Fix chain completion and default certificate flag issues (#1978)

kubernetes · Jan 25, 2018 · 444a56c · 444a56c
1 parent 5dc261d
commit 444a56c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 11 deletions.
diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
@@ -118,11 +118,13 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
 		Proxy: &TCPProxy{},
 	}
 
-	n.store = store.New(true,
+	n.store = store.New(
+		config.EnableSSLChainCompletion,
 		config.Namespace,
 		config.ConfigMapName,
 		config.TCPConfigMapName,
 		config.UDPConfigMapName,
+		config.DefaultSSLCertificate,
 		config.ResyncPeriod,
 		config.Client,
 		fs,

diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go
@@ -198,26 +198,29 @@ type k8sStore struct {
 
 	// mu mutex used to avoid simultaneous incovations to syncSecret
 	mu *sync.Mutex
+
+	defaultSSLCertificate string
 }
 
 // New creates a new object store to be used in the ingress controller
 func New(checkOCSP bool,
-	namespace, configmap, tcp, udp string,
+	namespace, configmap, tcp, udp, defaultSSLCertificate string,
 	resyncPeriod time.Duration,
 	client clientset.Interface,
 	fs file.Filesystem,
 	updateCh chan Event) Storer {
 
 	store := &k8sStore{
-		isOCSPCheckEnabled: checkOCSP,
-		cache:              &Controller{},
-		listers:            &Lister{},
-		sslStore:           NewSSLCertTracker(),
-		filesystem:         fs,
-		updateCh:           updateCh,
-		backendConfig:      ngx_config.NewDefault(),
-		mu:                 &sync.Mutex{},
-		secretIngressMap:   make(map[string]sets.String),
+		isOCSPCheckEnabled:    checkOCSP,
+		cache:                 &Controller{},
+		listers:               &Lister{},
+		sslStore:              NewSSLCertTracker(),
+		filesystem:            fs,
+		updateCh:              updateCh,
+		backendConfig:         ngx_config.NewDefault(),
+		mu:                    &sync.Mutex{},
+		secretIngressMap:      make(map[string]sets.String),
+		defaultSSLCertificate: defaultSSLCertificate,
 	}
 
 	eventBroadcaster := record.NewBroadcaster()
@@ -612,6 +615,10 @@ func (s k8sStore) Run(stopCh chan struct{}) {
 		s.ReadSecrets(ing)
 	}
 
+	if s.defaultSSLCertificate != "" {
+		s.syncSecret(s.defaultSSLCertificate)
+	}
+
 	// start goroutine to check for missing local secrets
 	go wait.Until(s.checkMissingSecrets, 10*time.Second, stopCh)
 

diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go
@@ -70,6 +70,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@@ -155,6 +156,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@@ -294,6 +296,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@@ -378,6 +381,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,