diff --git a/build/cover.sh b/build/cover.sh index 17b5be3b1d..56b2476cb1 100755 --- a/build/cover.sh +++ b/build/cover.sh @@ -27,6 +27,9 @@ if [ -z "${PKG}" ]; then exit 1 fi +export CGO_ENABLED=1 +export GODEBUG=netdns=go+2 + rm -rf coverage.txt for d in $(go list "${PKG}/..." | grep -v vendor | grep -v '/test/e2e' | grep -v images); do t=$(date +%s); diff --git a/build/test.sh b/build/test.sh index 59a540461f..480d166719 100755 --- a/build/test.sh +++ b/build/test.sh @@ -30,6 +30,7 @@ fi # enabled to use host dns resolver export CGO_ENABLED=1 +export GODEBUG=netdns=go+2 -go test -v -race -tags "cgo" \ +go test -v -race \ $(go list "${PKG}/..." | grep -v vendor | grep -v '/test/e2e' | grep -v images | grep -v "docs/examples") diff --git a/docs/enhancements/20190724-only-dynamic-ssl.md b/docs/enhancements/20190724-only-dynamic-ssl.md new file mode 100644 index 0000000000..790f93501b --- /dev/null +++ b/docs/enhancements/20190724-only-dynamic-ssl.md @@ -0,0 +1,63 @@ +--- +title: Remove static SSL configuration mode +authors: + - "@aledbf" +reviewers: + - "@ElvinEfendi" +approvers: + - "@ElvinEfendi" +editor: TBD +creation-date: 2019-07-24 +last-updated: 2019-07-24 +status: implementable +see-also: +replaces: +superseded-by: +--- + +# Remove static SSL configuration mode + +## Table of Contents + + +- [Summary](#summary) +- [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) +- [Proposal](#proposal) + - [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints) +- [Drawbacks](#drawbacks) +- [Alternatives](#alternatives) + + +## Summary + +Since release [0.19.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release [0.24.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) the default enabled mode is dynamic. + +## Motivation + +The static configuration implies reloads, something that affects the majority of the users. + +### Goals + +- Deprecation of the flag `--enable-dynamic-certificates`. +- Cleanup of the codebase. + +### Non-Goals + +- Features related to certificate authentication are not changed in any way. + +## Proposal + +- Remove static SSL configuration + +### Implementation Details/Notes/Constraints + +- Deprecate the flag Move the directives `ssl_certificate` and `ssl_certificate_key` from each server block to the `http` section. These settings are required to avoid NGINX errors in the logs. +- Remove any action of the flag `--enable-dynamic-certificates` + +## Drawbacks + +## Alternatives + +Keep both implementations