github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-12 13:18:51 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #63845 from paulgear/master

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 65301, 65291, 65307, 63845, 65313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add option to control SSL chain completion

**What this PR does / why we need it**:

This adds templated support to the kubernetes-worker juju charm for the --enable-ssl-chain-completion option on the ingress proxy.  It defaults to false, to ensure that production sites are not reliant on OCSP or DNS in order to function.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy.  "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration.
```
This commit is contained in:
Kubernetes Submit Queue
2018-06-22 03:08:17 -07:00
committed by GitHub
parent 6c847f3e7a 31598860e3
commit 5bde5a5ac8
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
View File

@@ -700,6 +700,7 @@ def create_kubeconfig(kubeconfig, server, ca, key=None, certificate=None,
@when_any('config.changed.default-backend-image',
'config.changed.ingress-ssl-chain-completion',
'config.changed.nginx-image')
@when('kubernetes-worker.config.created')
def launch_default_ingress_controller():
@@ -742,6 +743,7 @@ def launch_default_ingress_controller():
return
# Render the ingress daemon set controller manifest
context['ssl_chain_completion'] = config.get('ingress-ssl-chain-completion')
context['ingress_image'] = config.get('nginx-image')
if context['ingress_image'] == "" or context['ingress_image'] == "auto":
images = {'amd64': 'quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0', # noqa