52NmdVU0krQUdjT292QXgyQUlSMExaNWVRCmZ1TGZsSCtrcDY4TWdza2hDNGNCS1NxNnBpaTlFdmU3N3JQSFpVUXZLS2pPU0tFdjEzcmdsajV3WjNhRHFGbk4KamlNZkp2dW0zMG5GZTZmNGo3cVJBb0lCQVFEVlpSR2dxYTZZei80TEFPV3JrVXk0MVdZS01PYkE2MzNwSUlJUQpycTUySDFCRXdjZk5INnR0MEJkVDZjVHlDb0s1K0ovaWg0QnF1ZzJRaDNVOUdhbWk3cUxOVDQ2ZHh0OWRObjQwClRlUVFrZW9ZTU5nZ0NNN1o1K1lIWHNMaUVwQ2E3Z0YweHV4dzdaZVlJNDcrM2ZtenI2aGVINEtPM0lodGVrVjYKWnNBM0x5Z1V6WmFsZDVpc0pidFJxbE1TOVZqS0pTT1dvWU11OUVObTQ1ZEhqWEU5Z1FhZ01zOXhBTm1Vd0VheAplNWJKV0xYRE90WEc3b1dHditKbTl3K3VFamsrdFNMeVlHTWU2R3JNWEV4ekNUZXBudUJlTzFVQS9YaHoza0FpClVmZzJ2YTlSSWNFdzc1QmJoT2ZVbml5TFRXTmVmaW81SjZRZEROcUJpWnB2L3NnbEFvSUJBUURReXVpSWpGbm8KdHJrVnl5ZnQvQmY3MzVvY0gyQmhOM3ZYbUQ1Mkh4a2pPaUhDVWY1ZytaWmYyUjBBWlVpQXpQWUg3ZExwUmRGMgp6cHZaV2ZNS1dFbU5rTDFjb2RwU0RKdDAwU254OFBaNGdzaVdPd044bUwxZkZwdm9WMmFyQjVreUh3Y2dIT1FNCkNmcDVtYU1FT1hXWk5DbHJoK0QyMWxjOFJQZVlNUWpVWXQ5L3daYldtUGdUdE1UMUdiUkVXV0ZDMjVXWWVpMGsKOENzb2FrSVMzUmRBSEpUYnZxb3ViU3FaVDFqV3RramxRRGpBT1BmekhRM3ZUTGMzeDRlQ0dKRE5hbFhuUkp1cgpweVBXU29PNWtHbXRHZVR0aGNSdzR1Vnk4bnFFVFVGbE5jT3pWUkV3Y3oxeEk5clhBOXZoeTd5aTFrL0hpUEExCkQ2NkZXckZhYTZHN0FvSUJBUUNjN2tyY1lHenFMR3VqSS9IRERvUGhtZTRFcUpuS1htU21RU1hscHREZVJZRCsKVDVQa0lkb3NVOUFVQWVLNExVcWVBVjF6ZGpyV1FpVWZtTDU3UkpnZ0htYlRuaUkvbmJVK0U0a1VaZ1BHdThmdwpLbHVHazNPcmhJTUNBSXBKUDJYZ3lnK0FGWnBrSWhaTjZEaU03aWxvSDFJdWhmVzVvaTBpZGIwS211M1lwM0ZPCmV6TENWUVdOOCtHaDJTUm0yTStIT1hER29kaWJlejdtTjVGVktZdVJzNFZ2NG0zenFMQmFXRnlrd1VMT3A5SmoKMUt6S016YzNOWDRHUXNMaFBMMmtoQWxEUGVjbkg3MEt0UVh6dzErUCtpcitvWnVOc3RvV08rZm1WV200dUI1cQpCK3pQVkI1UmI1Z2VJSVNablR2cWpkWDNXbE95bVhWSHRpNUJGcG1SQW9JQkFBZmtNMmU5emtRaWE5cHNCRVZWCmF0NmxNK0R1T3FsUi9JZEloTXZZSHc0YXkxM1oxWUI2em5rdTdvNnVSVkJBN3VlYjBJWHFrcUVuNi9JS0dVcUIKemIzaEE1YzFzdGU1REVNZENMWFJRcStKV2VWN3M0VUpETmRFTm41UWwxdk5mTGZOUG1xelROYzdwVkRsUXFrTgpOdW1rZEJCUllXcFM3WmNra0NzYloxY0hxYVRkZjBMN0l4MHpqdUlvcDR5UnlFQkxwbHJOKzFqVER2NkhEWnBDCjZ2Y01YWC8wczkvdlZsWFhEdWVHbWppMzlhMG1PaERoUHo2VktyT2NBZjRqeVkxS0FKY3VHNmdnT0JXSVdYUXgKQmgxNXhoSklKUVdUUGRMYllWQVF6M0R3MkVXMTZHRnBhYUFXRjlaYW1mdnR4R0p2TVRLOGRUKzhLUDkzVHc2NAoxTE1DZ2dFQkFMRmZZTDRhM2Y4NXBHOGxOYnF4SDNTZi9DYTdFTDgrUElYSHFoRjJxd0VhVW1mM0NWZmluWGtGCmw5aDM3UG1uSmdkaUU3ZlpLTWhGOGxrRHZ1bjl3YkxPNkRvNGh1MTNVNzJFQXNCaEw4Ykg5Uk03WFUwQWVaYmkKd2xUMnd5UG5WQ0tTMjdwVDZaamJpQlg2Zk5LMmROUHU3MWYwT0Y4OVVDcklQbTYwR1o2LzYvTXFGV1BIdTVubAp1Ym5TUXd6MXpQWXIvNi9BMmk5SVRYdCt0OHlzeEw2QVN1R045SlJNMk0yc2p6N0E0aUZlb0FFMTNlejVTV2N1ClNha005cjFVN2hHZGd3OGo5dFdwOEQ0V0R3RWF5ZytMSHF3L3ZlZXJqU1AraXY0N3pNMWVPMlgzYnplUy9xMUsKc3YyTllGMlhCV3Iwb1BhOXhQdndPWk1XRmNLU1J6dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
type: kubernetes.io/tls
examples/tls/sni/beverage-ingress.yaml 0 → 100644
View file @ f8ce7f91
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cafe-ingress-varnish
annotations:
kubernetes.io/ingress.class: "varnish"
spec:
tls:
- hosts:
- cafe.example.com
secretName: cafe-tls-secret
- hosts:
- bar.example.com
secretName: bar-tls-secret
rules:
- host: cafe.example.com
http:
paths:
- path: /tea
backend:
serviceName: tea-svc
servicePort: 80
- path: /coffee
backend:
serviceName: coffee-svc
servicePort: 80
- host: bar.example.com
http:
paths:
- path: /vodka
backend:
serviceName: vodka-svc
servicePort: 80
- path: /whiskey
backend:
serviceName: whiskey-svc
servicePort: 80
examples/tls/sni/beverage.yaml 0 → 100644
View file @ f8ce7f91
apiVersion: apps/v1
kind: Deployment
metadata:
name: coffee
spec:
replicas: 2
selector:
matchLabels:
app: coffee
template:
metadata:
labels:
app: coffee
spec:
containers:
- name: coffee
image: nginxdemos/hello:plain-text
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: coffee-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: coffee
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tea
spec:
replicas: 3
selector:
matchLabels:
app: tea
template:
metadata:
labels:
app: tea
spec:
containers:
- name: tea
image: nginxdemos/hello:plain-text
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: tea-svc
labels:
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: tea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: whiskey
spec:
replicas: 2
selector:
matchLabels:
app: whiskey
template:
metadata:
labels:
app: whiskey
spec:
containers:
- name: whiskey
image: nginxdemos/hello:plain-text
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whiskey-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: whiskey
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vodka
spec:
replicas: 3
selector:
matchLabels:
app: vodka
template:
metadata:
labels:
app: vodka
spec:
containers:
- name: vodka
image: nginxdemos/hello:plain-text
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: vodka-svc
labels:
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: vodka
examples/tls/sni/cafe-tls-secret.yaml 0 → 100644
View file @ f8ce7f91
apiVersion: v1
kind: Secret
metadata:
name: cafe-tls-secret
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXVENDQWtFQ0ZIYjhFTjBsMFF3aVI0ZUtLSVc2aDE3MnorSnJNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1HZ3gKQ3pBSkJnTlZCQVlUQWtSRk1SQXdEZ1lEVlFRSURBZElZVzFpZFhKbk1SQXdEZ1lEVlFRSERBZElZVzFpZFhKbgpNUm93R0FZRFZRUUtEQkZIY21WbGJpQk5hV1JuWlhRZ1EyRm1aVEVaTUJjR0ExVUVBd3dRWTJGbVpTNWxlR0Z0CmNHeGxMbU52YlRBZ0Z3MHlNREExTURReE56QTVOVGxhR0E4eU1USXdNRFF4TURFM01EazFPVm93YURFTE1Ba0cKQTFVRUJoTUNSRVV4RURBT0JnTlZCQWdNQjBoaGJXSjFjbWN4RURBT0JnTlZCQWNNQjBoaGJXSjFjbWN4R2pBWQpCZ05WQkFvTUVVZHlaV1Z1SUUxcFpHZGxkQ0JEWVdabE1Sa3dGd1lEVlFRRERCQmpZV1psTG1WNFlXMXdiR1V1ClkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXRzMEhDcTZmcTlndjB1RWEKM2lPcnVaM0duY3RkQ29lR2pyUVE0RmgyY1FvTW0vaTNwa0RVdDZ4MnBMVFFoeGxOM29IM1dFbzFhMjRyLzNTOApYZnk2WGYwUHRpK2REaUNxQXdNZDZ2ZXU1NlJJdFZNTzFwbXgxd0RqR0ZUdXBscG5QUnR6OEVLc2FLWWZqWmQxCkJhYmRoa1doc0E5ZzNubnM4K2xxZU5idmViaGs3aGl2OWxwZ0RXQW5CaWUraGlvYW40V1FkUFptMS9iQU5INm8KK29XRHUxbzZHZHJrL2lhajJwUjczVlRGc1IyVUVtU1RwWGEzNVc3L25zbWdBREljNFJvdlUrOWhvMUk0L2ZTeQpqZ1ZsWlZCejI5eUxhRHlOdW9abGp6Tmh2R3FxMXdXNkpxL3YxdUJPUHhOSDFrM1pRSmw0amxHMHRzb0FTbm03Cm1yOWhld0lEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQk1OQ1ZZTVRkbGFOYVRqSjVDem5rOUdkK3UKVFNJRm1PQ2V0VE90M2wwWGUwYlNUeGJvVDZPejluRkRNUDJBMkhSSy9HVHAyNWVjK0VrMWlpQ0lGNDdSY3NHcApDZHVnK3g0d1FWUDNweGFrSi9vZEZOMVJlWkdaQ2pOd0JsdHhsUlh3SmhBcks1UFdtUXBwbU1aUHJXMVVZVzh5CngrbTVVUkV6T3pXZ2E2RUlsaHBNRWZnTmEwQk5DTC8yZ1BhejJNcEtYcTVXZTkzSURlMk8wbmxScnJWb0RIVTIKR0ZNaFRwV1NMa2xvYU16SU1sY0tSMElHeWV6Rzl3YVZnc2xpUzAwYllLcDhlUko1U3FDVVl2Q011QXBqb3l6VwpOMnc1OXA2dDV4RTdLdGIwY21oWmc4M0lTUFRCbEdxVkp4RjBjbExvYjVuV3lldXRYTmtQL0tPaTM4UEkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdHMwSENxNmZxOWd2MHVFYTNpT3J1WjNHbmN0ZENvZUdqclFRNEZoMmNRb01tL2kzCnBrRFV0NngycExUUWh4bE4zb0gzV0VvMWEyNHIvM1M4WGZ5NlhmMFB0aStkRGlDcUF3TWQ2dmV1NTZSSXRWTU8KMXBteDF3RGpHRlR1cGxwblBSdHo4RUtzYUtZZmpaZDFCYWJkaGtXaHNBOWczbm5zOCtscWVOYnZlYmhrN2hpdgo5bHBnRFdBbkJpZStoaW9hbjRXUWRQWm0xL2JBTkg2bytvV0R1MW82R2Ryay9pYWoycFI3M1ZURnNSMlVFbVNUCnBYYTM1VzcvbnNtZ0FESWM0Um92VSs5aG8xSTQvZlN5amdWbFpWQnoyOXlMYUR5TnVvWmxqek5odkdxcTF3VzYKSnEvdjF1Qk9QeE5IMWszWlFKbDRqbEcwdHNvQVNubTdtcjloZXdJREFRQUJBb0lCQUVTN3ZzUVRlTklpallqYgpQMEQ3Wkp4OGFLdjRSVm1xTDd3RWxMdm1SMUtsbHF3bXp0YmlWWmxpYlpIc3N1TzViZ0FXR2l6R2FtT2tuMEtFCllEZHV5WnlCaEtEYU1sR1hrcFZqWEtKMjB2c2lXSHhsYUpUa1lXd1lWMHRVMUE4VXV2RE5HOERoTVBhQVVDanIKSkFNbUJQRnh5U1BzQkY1aXRlZllna0pCZnZYaTdzb2JhQ002QTc1RCtkQkxNZXEycStZYklRSC9jQW9qSFlmVgo3eXB5UTFRYVkrd3NEaUNNNm45UWprNGtybUhaL3ozOXk4bU83MXl0RmNNZkpKYWQ4TEtNNUo0cDlRdTk5cWViCklSRE9UL1NiOVFYTFhXVGVDRHY1SldQWXlGSDJ1M2UvOEdzdlFMYlhZWWJmV0xOb1U2UkRhRlNjMndta093VUgKVThwU0NERUNnWUVBM0tJUWNtZS8vNkIyalAzMUNvYTJmOGhzRU5kMG5MK0VEUjllclhMU1VnYTJsMFlOUEpaagpXNlZuTmRhZUdxOTJCN1d4Z2orZFNlZVNCZElSaFh3QUJPSEhqcnVHK2dvdGRSUnlvTzFsZHc3bUpqTi9xM1d4CkExZnBKK0owMFMxWk8xRmJ1a0tabVI3c21UUzdpNzNhOFY3QXQzZHlqQ0c2V3hFclAzTjVOTThDZ1lFQTFCcDUKeVlJSDhvSm1Qc3VKdDUwMWs5blU0U2R4eFFKcGI2dVo5UUNCcWJFc0drV0UzdnRMRXJsVThSbm0ySHVpck12RAo4UTNPc3VvdXBkQ1RDaHJKSjA0b0wvMnI2MG9UR2FwZURlNEJ1Uk0rRFJBWjJ0ckN3WHkzblQyNmJaL0RKdHVyCkhxdnQwdGV5OWVlOU1pVkhXRjJiaVplamQrS01VeFBDQ29aVlM1VUNnWUVBcGJ6OG0rU0NIM1liK0RnQjdvRloKOE0zUEdDdXh4dG83U1Z4S1ZBTlFLUnd2NTUxUTdqV090OWFkbkp6M01kYWkxSkhSb2FWRjg3R0lTT1VRRW5VZQowb3dFeTV6bGZVbE44b2lFdjR6MXpxVWJrSkRaRkNVWjd3Z0g5dFV2cWI3bUxDQW14dG1tNXBhTFoxOXNqMEgwCmlhTURKQThQdG1MVHlmc3d3TDV1eTVNQ2dZRUFyZEJNZ1Urbng1b0l3K2owSUo0YUsrRlV6SFlRaTR2Z2IzekcKbTdvZ2g3a0RGVHhuR0h3Q0Y0UDlFZDlTQjVHNXk3VG9DNEJ2SkxzNEl2WDdxVW91RWFIQTJTTWVZYURBYWtYcwo4YWxiakJreXZtMjFZbDNuUDd3K2xBTGo1YllJcksxVFc3MDFGWlZodUphQnVyaEY4U28wcmRxd1FTeE1Ka0NJCndTczRkc2tDZ1lCcjFMTzNHSU5Td0dIdDczdWVaRHRudkZ2TytFRkRhT0ZGYnNFZDE0TzFtbHVNNCtXcklaa3kKaW5aQ3Z5Z0pXemdIRjlMQ09wb0FaeEh5a01OckVvbWlkcHhWaUFscEJ6Yi9DNUNucHpsZmlWQnFMTjNOdk94Rwp6ZGtvcTZCaVpuem5zVmdvSHlQN1RRbFVYOTRhaFZUMDF5WjBualBrMmFZVmlwUFdVb0hRTVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
type: kubernetes.io/tls
examples/tls/sni/deploy.sh 0 → 100755
View file @ f8ce7f91
#! /bin/bash -ex
kubectl create -f cafe-tls-secret.yaml
kubectl create -f bar-tls-secret.yaml
kubectl create -f beverage.yaml
kubectl create -f beverage-ingress.yaml
examples/tls/sni/undeploy.sh 0 → 100755
View file @ f8ce7f91
#! /bin/bash -ex
kubectl delete -f beverage-ingress.yaml
kubectl delete -f beverage.yaml
kubectl delete -f bar-tls-secret.yaml
kubectl delete -f cafe-tls-secret.yaml
echo "Waiting until varnish-ingress Pods are not ready"
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'
N=0
until [ $N -ge 120 ]
do
if kubectl get pods -l app=varnish-ingress -o jsonpath="${JSONPATH}" | grep -q '\bReady=True\b'; then
sleep 10
N=$(( N + 10 ))
continue
fi
exit 0
done
echo "Giving up"
exit 1
examples/tls/sni/verify.sh 0 → 100755
View file @ f8ce7f91
#! /bin/bash -ex
function killforward {
kill $KUBEPID
}
LOCALPORT=${LOCALPORT:-4443}
# Long timeout to wait for the Secret to appear as a certificate on
# the Pods.
kubectl wait --timeout=5m pod -l app=varnish-ingress --for=condition=Ready
kubectl port-forward svc/varnish-ingress ${LOCALPORT}:443 >/dev/null &
KUBEPID=$!
trap killforward EXIT
sleep 1
CONNECT=cafe.example.com:443:localhost:4443
URI=https://cafe.example.com/coffee/foo/bar
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'HTTP/1.1 200 OK'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'Server name: coffee-[a-z0-9]+-[a-z0-9]+$'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'subject:.+CN=cafe.example.com'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'issuer:.+CN=cafe.example.com'
URI=https://cafe.example.com/tea/baz/quux
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'HTTP/1.1 200 OK'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'Server name: tea-[a-z0-9]+-[a-z0-9]+$'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'subject:.+CN=cafe.example.com'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'issuer:.+CN=cafe.example.com'
CONNECT=bar.example.com:443:localhost:4443
URI=https://bar.example.com/whiskey/bar
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'HTTP/1.1 200 OK'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'Server name: whiskey-[a-z0-9]+-[a-z0-9]+$'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'subject:.+CN=bar.example.com'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'issuer:.+CN=bar.example.com'
URI=https://bar.example.com/vodka/martini
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'HTTP/1.1 200 OK'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'Server name: vodka-[a-z0-9]+-[a-z0-9]+$'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'subject:.+CN=bar.example.com'
curl --stderr - -s --connect-to ${CONNECT} -v -k ${URI} | grep -E 'issuer:.+CN=bar.example.com'
test/e2e.sh
View file @ f8ce7f91
......@@ -24,7 +24,13 @@ cd ${MYPATH}/../examples/hello/
./undeploy.sh
echo "Hello, world!" example with TLS offload
cd ${MYPATH}/../examples/hello/tls
cd ${MYPATH}/../examples/tls/hello
./deploy.sh
./verify.sh
./undeploy.sh
echo TLS offload example with multiple certificates distinguished by SNI
cd ${MYPATH}/../examples/tls/sni
./deploy.sh
./verify.sh
./undeploy.sh
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment