github/k8sgpt
1
0
Fork 0
mirror of https://github.com/k8sgpt-ai/k8sgpt.git synced 2025-09-23 20:28:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add secret validation to ingress analyzer (#141)

Browse Source 
This commit adds a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster. This helps to ensure that only valid secrets are used in the ingress configuration.

Signed-off-by: Matthis Holleville <matthish29@gmail.com>
This commit is contained in:
HOLLEVILLE Matthis
2023-03-29 22:36:50 +02:00
committed by GitHub
parent cdc7bb1272
commit 86c7e81e18
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/analyzer/ingressAnalyzer.go
View File

@@ -33,6 +33,12 @@ func AnalyzeIngress(ctx context.Context, config *AnalysisConfiguration, client *
}
}
for _, tls := range ing.Spec.TLS {
_, err := client.GetClient().CoreV1().Secrets(ing.Namespace).Get(ctx, tls.SecretName, metav1.GetOptions{})
if err != nil {
failures = append(failures, fmt.Sprintf("Ingress uses the secret %s/%s as a TLS certificate which does not exist.", ing.Namespace, tls.SecretName))
}
}
if len(failures) > 0 {
preAnalysis[fmt.Sprintf("%s/%s", ing.Namespace, ing.Name)] = PreAnalysis{
Ingress: ing,