- 11 Jun, 2020 2 commits
-
-
Emanuel Winblad authored
-
Emanuel Winblad authored
-
- 10 Jun, 2020 2 commits
-
-
Geoff Simmons authored
-
Lars Fenneberg authored
-
- 05 Jun, 2020 1 commit
-
-
Geoff Simmons authored
-
- 04 Jun, 2020 2 commits
-
-
Geoff Simmons authored
-
Geoff Simmons authored
For that, the Secret must be named as the TLS Secret by an Ingress in the same namespace that identifies out ingress.class. This means that the controller doesn't need to try delete an element from any PEM Secret (to remove the certificate from the haproxy Secret volume).
-
- 03 Jun, 2020 9 commits
-
-
Geoff Simmons authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
Lars Fenneberg authored
-
- 02 Jun, 2020 2 commits
-
-
Geoff Simmons authored
-
Lars Fenneberg authored
-
- 28 May, 2020 15 commits
-
-
Geoff Simmons authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Geoff Simmons authored
For the Unix domain socket over which haproxy and varnish communicate, we have chmod 660 and chgrp varnish. haproxy belongs to group varnish and thus has write permissions on the socket, which is required in Linux to be able to connect. For that, both containers must have the same group name and GID. We've been using 998, since that results from the RPM install for Varnish from the official packagecloud repos.
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Tim Leers authored
-
Geoff Simmons authored
-
- 22 May, 2020 2 commits
-
-
Geoff Simmons authored
Mention the haproxy container, and the Helm charts folder.
-
Geoff Simmons authored
-
- 21 May, 2020 1 commit
-
-
Lars Fenneberg authored
-
- 20 May, 2020 2 commits
-
-
Geoff Simmons authored
For the most part by adding go docs, and by using Go naming conventions in a few cases. Remove some commented-out code while we're here.
-
Geoff Simmons authored
Quiets golint.
-
- 19 May, 2020 1 commit
-
-
Geoff Simmons authored
Use the label key viking.uplex.de/secret. The controller only reads Secrets with this label, and with the field type:kubernetes.io/tls (the latter are Secrets specified for Ingress). Three values are permitted for the label: admin: credentials for remote admin of Varnish and haproxy (Varnish shared secret and Basic Auth password for the dataplane API). pem: initially empty Secret into which the controller writes pem files (concatenated crt and key), projected into a volume from which haproxy reads at load time. Currently only with the hard- wired name "tls-cert", so that RBAC update privileges can be limited to this Secret. auth: credentials for Basic and Proxy Auth, as configured via the VarnishConfig custom resource.
-
- 18 May, 2020 1 commit
-
-
Tim Leers authored
-