-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the ingress domain for the tls secret #35
Use the ingress domain for the tls secret #35
Conversation
Hi Lucas, thanks for taking this up. Could you deploy a second FunctionIngress on the same domain, but using a different path and function to show that only one certificate is obtained? |
$ kubectl get ing -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
openfaas nodeinfo-tls <none> nodeinfo-tls.myfaas.club 172.20.0.2 80, 443 132m
openfaas nodeinfo-tls-auth <none> nodeinfo-tls.myfaas.club 172.20.0.2 80, 443 14s
$ kubectl get secrets -n openfaas
NAME TYPE DATA AGE
basic-auth Opaque 2 137m
default-token-df84n kubernetes.io/service-account-token 3 144m
ingress-operator-token-m87z4 kubernetes.io/service-account-token 3 137m
nodeinfo-tls.myfaas.club-cert-9q9wm Opaque 1 126m
openfaas-controller-token-fhcsv kubernetes.io/service-account-token 3 137m
openfaas-prometheus-token-7gd24 kubernetes.io/service-account-token 3 137m
sh.helm.release.v1.openfaas.v1 helm.sh/release.v1 1 137m
$ kubectl get certificate -A
NAMESPACE NAME READY SECRET AGE
openfaas nodeinfo-tls.myfaas.club-cert False nodeinfo-tls.myfaas.club-cert 126m |
Do you have more than one FunctionIngress records with differing paths, but the same domain? I can just see the NodeInfo one |
One is |
pkg/controller/controller_test.go
Outdated
expected: []v1beta1.IngressTLS{}, | ||
}, | ||
{ | ||
name: "tls enabled creates TLS object with corret host and secret with matching the host", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
corret
--> correct
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
**What** - Change the name of the TLS secret to use the domain name. This allows multiple functions to use the same secret instead of creating multiple secrets. This reduces the complexity for REST style APIs that need multiple paths corresponding to multiple Funcions and FunctionIngress on the same domain. Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
23b83be
to
8e83a73
Compare
You are right @LucasRoesler. Thanks |
Description
multiple functions to use the same secret instead of creating multiple
secrets. This reduces the complexity for REST style APIs that need
multiple paths corresponding to multiple Functions and FunctionIngress
on the same domain.
Motivation and Context
Closes #34
How Has This Been Tested?
new unit test
Manual testing locally with
theaxer/ingress-operator:latest-35
A secret with the expected name
nodeinfo-tls.myfaas.club-cert-9q9wm
is createdTypes of changes
Impact to existing users
Checklist:
git commit -s