-
Notifications
You must be signed in to change notification settings - Fork 68
Adding code to create ssl cert from secret and create https target proxy #92
Conversation
Changes Unknown when pulling bbcc252 on nikhiljindal:https into ** on GoogleCloudPlatform:master**. |
looks good overall. One bigger comment (below) about how you handle diffs. Reviewed 11 of 11 files at r1. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 65 at r1 (raw file):
Seems confusing to have 2 methods that only differ by the capitalization. call this one ensureSecretSslCertInternal? app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 69 at r1 (raw file):
fmt.Println the error too app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 152 at r1 (raw file):
print the diff if they don't match app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 160 at r1 (raw file):
fmt.Println the error too? app/kubemci/pkg/gcp/sslcert/sslcertsyncer_test.go, line 37 at r1 (raw file):
If my update-vendor/ PR goes in first, you'll need to add the ingress-gce namer here. app/kubemci/pkg/gcp/targetproxy/fake_targetproxysyncer.go, line 24 at r1 (raw file):
maybe add a comment for CertLink. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 83 at r1 (raw file):
this needs to be an else now. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 93 at r1 (raw file):
same here. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 234 at r1 (raw file):
I think this can be buggy: app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 272 at r1 (raw file):
This should be higher than the V(2) right above it, i think. Comments from Reviewable |
Review status: all files reviewed at latest revision, 10 unresolved discussions, some commit checks failed. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 65 at r1 (raw file): Previously, G-Harmon wrote…
Not sure which 2 methods are you talking about. EnsureSSLCert is the public exported method that calls ensurePreSharedSSLCert or ensureSecretSSLCert depending on how the certs should be handled. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 69 at r1 (raw file): Previously, G-Harmon wrote…
Done. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 152 at r1 (raw file): Previously, G-Harmon wrote…
Dont want to print the secret cert :) app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 160 at r1 (raw file): Previously, G-Harmon wrote…
Done. app/kubemci/pkg/gcp/sslcert/sslcertsyncer_test.go, line 37 at r1 (raw file): Previously, G-Harmon wrote…
Done. app/kubemci/pkg/gcp/targetproxy/fake_targetproxysyncer.go, line 24 at r1 (raw file): Previously, G-Harmon wrote…
Done. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 83 at r1 (raw file): Previously, G-Harmon wrote…
ah good catch. fixed app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 93 at r1 (raw file): Previously, G-Harmon wrote…
Done. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 234 at r1 (raw file): Previously, G-Harmon wrote…
aah yes good catch again :) app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 272 at r1 (raw file): Previously, G-Harmon wrote…
right, done Comments from Reviewable |
Rebased to include #93 and updated as per comments. |
Changes Unknown when pulling 67a52be on nikhiljindal:https into ** on GoogleCloudPlatform:master**. |
Reviewed 4 of 6 files at r2. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 65 at r1 (raw file): Previously, nikhiljindal (Nikhil Jindal) wrote…
Oops, I misread it. I missed 'secret' in ensureSecretSSLCert. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 152 at r1 (raw file): Previously, nikhiljindal (Nikhil Jindal) wrote…
oh! (is that obvious, or is it worth a comment?) app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 234 at r1 (raw file): Previously, nikhiljindal (Nikhil Jindal) wrote…
okay, that's fine. Can you reference that bug here in the code as well? Comments from Reviewable |
Review status: 9 of 11 files reviewed at latest revision, 3 unresolved discussions. app/kubemci/pkg/gcp/sslcert/sslcertsyncer.go, line 152 at r1 (raw file): Previously, G-Harmon wrote…
Done, added a comment. app/kubemci/pkg/gcp/targetproxy/targetproxysyncer.go, line 234 at r1 (raw file): Previously, G-Harmon wrote…
Done. Comments from Reviewable |
Changes Unknown when pulling d80971c on nikhiljindal:https into ** on GoogleCloudPlatform:master**. |
Review status: 7 of 11 files reviewed at latest revision, all discussions resolved. Comments from Reviewable |
Ref #46
This is a step towards adding HTTPS support to kubemci.
It has the following main changes:
In ingress-gce, Users can specify certs in 2 ways:
ingress.gcp.kubernetes.io/pre-shared-cert
annotation.SSLCertSyncer supports only the first for now. Will add support for the annotation in next PR.
Also note, that updating the secret will cause downtime for now, since it deletes and then recreates the ssl certificate.
cc @csbell @G-Harmon
This change is