Skip to content

Commit

Permalink
Release V1.1.0 (#15)
Browse files Browse the repository at this point in the history
* Update lb resource tagging (#12)
* OKE-24944 - Ingressclassparameters update flow (#13)
* OKE-26958 Web application firewall integration (#14)
* OKE-27261-Fixed-multi-path-bug
* Update GettingStarted.md
  • Loading branch information
Inbaraj-S authored Aug 22, 2023
1 parent 63eafa8 commit 36327ca
Show file tree
Hide file tree
Showing 118 changed files with 12,910 additions and 1,146 deletions.
25 changes: 21 additions & 4 deletions GettingStarted.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,13 @@ The native ingress controller itself is lightweight process and pushes all the r
+ [Pod Readiness Gate](#pod-readiness-gate)
- [Configuration](#configuration)
- [Checking the pod readiness condition](#checking-the-pod-readiness-condition)
+ [HTTPS/TLS Support](#https-tls-support)
- [Sample configuration : Using Secret](#sample-configuration---using-secret)
- [Sample configuration : Using Certificate](#sample-configuration---using-certificate)
+ [HTTPS/TLS Support](#httpstls-support)
- [Sample configuration : Using Secret](#sample-configuration--using-secret)
- [Sample configuration : Using Certificate](#sample-configuration--using-certificate)
+ [Custom Health Checker](#custom-health-checker)
+ [Web Firewall Integration](#web-firewall-integration)
* [Dependency management](#dependency-management)
+ [How to introduce new modules or upgrade existing ones?](#how-to-introduce-new-modules-or-upgrade-existing-ones-)
+ [How to introduce new modules or upgrade existing ones?](#how-to-introduce-new-modules-or-upgrade-existing-ones)
* [Known Issues](#known-issues)
* [FAQ](#faq)

Expand Down Expand Up @@ -114,6 +115,9 @@ Allow <subject> to manage certificate-associations in compartment <compartment-i
Allow <subject> to read certificate-authorities in compartment <compartment-id>
Allow <subject> to manage certificate-authority-associations in compartment <compartment-id>
Allow <subject> to read certificate-authority-bundles in compartment <compartment-id>
ALLOW <subject> native-ingress-controller to read public-ips in tenancy
ALLOW <subject> native-ingress-controller to manage floating-ips in tenancy
Allow <subject> to manage waf-family in compartment <compartment-id>
Policy scope can be broadened to Tenancy or restricted to a particular location as shown below:
allow <subject> to manage load-balancers in tenancy
Expand Down Expand Up @@ -506,6 +510,19 @@ References:
- [Policy](https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/lbpolicies.htm)
- [Health-checker](https://docs.oracle.com/en-us/iaas/api/#/en/loadbalancer/20170115/HealthChecker/)

#### Web Firewall Integration
We can create a Web Application Firewalls (WAF) policy either through Console or API to protect the applications from threats and filter out bad traffic.
Once the WAF policy is created we can associate the OCI Load Balancer. We can add any desired conditions and rules to the web policies.

In order to enable WAF, copy the OCI WAF policy OCID from the OCI WAF console and add the OCI WAF web Policy annotation to the IngressClass.
```
apiVersion: extensions/v1beta1
kind: IngressClass
metadata:
annotations:
oci-native-ingress.oraclecloud.com/waf-policy-ocid: ocid1.webappfirewallpolicy.oc1.phx.amaaaaaah4gjgpya3sigtz347pqyr4n3b7udo2zw4jskownbq
```

### Dependency management
Module [vendoring](https://go.dev/ref/mod#vendoring) is used to manage 3d-party modules in the project.
`vendor/` folder contains all 3d-party modules.
Expand Down
8 changes: 4 additions & 4 deletions pkg/certificate/certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,25 +42,25 @@ func New(managementClient CertificateManagementInterface,
}
}

func (certificatesClient *CertificatesClient) setCertCache(cert *certificatesmanagement.Certificate) {
func (certificatesClient *CertificatesClient) SetCertCache(cert *certificatesmanagement.Certificate) {
certificatesClient.certMu.Lock()
certificatesClient.CertCache[*cert.Id] = &CertCacheObj{Cert: cert, Age: time.Now()}
certificatesClient.certMu.Unlock()
}

func (certificatesClient *CertificatesClient) getFromCertCache(certId string) *CertCacheObj {
func (certificatesClient *CertificatesClient) GetFromCertCache(certId string) *CertCacheObj {
certificatesClient.certMu.Lock()
defer certificatesClient.certMu.Unlock()
return certificatesClient.CertCache[certId]
}

func (certificatesClient *CertificatesClient) setCaBundleCache(caBundle *certificatesmanagement.CaBundle) {
func (certificatesClient *CertificatesClient) SetCaBundleCache(caBundle *certificatesmanagement.CaBundle) {
certificatesClient.caMu.Lock()
certificatesClient.CaBundleCache[*caBundle.Id] = &CaBundleCacheObj{CaBundle: caBundle, Age: time.Now()}
certificatesClient.caMu.Unlock()
}

func (certificatesClient *CertificatesClient) getFromCaBundleCache(id string) *CaBundleCacheObj {
func (certificatesClient *CertificatesClient) GetFromCaBundleCache(id string) *CaBundleCacheObj {
certificatesClient.caMu.Lock()
defer certificatesClient.caMu.Unlock()
return certificatesClient.CaBundleCache[id]
Expand Down
Loading

0 comments on commit 36327ca

Please sign in to comment.