Skip to content

Commit

Permalink
Add TLS-enabled Router
Browse files Browse the repository at this point in the history
  • Loading branch information
@dtomcej @traefiker
dtomcej authored and traefiker committed Aug 14, 2019
1 parent 2895ad2 commit 9e3f549
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 0 deletions.
9 changes: 9 additions & 0 deletions integration/fixtures/k8s/02-secrets.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: tls-cert
namespace: default
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQUw4NThwY2k1WHlqTUEwR0NTcUdTSWIzRFFFQkJRVUFNQll4RkRBU0JnTlYKQkFNTUMzTnVhWFJsYzNRdVkyOXRNQjRYRFRFMU1URXlNekl5TURVMU5sb1hEVEkxTVRFeU1ESXlNRFUxTmxvdwpGakVVTUJJR0ExVUVBd3dMYzI1cGRHVnpkQzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEVkYyNXdFcm9TSVVPL2ROZ0h4bHl0OHBaRlZwSjhmTmFKdzdjbmxaMUpQMmhMdUVibWpBRlQKZEhxUzh3S0ROWUhrdHNCRU9VZk4vcWJrMEFpR2IrU3ZoUXc2a2ZNL1FTajlmWFZRN0toWVA5WFlPZWtUT0g3ZApNMFoyTDNSR2dxczh6KzgzZXhPT25BRlZ2SUpDTVpKWEVlaWpWNmlKbG1wQ2NKYTBLZy9KSGx4aG9XVEVlWnVVCkcraElUYWZrMXlXT0tvclRDUGxNaEIzMHd1UW9XZmJIUCszRzBic0VSTFhGaU1BTkU4RXRRdTgrWmhmc2VCVWgKNVR1NWdJQzRGbnJpYTdtUml4QVplRWlBYmxGUDloMHZyTlJjUDNubXVWejB0SFBJZVFzSlFpRWh4YVowOW9VVwpoOVdxVHNZQ1AxODIxK1NWYXpNOW9GUlRweTZjaFp5VEFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCU3o5bWJYCmlhMVRNNUZHNFpnYWdhZXQyNFM4SERBZkJnTlZIU01FR0RBV2dCU3o5bWJYaWExVE01Rkc0WmdhZ2FldDI0UzgKSERBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUI3OVc4WFR4bG96aDl3L1c3VAo1dkRldjY3RzRUL3dldEFCU2I2OENScnFvanQ3OFBNSnVTODlKYXJBOEkzdHMwME8rMEpZbnNIeHArOXFDN3BmCmpXSGNEU2lMd1JVTXU3TVhXL0tJZW4xRUI4QlFOQTB4V2JBaVFhV1lQSHpzQmxYNDgrOXdCZTBIVER4N0xjeGIKT3NtblhIQkY1ZmQyRVkrUjhxSnUrUHlURERMMVdMSXRGSnB6SGlGaUdpWUY4VHlpYzNra1BqamU2ZUlPeFJtVApocStxYndBcHpieno2aC9WRDV4UjN6QkRGQm8yWHM1dGRQMjY0S0l3L1lYRHBhWFZCaUo1RERqUTNkdEp3MUc1Cnl6Z3JIUVpXSk44R3M4WlpnR2RnUmY3UEhveDh4RVp0cVBpTWtDaER6NlQ3SGEzVTB4WU42VFpHTlpPUjZESHMKSzkvOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMVJkdWNCSzZFaUZEdjNUWUI4WmNyZktXUlZhU2ZIeldpY08zSjVXZFNUOW9TN2hHCjVvd0JVM1I2a3ZNQ2d6V0I1TGJBUkRsSHpmNm01TkFJaG0va3I0VU1PcEh6UDBFby9YMTFVT3lvV0QvVjJEbnAKRXpoKzNUTkdkaTkwUm9LclBNL3ZOM3NUanB3QlZieUNRakdTVnhIb28xZW9pWlpxUW5DV3RDb1B5UjVjWWFGawp4SG1ibEJ2b1NFMm41TmNsamlxSzB3ajVUSVFkOU1Ma0tGbjJ4ei90eHRHN0JFUzF4WWpBRFJQQkxVTHZQbVlYCjdIZ1ZJZVU3dVlDQXVCWjY0bXU1a1lzUUdYaElnRzVSVC9ZZEw2elVYRDk1NXJsYzlMUnp5SGtMQ1VJaEljV20KZFBhRkZvZlZxazdHQWo5Zk50ZmtsV3N6UGFCVVU2Y3VuSVdja3dJREFRQUJBb0lCQUJBZFFZREFLY29OTWU1YwppNm1xMm45ZEJQZ2hYOXFDSmtjc3djRUFrM0JpbHlTQ3Z2bllSSkZuRVkzalNxRlpmb1VwUE1qcisvNGI3OHNGCjRGOHFQd1QyN3NIUEg3SDgzM2lyOEI4NmhsQ0dJMG5DdDFsNHdEOUNEV1lLbUtSc1pUNm9DdE1MUDZOZE1NeW4KQU1LNHRQUllxbHNQMmZMdHFRTjFPREJQcmZucmFvTkh0T1ZFNzg0aUJDRDVkZXdJQ0E1UklRRzJpL2QyK0NHRgorYmFoRnFVWFZDcUhveEJ6NEFWdnJSRkw5OVZjUDdQMmlaeWs2aERRN2ZjaTdYYXk4V2IvSHV0Unh1cXZGMGFVCmJHNkVuazZDQ3ROWkhMd05QcDRIcWZ0MFVkdmcydEc4b2tZd2JFbW9FTzQwblFzQ1N6UkNwcTVVdnppK0xYMWsKTHlrUTYrRUNnWUVBN3g4dlFveU9LNjBRM0xQcEpGR0RlYzIrWEpQb2VzVGZKVFQ2aWRhUDd1a1VMOHAzRnNVbwo5dnR4UlJmaFNPZFBvQUlObXJMMFR5TWVrTzJCNnpYeDBwbVdWcE1yRndaVzZ6TXdaQW5McC93KzNVU3BiR0N5CksxMklJd3ZSWXpUekt3b01UVkFLVFhtMzZiNm9xcjJMYTRiVGRKUjdSRVk2RzM3NEZySmIvSDBDZ1lFQTVDSGsKWW0waDdjZjAwZnc5VUVIUmZ6VVp4bUNmUldZNks4SW5PdUhkTGkrdTRUaXlYenM4eDVzMGUvRE4vcmFObVRHeApRTzgxVXp1UzNuS3djNG41UXlYalZuaHpSNURiYlNBQ0R3SHRkbnhaQnlMMEQxS3ZQanRSRjhGK3JXWFZpWHYyClRNN1VpT21uNlIzNzVGUFNBUHhleU14OFdvbWMzRW5BQWZMV0drOENnWUVBdjhJMldCdjNkemNXcXFic2RGK2EKRy9mT2pOZGdPL1BkTHkxSkxYaVBmSHdWNEMxeFN5VlpNSmQ3d25qZ0JXTGFDK3NabGRHazhrR3JwWFdTRmxudwpUMzh6Zk1JUWNDcDVVYXgvUmZwRkE3WFpoQUFvRGUyTmRCRlJ0eWtuQlhQVS9kTFZBcnNKU0JBd1dKYTVGQk5rCjF4b01RUlZCdFFMTVhuaDM0MXV0UU5FQ2dZRUE0bzFSMi9rYTE2TmFXbXBQalhNL2xEOXNrRmdGODRwNHZGbjgKVVhwYUIzTHREZGNiTkgyRWQ0bUhUb291V0FSOGpDVVFMVGNnMHI1M3RSZGFhZk1jS2ZYblZVa2Eybmhkb0hwSAo4UlZ0OTl1M0llSXhVMEkrcStPR1BidzNqQVYwVVN0Y3hwd2o3cTl6dzRxMlN1Sit5K0hVVXo3WFE2WWpzNVE5CjdQRjJjL3NDZ1lFQWhkVm41Z1o1RnZZS3JCaTQ2dDNweFBzV0s0NzZIbVFFVkhWaTUrb2Q3d2crYXJhRGVsQWUKOFFFOGhjOHFkWkdiamRCL0FIU1BDZVV4Zk8ydm5wc0NvU1JzMjlvNnBEdlF1cXZIWXMrTTUzbDVMRVllT2pvZgp0NkovREs1UGltMkNBRmpZRmNaazgvR3lsNUhqVHczUHBkV3hvUEQ1djJYdzNiYlk1N0lJYm00PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
17 changes: 17 additions & 0 deletions integration/fixtures/k8s/03-ingress-https.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test.ingress.https
namespace: default

spec:
rules:
- host: whoami.test.https
http:
paths:
- path: /whoami
backend:
serviceName: whoami
servicePort: http
tls:
- secretName: tls-cert
13 changes: 13 additions & 0 deletions integration/testdata/rawdata-ingress.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
{
"routers": {
"whoami-test-https/whoami-tls@kubernetes": {
"service": "default/whoami/http",
"rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)",
"tls": {},
"status": "enabled"
},
"whoami-test-https/whoami@kubernetes": {
"service": "default/whoami/http",
"rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)",
"status": "enabled"
},
"whoami-test/whoami@kubernetes": {
"service": "default/whoami/http",
"rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)",
Expand All @@ -21,6 +32,8 @@
},
"status": "enabled",
"usedBy": [
"whoami-test-https/whoami-tls@kubernetes",
"whoami-test-https/whoami@kubernetes",
"whoami-test/whoami@kubernetes"
],
"serverStatus": {
Expand Down
9 changes: 9 additions & 0 deletions pkg/provider/kubernetes/ingress/kubernetes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,15 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
Service: serviceName,
}

if len(ingress.Spec.TLS) > 0 {
// TLS enabled for this ingress, add TLS router
conf.HTTP.Routers[strings.Replace(rule.Host, ".", "-", -1)+p.Path+"-tls"] = &dynamic.Router{
Rule: strings.Join(rules, " && "),
Service: serviceName,
TLS: &dynamic.RouterTLSConfig{},
}

}
conf.HTTP.Services[serviceName] = service
}
err := p.updateIngressStatus(ingress, client)
Expand Down
5 changes: 5 additions & 0 deletions pkg/provider/kubernetes/ingress/kubernetes_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,11 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
Rule: "Host(`example.com`)",
Service: "testing/example-com/80",
},
"example-com-tls": {
Rule: "Host(`example.com`)",
Service: "testing/example-com/80",
TLS: &dynamic.RouterTLSConfig{},
},
},
Services: map[string]*dynamic.Service{
"testing/example-com/80": {
Expand Down

0 comments on commit 9e3f549

Please sign in to comment.