Merge pull request #459 from aledbf/log-ssl-information

Add information about SSL certificates in the default log level.
kubernetes · Mar 17, 2017 · 35e4311 · 35e4311
2 parents a5f8fe2 + 18492c1
commit 35e4311
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/core/pkg/ingress/controller/backend_ssl.go b/core/pkg/ingress/controller/backend_ssl.go
@@ -76,11 +76,11 @@ func (ic *GenericController) syncSecret(k interface{}) error {
 			// no need to update
 			return nil
 		}
-		glog.V(3).Infof("updating secret %v/%v in the store", sec.Namespace, sec.Name)
+		glog.Infof("updating secret %v/%v in the local store", sec.Namespace, sec.Name)
 		ic.sslCertTracker.Update(key, cert)
 		return nil
 	}
-	glog.V(3).Infof("adding secret %v/%v to the store", sec.Namespace, sec.Name)
+	glog.Infof("adding secret %v/%v to the local store", sec.Namespace, sec.Name)
 	ic.sslCertTracker.Add(key, cert)
 	return nil
 }
@@ -106,10 +106,10 @@ func (ic *GenericController) getPemCertificate(secretName string) (*ingress.SSLC
 
 	var s *ingress.SSLCert
 	if okcert && okkey {
-		glog.V(3).Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
+		glog.Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
 		s, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca)
 	} else if ca != nil {
-		glog.V(3).Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
+		glog.Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
 		s, err = ssl.AddCertAuth(nsSecName, ca)
 	} else {
 		return nil, fmt.Errorf("ko keypair or CA cert could be found in %v", secretName)

diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go
@@ -960,14 +960,24 @@ func (ic *GenericController) createServers(data []interface{},
 					}
 				}
 
+				if tlsSecretName == "" {
+					glog.Warningf("ingress rule %v/%v for host %v does not contains a matching tls host", ing.Namespace, ing.Name, host)
+					glog.V(2).Infof("%v", ing.Spec.TLS)
+					continue
+				}
+
 				key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
 				bc, exists := ic.sslCertTracker.Get(key)
 				if exists {
 					cert := bc.(*ingress.SSLCert)
 					if isHostValid(host, cert) {
 						servers[host].SSLCertificate = cert.PemFileName
 						servers[host].SSLPemChecksum = cert.PemSHA
+					} else {
+						glog.Warningf("ssl certificate %v does not contains a common name for host %v", key, host)
 					}
+				} else {
+					glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
 				}
 			}
 		}

diff --git a/core/pkg/ingress/controller/util.go b/core/pkg/ingress/controller/util.go
@@ -46,7 +46,7 @@ func isHostValid(host string, cert *ingress.SSLCert) bool {
 		return false
 	}
 	for _, cn := range cert.CN {
-		if matchHostnames(cn, host) {
+		if matchHostnames(cn, strings.ToLower(host)) {
 			return true
 		}
 	}