Skip to content

Commit ef38a27

Browse files
MadalinaPatrichiMadalinaPatrichi
committed
Third round of comments
1 parent 7e7d9f0 commit ef38a27

File tree

4 files changed

+280
-58
lines changed

4 files changed

+280
-58
lines changed

pkg/oci/load_balancer.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -203,14 +203,14 @@ func (cp *CloudProvider) readSSLSecret(ns, name string) (*certificateData, error
203203
}
204204
var ok bool
205205
var cacert, cert, key, pass []byte
206-
cacert, _ = secret.Data[SSLCAFileName]
206+
cacert = secret.Data[SSLCAFileName]
207207
if cert, ok = secret.Data[SSLCertificateFileName]; !ok {
208208
return nil, errors.Errorf("%s not found in secret %s/%s", SSLCertificateFileName, ns, name)
209209
}
210210
if key, ok = secret.Data[SSLPrivateKeyFileName]; !ok {
211211
return nil, errors.Errorf("%s not found in secret %s/%s", SSLPrivateKeyFileName, ns, name)
212212
}
213-
pass, _ = secret.Data[SSLPassphrase]
213+
pass = secret.Data[SSLPassphrase]
214214
return &certificateData{CACert: cacert, PublicCert: cert, PrivateKey: key, Passphrase: pass}, nil
215215
}
216216

@@ -323,8 +323,8 @@ func (cp *CloudProvider) EnsureLoadBalancer(ctx context.Context, clusterName str
323323
if err != nil {
324324
return nil, err
325325
}
326-
secretListenerString, _ := service.Annotations[ServiceAnnotationLoadBalancerTLSSecret]
327-
secretBackendSetString, _ := service.Annotations[ServiceAnnotationLoadBalancerBackendSetSecret]
326+
secretListenerString := service.Annotations[ServiceAnnotationLoadBalancerTLSSecret]
327+
secretBackendSetString := service.Annotations[ServiceAnnotationLoadBalancerBackendSetSecret]
328328
sslConfig = NewSSLConfig(secretListenerString, secretBackendSetString, ports, cp)
329329
}
330330
subnets := []string{cp.config.LoadBalancer.Subnet1, cp.config.LoadBalancer.Subnet2}

pkg/oci/load_balancer_spec.go

+25-42
Original file line numberDiff line numberDiff line change
@@ -173,35 +173,27 @@ func (s *LBSpec) Certificates() (map[string]loadbalancer.CertificateDetails, err
173173
if s.SSLConfig == nil {
174174
return certs, nil
175175
}
176-
//Read listener Kubernetes Secret
177-
sslSecret, err := s.SSLConfig.readSSLSecret(s.service.Namespace, s.SSLConfig.ListenerSSLSecretName)
178-
if err != nil {
179-
return nil, errors.Wrap(err, "reading SSL Listener Secret")
176+
secrets := make([]string, 0, 2)
177+
if s.SSLConfig.ListenerSSLSecretName != "" {
178+
secrets = append(secrets, s.SSLConfig.ListenerSSLSecretName)
180179
}
181-
if len(sslSecret.PublicCert) == 0 || len(sslSecret.PrivateKey) == 0 {
182-
return certs, nil
180+
if s.SSLConfig.BackendSetSSLSecretName != "" {
181+
secrets = append(secrets, s.SSLConfig.BackendSetSSLSecretName)
183182
}
184183

185-
certs[s.SSLConfig.ListenerSSLSecretName] = loadbalancer.CertificateDetails{
186-
CertificateName: &s.SSLConfig.ListenerSSLSecretName,
187-
PublicCertificate: common.String(string(sslSecret.PublicCert)),
188-
PrivateKey: common.String(string(sslSecret.PrivateKey)),
189-
}
190-
// Read backendSet Kubernetes Secret
191-
sslSecret, err = s.SSLConfig.readSSLSecret(s.service.Namespace, s.SSLConfig.BackendSetSSLSecretName)
192-
if err != nil {
193-
return nil, errors.Wrap(err, "reading SSL BackendSet Secret")
194-
}
195-
if len(sslSecret.PublicCert) == 0 || len(sslSecret.PrivateKey) == 0 {
196-
return certs, nil
197-
}
184+
for _, name := range secrets {
185+
cert, err := s.SSLConfig.readSSLSecret(s.service.Namespace, name)
186+
if err != nil {
187+
return nil, errors.Wrap(err, "reading SSL BackendSet Secret")
188+
}
198189

199-
certs[s.SSLConfig.BackendSetSSLSecretName] = loadbalancer.CertificateDetails{
200-
CertificateName: &s.SSLConfig.BackendSetSSLSecretName,
201-
CaCertificate: common.String(string(sslSecret.CACert)),
202-
PublicCertificate: common.String(string(sslSecret.PublicCert)),
203-
PrivateKey: common.String(string(sslSecret.PrivateKey)),
204-
Passphrase: common.String(string(sslSecret.Passphrase)),
190+
certs[name] = loadbalancer.CertificateDetails{
191+
CertificateName: &name,
192+
CaCertificate: common.String(string(cert.CACert)),
193+
PublicCertificate: common.String(string(cert.PublicCert)),
194+
PrivateKey: common.String(string(cert.PrivateKey)),
195+
Passphrase: common.String(string(cert.Passphrase)),
196+
}
205197
}
206198
return certs, nil
207199
}
@@ -277,23 +269,14 @@ func getBackendSets(svc *v1.Service, nodes []*v1.Node, sslCfg *SSLConfig) map[st
277269
name := getBackendSetName(string(servicePort.Protocol), int(servicePort.Port))
278270
port := int(servicePort.Port)
279271
var secretName string
280-
if sslCfg != nil {
272+
if sslCfg != nil && len(sslCfg.BackendSetSSLSecretName) !=0 {
281273
secretName = sslCfg.BackendSetSSLSecretName
282274
}
283-
sslConfig := getSSLConfiguration(sslCfg, secretName, port)
284-
if sslConfig != nil {
285-
backendSets[name] = loadbalancer.BackendSetDetails{
286-
Policy: common.String(DefaultLoadBalancerPolicy),
287-
Backends: getBackends(nodes, servicePort.NodePort),
288-
HealthChecker: getHealthChecker(sslCfg, port, svc),
289-
SslConfiguration: sslConfig,
290-
}
291-
} else {
292-
backendSets[name] = loadbalancer.BackendSetDetails{
293-
Policy: common.String(DefaultLoadBalancerPolicy),
294-
Backends: getBackends(nodes, servicePort.NodePort),
295-
HealthChecker: getHealthChecker(sslCfg, port, svc),
296-
}
275+
backendSets[name] = loadbalancer.BackendSetDetails{
276+
Policy: common.String(DefaultLoadBalancerPolicy),
277+
Backends: getBackends(nodes, servicePort.NodePort),
278+
HealthChecker: getHealthChecker(sslCfg, port, svc),
279+
SslConfiguration: getSSLConfiguration(sslCfg, secretName, port),
297280
}
298281
}
299282
return backendSets
@@ -322,7 +305,7 @@ func getHealthChecker(cfg *SSLConfig, port int, svc *v1.Service) *loadbalancer.H
322305
}
323306

324307
func getSSLConfiguration(cfg *SSLConfig, name string, port int) *loadbalancer.SslConfigurationDetails {
325-
if cfg == nil || !cfg.Ports.Has(port) {
308+
if cfg == nil || !cfg.Ports.Has(port) || len(name) ==0 {
326309
return nil
327310
}
328311
return &loadbalancer.SslConfigurationDetails{
@@ -365,7 +348,7 @@ func getListeners(svc *v1.Service, sslCfg *SSLConfig) (map[string]loadbalancer.L
365348
}
366349
port := int(servicePort.Port)
367350
var secretName string
368-
if sslCfg != nil {
351+
if sslCfg != nil && len(sslCfg.ListenerSSLSecretName) !=0 {
369352
secretName = sslCfg.ListenerSSLSecretName
370353
}
371354
sslConfiguration := getSSLConfiguration(sslCfg, secretName, port)

test/e2e/framework/networking_util.go

+1-2
Original file line numberDiff line numberDiff line change
@@ -104,8 +104,7 @@ func TestReachableHTTPWithContentTimeout(secure bool, ip string, port int, reque
104104
func TestReachableHTTPWithContentTimeoutWithRetriableErrorCodes(secure bool, ip string, port int, request string, expect string, content *bytes.Buffer, retriableErrCodes []int, timeout time.Duration) (bool, error) {
105105

106106
ipPort := net.JoinHostPort(ip, strconv.Itoa(port))
107-
var url string
108-
url = fmt.Sprintf("http://%s%s", ipPort, request)
107+
url := fmt.Sprintf("http://%s%s", ipPort, request)
109108
if secure {
110109
url = fmt.Sprintf("https://%s%s", ipPort, request)
111110
}

0 commit comments

Comments
 (0)