Skip to content

Commit

Permalink
fix: add ingress host automatically to certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
FabianKramm committed Aug 22, 2024
1 parent e76331a commit 5899184
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 11 deletions.
29 changes: 19 additions & 10 deletions pkg/server/cert/syncer.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ import (
"sync"
"time"

"github.com/loft-sh/vcluster/pkg/config"
"github.com/loft-sh/vcluster/pkg/constants"
"github.com/loft-sh/vcluster/pkg/controllers/resources/nodes/nodeservice"
"github.com/loft-sh/vcluster/pkg/syncer/synccontext"
"github.com/loft-sh/vcluster/pkg/util/translate"
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
Expand All @@ -33,27 +33,31 @@ type Syncer interface {
dynamiccertificates.CertKeyContentProvider
}

func NewSyncer(_ context.Context, currentNamespace string, currentNamespaceClient client.Client, options *config.VirtualClusterConfig) (Syncer, error) {
func NewSyncer(ctx *synccontext.ControllerContext) (Syncer, error) {
return &syncer{
clusterDomain: options.Networking.Advanced.ClusterDomain,
clusterDomain: ctx.Config.Networking.Advanced.ClusterDomain,

serverCaKey: options.VirtualClusterKubeConfig().ServerCAKey,
serverCaCert: options.VirtualClusterKubeConfig().ServerCACert,
ingressHost: ctx.Config.ControlPlane.Ingress.Host,

fakeKubeletIPs: options.Networking.Advanced.ProxyKubelets.ByIP,
serverCaKey: ctx.Config.VirtualClusterKubeConfig().ServerCAKey,
serverCaCert: ctx.Config.VirtualClusterKubeConfig().ServerCACert,

addSANs: options.ControlPlane.Proxy.ExtraSANs,
fakeKubeletIPs: ctx.Config.Networking.Advanced.ProxyKubelets.ByIP,

addSANs: ctx.Config.ControlPlane.Proxy.ExtraSANs,
listeners: []dynamiccertificates.Listener{},

serviceName: options.WorkloadService,
currentNamespace: currentNamespace,
currentNamespaceCient: currentNamespaceClient,
serviceName: ctx.Config.WorkloadService,
currentNamespace: ctx.Config.WorkloadNamespace,
currentNamespaceCient: ctx.WorkloadNamespaceClient,
}, nil
}

type syncer struct {
clusterDomain string

ingressHost string

serverCaCert string
serverCaKey string

Expand Down Expand Up @@ -187,6 +191,11 @@ func (s *syncer) getSANs(ctx context.Context) ([]string, error) {
}
}

// ingress host
if s.ingressHost != "" {
retSANs = append(retSANs, s.ingressHost)
}

// make sure other sans are there as well
retSANs = append(retSANs, s.addSANs...)
sort.Strings(retSANs)
Expand Down
2 changes: 1 addition & 1 deletion pkg/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ func NewServer(ctx *synccontext.ControllerContext, requestHeaderCaFile, clientCa
uncachedVirtualClient = pluginhookclient.WrapVirtualClient(uncachedVirtualClient)
uncachedLocalClient = pluginhookclient.WrapPhysicalClient(uncachedLocalClient)

certSyncer, err := cert.NewSyncer(ctx, ctx.Config.WorkloadNamespace, ctx.WorkloadNamespaceClient, ctx.Config)
certSyncer, err := cert.NewSyncer(ctx)
if err != nil {
return nil, errors.Wrap(err, "create cert syncer")
}
Expand Down

0 comments on commit 5899184

Please sign in to comment.