Do not send empty certificates to nginx

kubernetes · Jun 25, 2019 · 8ca5c1c · 8ca5c1c
1 parent d57fdde
commit 8ca5c1c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
@@ -994,15 +994,18 @@ func configureCertificates(pcfg *ingress.Configuration) error {
 	var servers []*ingress.Server
 
 	for _, server := range pcfg.Servers {
+		if server.SSLCert.PemCertKey == "" {
+			continue
+		}
+
 		servers = append(servers, &ingress.Server{
 			Hostname: server.Hostname,
 			SSLCert: ingress.SSLCert{
 				PemCertKey: server.SSLCert.PemCertKey,
 			},
 		})
 
-		if server.Alias != "" && server.SSLCert.PemCertKey != "" &&
-			ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
+		if server.Alias != "" && ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
 			servers = append(servers, &ingress.Server{
 				Hostname: server.Alias,
 				SSLCert: ingress.SSLCert{
@@ -1014,6 +1017,10 @@ func configureCertificates(pcfg *ingress.Configuration) error {
 
 	redirects := buildRedirects(pcfg.Servers)
 	for _, redirect := range redirects {
+		if redirect.SSLCert.PemCertKey == "" {
+			continue
+		}
+
 		servers = append(servers, &ingress.Server{
 			Hostname: redirect.From,
 			SSLCert: ingress.SSLCert{

diff --git a/internal/ingress/sslcert.go b/internal/ingress/sslcert.go
@@ -43,7 +43,7 @@ type SSLCert struct {
 	// ExpiresTime contains the expiration of this SSL certificate in timestamp format
 	ExpireTime time.Time `json:"expires"`
 	// Pem encoded certificate and key concatenated
-	PemCertKey string `json:"pemCertKey"`
+	PemCertKey string `json:"pemCertKey,omitempty"`
 }
 
 // GetObjectKind implements the ObjectKind interface as a noop