Skip to content

Commit

Permalink
Add TLS field to Ingress Listener (#864)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisisnotashwin
thisisnotashwin authored Nov 16, 2021
1 parent 75236bc commit 53a6403
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 3 deletions.
19 changes: 19 additions & 0 deletions charts/consul/templates/crd-ingressgateways.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,25 @@ spec:
description: IngressListener manages the configuration for a listener
on a specific port.
properties:
gatewayTLSConfig:
description: TLS config for this listener.
properties:
enabled:
description: Indicates that TLS should be enabled for this
gateway service.
type: boolean
gatewayTLSSDSConfig:
description: SDS allows configuring TLS certificate from
an SDS service.
properties:
certResource:
type: string
clusterName:
type: string
type: object
required:
- enabled
type: object
port:
description: Port declares the port on which the ingress gateway
should listen for traffic.
Expand Down
14 changes: 11 additions & 3 deletions control-plane/api/v1alpha1/ingressgateway_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,9 @@ type IngressListener struct {
// current supported values are: (tcp | http | http2 | grpc).
Protocol string `json:"protocol,omitempty"`

// TLS config for this listener.
TLS *GatewayTLSConfig `json:"gatewayTLSConfig,omitempty"`

// Services declares the set of services to which the listener forwards
// traffic.
//
Expand Down Expand Up @@ -223,7 +226,7 @@ func (in *IngressGateway) ToConsul(datacenter string) capi.ConfigEntry {
return &capi.IngressGatewayConfigEntry{
Kind: in.ConsulKind(),
Name: in.ConsulName(),
TLS: in.Spec.TLS.toConsul(),
TLS: *in.Spec.TLS.toConsul(),
Listeners: listeners,
Meta: meta(datacenter),
}
Expand Down Expand Up @@ -273,8 +276,11 @@ func (in *IngressGateway) DefaultNamespaceFields(consulMeta common.ConsulMeta) {
}
}

func (in GatewayTLSConfig) toConsul() capi.GatewayTLSConfig {
return capi.GatewayTLSConfig{
func (in *GatewayTLSConfig) toConsul() *capi.GatewayTLSConfig {
if in == nil {
return nil
}
return &capi.GatewayTLSConfig{
Enabled: in.Enabled,
SDS: in.SDS.toConsul(),
}
Expand All @@ -285,9 +291,11 @@ func (in IngressListener) toConsul() capi.IngressListener {
for _, s := range in.Services {
services = append(services, s.toConsul())
}

return capi.IngressListener{
Port: in.Port,
Protocol: in.Protocol,
TLS: in.TLS.toConsul(),
Services: services,
}
}
Expand Down
44 changes: 44 additions & 0 deletions control-plane/api/v1alpha1/ingressgateway_types_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,22 @@ func TestIngressGateway_MatchesConsul(t *testing.T) {
Spec: IngressGatewaySpec{
TLS: GatewayTLSConfig{
Enabled: true,
SDS: &GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Listeners: []IngressListener{
{
Port: 8888,
Protocol: "tcp",
TLS: &GatewayTLSConfig{
Enabled: true,
SDS: &GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Services: []IngressService{
{
Name: "name1",
Expand Down Expand Up @@ -119,11 +130,22 @@ func TestIngressGateway_MatchesConsul(t *testing.T) {
Namespace: "foobar",
TLS: capi.GatewayTLSConfig{
Enabled: true,
SDS: &capi.GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Listeners: []capi.IngressListener{
{
Port: 8888,
Protocol: "tcp",
TLS: &capi.GatewayTLSConfig{
Enabled: true,
SDS: &capi.GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Services: []capi.IngressService{
{
Name: "name1",
Expand Down Expand Up @@ -247,11 +269,22 @@ func TestIngressGateway_ToConsul(t *testing.T) {
Spec: IngressGatewaySpec{
TLS: GatewayTLSConfig{
Enabled: true,
SDS: &GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Listeners: []IngressListener{
{
Port: 8888,
Protocol: "tcp",
TLS: &GatewayTLSConfig{
Enabled: true,
SDS: &GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Services: []IngressService{
{
Name: "name1",
Expand Down Expand Up @@ -319,11 +352,22 @@ func TestIngressGateway_ToConsul(t *testing.T) {
Name: "name",
TLS: capi.GatewayTLSConfig{
Enabled: true,
SDS: &capi.GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Listeners: []capi.IngressListener{
{
Port: 8888,
Protocol: "tcp",
TLS: &capi.GatewayTLSConfig{
Enabled: true,
SDS: &capi.GatewayTLSSDSConfig{
ClusterName: "cluster1",
CertResource: "cert1",
},
},
Services: []capi.IngressService{
{
Name: "name1",
Expand Down
5 changes: 5 additions & 0 deletions control-plane/api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,25 @@ spec:
description: IngressListener manages the configuration for a listener
on a specific port.
properties:
gatewayTLSConfig:
description: TLS config for this listener.
properties:
enabled:
description: Indicates that TLS should be enabled for this
gateway service.
type: boolean
gatewayTLSSDSConfig:
description: SDS allows configuring TLS certificate from
an SDS service.
properties:
certResource:
type: string
clusterName:
type: string
type: object
required:
- enabled
type: object
port:
description: Port declares the port on which the ingress gateway
should listen for traffic.
Expand Down

0 comments on commit 53a6403

Please sign in to comment.