This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new dcd57bb8 feat: ingress extensions/v1beta1 support tls (#1392)
dcd57bb8 is described below
commit dcd57bb86edd5e47993e871f6a1d659a66c485f6
Author: 林靖 <[email protected]>
AuthorDate: Sun Oct 23 22:40:57 2022 +0800
feat: ingress extensions/v1beta1 support tls (#1392)
---
pkg/providers/ingress/translation/translator.go | 12 +++++
.../suite-ingress-resource/ingress.go | 51 ++++++++++++++++++++++
2 files changed, 63 insertions(+)
diff --git a/pkg/providers/ingress/translation/translator.go
b/pkg/providers/ingress/translation/translator.go
index c4ed6426..6f709796 100644
--- a/pkg/providers/ingress/translation/translator.go
+++ b/pkg/providers/ingress/translation/translator.go
@@ -377,6 +377,18 @@ func (t *translator) translateIngressExtensionsV1beta1(ing
*extensionsv1beta1.In
ctx := translation.DefaultEmptyTranslateContext()
ingress := t.TranslateAnnotations(ing.Annotations)
+ // add https
+ for _, tls := range ing.Spec.TLS {
+ ssl, err := t.TranslateIngressTLS(ing.Namespace, ing.Name,
tls.SecretName, tls.Hosts)
+ if err != nil {
+ log.Errorw("failed to translate ingress tls to apisix
tls",
+ zap.Error(err),
+ zap.Any("ingress", ing),
+ )
+ return nil, err
+ }
+ ctx.AddSSL(ssl)
+ }
for _, rule := range ing.Spec.Rules {
for _, pathRule := range rule.HTTP.Paths {
var (
diff --git a/test/e2e/suite-ingress/suite-ingress-resource/ingress.go
b/test/e2e/suite-ingress/suite-ingress-resource/ingress.go
index db6e4d78..1c6eda79 100644
--- a/test/e2e/suite-ingress/suite-ingress-resource/ingress.go
+++ b/test/e2e/suite-ingress/suite-ingress-resource/ingress.go
@@ -156,6 +156,57 @@
w174RSQoNMc+odHxn95mxtYdYVE5PKkzgrfxqymLa5Y0LMPCpKOq4XB0paZPtrOt
k1XbogS6EYyEdbkTDdXdUENvDrU7hzJXSVxJYADiqr44DGfWm6hK0bq9ZPc=
-----END RSA PRIVATE KEY-----
`
+ ginkgo.It("should support ingress extensions/v1beta1 with tls", func() {
+ // create secrets
+ err := s.NewSecret(serverCertSecret, serverCert, serverKey)
+ assert.Nil(ginkgo.GinkgoT(), err, "create server cert secret
error")
+
+ // create ingress
+ host := "mtls.httpbin.local"
+ // create route
+ backendSvc, backendSvcPort := s.DefaultHTTPBackend()
+ ing := fmt.Sprintf(`
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: httpbin-ingress-https
+ annotations:
+ kubernetes.io/ingress.class: apisix
+spec:
+ tls:
+ - hosts:
+ - %s
+ secretName: %s
+ rules:
+ - host: %s
+ http:
+ paths:
+ - path: /*
+ backend:
+ serviceName: %s
+ servicePort: %d
+`, host, serverCertSecret, host, backendSvc, backendSvcPort[0])
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ing))
+ assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(1))
+
+ apisixRoutes, err := s.ListApisixRoutes()
+ assert.Nil(ginkgo.GinkgoT(), err, "list routes error")
+ assert.Len(ginkgo.GinkgoT(), apisixRoutes, 1, "route number not
expect")
+
+ apisixSsls, err := s.ListApisixSsl()
+ assert.Nil(ginkgo.GinkgoT(), err, "list SSLs error")
+ assert.Len(ginkgo.GinkgoT(), apisixSsls, 1, "SSL number should
be 1")
+ assert.Equal(ginkgo.GinkgoT(),
id.GenID(s.Namespace()+"_httpbin-ingress-https-tls"), apisixSsls[0].ID, "SSL
name")
+ assert.Equal(ginkgo.GinkgoT(), apisixSsls[0].Snis,
[]string{host}, "SSL configuration")
+
+ caCertPool := x509.NewCertPool()
+ ok := caCertPool.AppendCertsFromPEM([]byte(rootCA))
+ assert.True(ginkgo.GinkgoT(), ok, "Append cert to CA pool")
+
+ s.NewAPISIXHttpsClientWithCertificates(host, true, caCertPool,
[]tls.Certificate{}).
+ GET("/ip").WithHeader("Host",
host).Expect().Status(http.StatusOK)
+ })
+
ginkgo.It("should support ingress v1beta1 with tls", func() {
// create secrets
err := s.NewSecret(serverCertSecret, serverCert, serverKey)
