Skip to content

Commit

Permalink
Use annotation cert-manager.io/common-name for CNames
Browse files Browse the repository at this point in the history
  • Loading branch information
@wpjunior
wpjunior committed Oct 16, 2024
1 parent e069482 commit 92378b1
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 8 deletions.
15 changes: 11 additions & 4 deletions kubernetes/ingress.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ var (
certManagerClusterIssuerKey = "cert-manager.io/cluster-issuer"
certManagerIssuerKindKey = "cert-manager.io/issuer-kind"
certManagerIssuerGroupKey = "cert-manager.io/issuer-group"
certManagerCommonName = "cert-manager.io/common-name"

certManagerAnnotations = []string{
certManagerIssuerKey,
Expand Down Expand Up @@ -371,13 +372,16 @@ func (k *IngressService) ensureCNameBackend(ctx context.Context, opts ensureCNam
if opts.routerOpts.AcmeCName {
k.fillIngressTLS(ingress, opts.id)
ingress.ObjectMeta.Annotations[AnnotationsACMEKey] = "true"

} else {
k.cleanupCertManagerAnnotations(ingress)
}

err = k.ensureCertManagerIssuer(ctx, opts, ingress, existingIngress)
if err != nil {
return err
if opts.routerOpts.Acme {
err = k.ensureCertManagerIssuer(ctx, opts, ingress)
if err != nil {
return err
}
}

if isNew {
Expand All @@ -391,7 +395,7 @@ func (k *IngressService) ensureCNameBackend(ctx context.Context, opts ensureCNam
return nil
}

func (k *IngressService) ensureCertManagerIssuer(ctx context.Context, opts ensureCNameBackendOpts, ingress, existingIngress *networkingV1.Ingress) error {
func (k *IngressService) ensureCertManagerIssuer(ctx context.Context, opts ensureCNameBackendOpts, ingress *networkingV1.Ingress) error {
if opts.certIssuer == "" {
// If no cert issuer is provided, we should remove any existing cert issuer annotation
k.cleanupCertManagerAnnotations(ingress)
Expand All @@ -411,6 +415,9 @@ func (k *IngressService) ensureCertManagerIssuer(ctx context.Context, opts ensur
// Remove previous cermanager annotations if needed and
// add cert-manager annotations to the ingress.
k.cleanupCertManagerAnnotations(ingress)

ingress.Annotations[certManagerCommonName] = opts.cname

switch certIssuerData.issuerType {

case certManagerIssuerTypeIssuer:
Expand Down
9 changes: 9 additions & 0 deletions kubernetes/ingress_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -534,6 +534,9 @@ func TestEnsureCertManagerIssuer(t *testing.T) {
svc.Labels = map[string]string{"controller": "my-controller", "XPTO": "true"}
svc.Annotations = map[string]string{"ann1": "val1", "ann2": "val2"}
err := svc.Ensure(ctx, idForApp("test"), router.EnsureBackendOpts{
Opts: router.Opts{
Acme: true,
},
CNames: []string{"test.io", "www.test.io"},
CertIssuers: map[string]string{
"test.io": "letsencrypt",
Expand All @@ -557,7 +560,10 @@ func TestEnsureCertManagerIssuer(t *testing.T) {
foundIngress2, err := svc.Client.NetworkingV1().Ingresses(svc.Namespace).Get(ctx, "kubernetes-router-cname-www.test.io", metav1.GetOptions{})
require.NoError(t, err)

assert.Equal(t, foundIngress.Annotations[certManagerCommonName], "test.io")
assert.Equal(t, foundIngress.Annotations[certManagerIssuerKey], "letsencrypt")

assert.Equal(t, foundIngress2.Annotations[certManagerCommonName], "www.test.io")
assert.Equal(t, foundIngress2.Annotations[certManagerClusterIssuerKey], "letsencrypt-cluster")
}

Expand All @@ -566,6 +572,9 @@ func TestEnsureCertManagerIssuerNotFound(t *testing.T) {
svc.Labels = map[string]string{"controller": "my-controller", "XPTO": "true"}
svc.Annotations = map[string]string{"ann1": "val1", "ann2": "val2"}
err := svc.Ensure(ctx, idForApp("test"), router.EnsureBackendOpts{
Opts: router.Opts{
Acme: true,
},
CNames: []string{"test.io", "www.test.io"},
CertIssuers: map[string]string{
"test.io": "letsencrypt",
Expand Down
7 changes: 3 additions & 4 deletions kubernetes/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@ import (
"github.com/tsuru/kubernetes-router/router"
tsuruv1 "github.com/tsuru/tsuru/provision/kubernetes/pkg/apis/tsuru/v1"
tsuruv1clientset "github.com/tsuru/tsuru/provision/kubernetes/pkg/client/clientset/versioned"
apiv1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
corev1 "k8s.io/api/core/v1"
apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
k8sErrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -176,7 +175,7 @@ func (k *BaseService) getConfig() (*rest.Config, error) {
return k.RestConfig, nil
}

func (k *BaseService) getWebService(ctx context.Context, appName string, target router.BackendTarget) (*apiv1.Service, error) {
func (k *BaseService) getWebService(ctx context.Context, appName string, target router.BackendTarget) (*corev1.Service, error) {
client, err := k.getClient()
if err != nil {
return nil, err
Expand Down Expand Up @@ -326,7 +325,7 @@ func (s *BaseService) getStatusForRuntimeObject(ctx context.Context, ns string,
return buf.String(), nil
}

func isFrozenSvc(svc *v1.Service) bool {
func isFrozenSvc(svc *corev1.Service) bool {
if svc == nil || svc.Labels == nil {
return false
}
Expand Down

0 comments on commit 92378b1

Please sign in to comment.