Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Change syncSecret approach #1030

Closed
wants to merge 2 commits into from
Closed

[WIP] Change syncSecret approach #1030

wants to merge 2 commits into from

Conversation

jcmoraisjr
Copy link
Contributor

backend_ssl/secrReferenced is being used to check if a secret is used by auth-tls-secret annotation and spec.TLS attribute. This list goes beyond these two attributes, eg: auth-secret, secure-verify-ca-secret and some configmap options should also be checked. This list should grow. This was implemented on #991 .

IOW the current (without this PR) behavior is try to guess when a secret should be added, which is not working if the secret is used eg on auth-secret annotation.

The PR implementation is half of the way to create a facade to find secrets. I added the only missing ic.syncSecret() I found on my tests. This might be evolved to a single func that do this job (try/sync/try again). This PR works on my local env.

Another approach is add every single secret without trying to guess if it is used or not.

What about these strategies?

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 27, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@aledbf
Copy link
Member

aledbf commented Jul 27, 2017

@jcmoraisjr we need secrReferenced because we must not dump all the secrets to file, only the ones that are being referenced by the ingress.

@aledbf
Copy link
Member

aledbf commented Jul 27, 2017

@jcmoraisjr I was waiting the client-go PR to be merged to finish this

@coveralls
Copy link

Coverage Status

Coverage increased (+0.09%) to 44.077% when pulling 08bcd94 on jcmoraisjr:jm-sync-secret into ce5e399 on kubernetes:master.

aledbf added a commit to aledbf/ingress-nginx that referenced this pull request Jul 28, 2017
@aledbf
Alternative syncSecret approach kubernetes#1030
facf8f0
@jcmoraisjr jcmoraisjr closed this Jul 28, 2017
@jcmoraisjr jcmoraisjr deleted the jm-sync-secret branch July 28, 2017 10:53
aledbf added a commit that referenced this pull request Jul 28, 2017
@aledbf
Merge pull request #1032 from aledbf/fix-ssl-sync
08716e5 
Alternative syncSecret approach #1030
stibi added a commit to stibi/ingress that referenced this pull request Sep 15, 2017
@stibi
patch kubernetes#1030 applied
8793f9f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jcmoraisjr @k8s-reviewable @aledbf @coveralls @k8s-ci-robot