github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 07:47:56 +00:00
Code Issues Projects Releases Wiki Activity

Fix ingress util handling of TLS

Browse Source
This commit is contained in:
Nick Sardo 2018-04-12 16:35:37 -07:00
parent b96a9cc876
commit 97798c4f3d
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
test/e2e/framework/ingress_utils.go
View File

@ -183,7 +183,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m
}, },
{ {
fmt.Sprintf("should terminate TLS for host %v", tlsHost), fmt.Sprintf("should terminate TLS for host %v", tlsHost),
func() { jig.AddHTTPS(tlsSecretName, tlsHost) }, func() { jig.SetHTTPS(tlsSecretName, tlsHost) },
fmt.Sprintf("waiting for HTTPS updates to reflect in ingress"), fmt.Sprintf("waiting for HTTPS updates to reflect in ingress"),
}, },
{ {
@ -241,7 +241,7 @@ func CreateIngressComformanceTests(jig *IngressTestJig, ns string, annotations m
} }
ing.Spec.Rules = newRules ing.Spec.Rules = newRules
}) })
jig.AddHTTPS(tlsSecretName, updatedTLSHost) jig.SetHTTPS(tlsSecretName, updatedTLSHost)
}, },
fmt.Sprintf("Waiting for updated certificates to accept requests for host %v", updatedTLSHost), fmt.Sprintf("Waiting for updated certificates to accept requests for host %v", updatedTLSHost),
}) })
@ -1211,19 +1211,30 @@ func (j *IngressTestJig) Update(update func(ing *extensions.Ingress)) {
Failf("too many retries updating ingress %s/%s", ns, name) Failf("too many retries updating ingress %s/%s", ns, name)
} }
// AddHTTPS updates the ingress to use this secret for these hosts. // AddHTTPS updates the ingress to add this secret for these hosts.
func (j *IngressTestJig) AddHTTPS(secretName string, hosts ...string) { func (j *IngressTestJig) AddHTTPS(secretName string, hosts ...string) {
// TODO: Just create the secret in GetRootCAs once we're watching secrets in // TODO: Just create the secret in GetRootCAs once we're watching secrets in
// the ingress controller. // the ingress controller.
_, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...) _, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...)
ExpectNoError(err) ExpectNoError(err)
j.Logger.Infof("Updating ingress %v to use secret %v for TLS termination", j.Ingress.Name, secretName) j.Logger.Infof("Updating ingress %v to also use secret %v for TLS termination", j.Ingress.Name, secretName)
j.Update(func(ing *extensions.Ingress) { j.Update(func(ing *extensions.Ingress) {
ing.Spec.TLS = append(ing.Spec.TLS, extensions.IngressTLS{Hosts: hosts, SecretName: secretName}) ing.Spec.TLS = append(ing.Spec.TLS, extensions.IngressTLS{Hosts: hosts, SecretName: secretName})
}) })
j.RootCAs[secretName] = cert j.RootCAs[secretName] = cert
} }
// SetHTTPS updates the ingress to use only this secret for these hosts.
func (j *IngressTestJig) SetHTTPS(secretName string, hosts ...string) {
_, cert, _, err := createTLSSecret(j.Client, j.Ingress.Namespace, secretName, hosts...)
ExpectNoError(err)
j.Logger.Infof("Updating ingress %v to only use secret %v for TLS termination", j.Ingress.Name, secretName)
j.Update(func(ing *extensions.Ingress) {
ing.Spec.TLS = []extensions.IngressTLS{{Hosts: hosts, SecretName: secretName}}
})
j.RootCAs = map[string][]byte{secretName: cert}
}
// RemoveHTTPS updates the ingress to not use this secret for TLS. // RemoveHTTPS updates the ingress to not use this secret for TLS.
// Note: Does not delete the secret. // Note: Does not delete the secret.
func (j *IngressTestJig) RemoveHTTPS(secretName string) { func (j *IngressTestJig) RemoveHTTPS(secretName string) {

2
test/e2e/upgrades/ingress.go
View File

@ -97,7 +97,7 @@ func (t *IngressUpgradeTest) Setup(f *framework.Framework) {
framework.IngressStaticIPKey: t.ipName, framework.IngressStaticIPKey: t.ipName,
framework.IngressAllowHTTPKey: "false", framework.IngressAllowHTTPKey: "false",
}, map[string]string{}) }, map[string]string{})
t.jig.AddHTTPS("tls-secret", "ingress.test.com") t.jig.SetHTTPS("tls-secret", "ingress.test.com")
By("waiting for Ingress to come up with ip: " + t.ip) By("waiting for Ingress to come up with ip: " + t.ip)
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false)) framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))