Skip to content

Commit 30bcc0d

Browse files
pdabelf5pdabelf5
committed
Merge branch 'chore/np-136-replace-hardcoded-keys' of github.com:nginx/kubernetes-ingress into chore/np-136-replace-hardcoded-keys
2 parents 2eaefca + 47b0dd2 commit 30bcc0d

File tree

9 files changed

+710
-147
lines changed

9 files changed

+710
-147
lines changed

.gitignore

Lines changed: 161 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,164 @@ kube-local
6666
venv/
6767

6868
# generated tls certificates
69-
common-secrets/*
70-
!common-secrets/.gitkeep
71-
hack/cert-links
69+
# that gitignore file is at hack/.gitignore
70+
71+
# AUTO GENERATED SECTION BY CERTGEN (hack/tls-cert-gen/gitignore-gen.go), DO NOT EDIT BELOW
72+
73+
74+
75+
#TLS Certificate secrets
76+
common-secrets/tls-secret.yaml
77+
examples/custom-resources/api-key/cafe-secret.yaml
78+
examples/custom-resources/backup-directive/transport-server/app-tls-secret.yaml
79+
examples/custom-resources/backup-directive/virtual-server/cafe-secret.yaml
80+
examples/custom-resources/basic-auth/cafe-secret.yaml
81+
examples/custom-resources/basic-configuration/cafe-secret.yaml
82+
examples/custom-resources/cache-policy/cafe-secret.yaml
83+
examples/custom-resources/cross-namespace-configuration/cafe-secret.yaml
84+
examples/custom-resources/custom-ip-listeners/virtualserver/cafe-secret.yaml
85+
examples/custom-resources/custom-listeners/cafe-secret.yaml
86+
examples/custom-resources/external-dns/cafe-secret.yaml
87+
examples/custom-resources/externalname-services/transport-server/app-tls-secret.yaml
88+
examples/custom-resources/foreign-namespace-upstreams/cafe-secret.yaml
89+
examples/custom-resources/grpc-upstreams/greeter-secret.yaml
90+
examples/custom-resources/ingress-mtls/tls-secret.yaml
91+
examples/custom-resources/jwks/tls-secret.yaml
92+
examples/custom-resources/oidc-fclo/tls-secret.yaml
93+
examples/custom-resources/oidc/tls-secret.yaml
94+
examples/custom-resources/rate-limit-tiered-jwt-claim/cafe-secret.yaml
95+
examples/custom-resources/service-insight/service-insight-secret.yaml
96+
examples/custom-resources/tls-passthrough/app-tls-secret.yaml
97+
examples/custom-resources/transport-server-sni/cafe-secret.yaml
98+
examples/custom-resources/transport-server-sni/mongo-secret.yaml
99+
examples/ingress-resources/app-protect-dos/webapp-secret.yaml
100+
examples/ingress-resources/app-protect-waf/cafe-secret.yaml
101+
examples/ingress-resources/basic-auth/cafe-secret.yaml
102+
examples/ingress-resources/complete-example/cafe-secret.yaml
103+
examples/ingress-resources/mergeable-ingress-types/cafe-secret.yaml
104+
examples/ingress-resources/proxy-set-headers/mergeable-ingress/cafe-secret.yaml
105+
examples/ingress-resources/proxy-set-headers/standard-ingress/cafe-secret.yaml
106+
examples/ingress-resources/rate-limit/cafe-secret.yaml
107+
examples/ingress-resources/security-monitoring/cafe-secret.yaml
108+
tests/data/appprotect/appprotect-secret.yaml
109+
tests/data/dos/tls-secret.yaml
110+
tests/data/hsts/standard-tls/tls-secret.yaml
111+
tests/data/hsts/mergeable-tls/tls-secret.yaml
112+
tests/data/ingress-mtls/secret/tls-secret.yaml
113+
tests/data/mgmt-configmap-keys/ssl-cert.yaml
114+
tests/data/smoke/smoke-secret.yaml
115+
tests/data/upgrade-test-resources/secret.yaml
116+
tests/data/virtual-server-certmanager/tls-secret.yaml
117+
tests/data/virtual-server-grpc/tls-secret.yaml
118+
tests/data/virtual-server-route-grpc/tls-secret.yaml
119+
tests/data/watch-secret-namespace/tls-secret.yaml
120+
common-secrets/tls-secret-gb.yaml
121+
tests/data/tls/new-tls-secret.yaml
122+
tests/data/virtual-server-tls/new-tls-secret.yaml
123+
common-secrets/tls-secret-default.yaml
124+
examples/shared-examples/default-server-secret/default-server-secret.yaml
125+
tests/data/common/default-server-secret.yaml
126+
common-secrets/tls-secret-grpc.yaml
127+
tests/data/common/app/secure/secret/grpc-secret.yaml
128+
common-secrets/tls-secret-default-gb.yaml
129+
tests/data/default-server/new-tls-secret.yaml
130+
common-secrets/tls-secret-invalid.yaml
131+
tests/data/default-server/invalid-tls-secret.yaml
132+
common-secrets/tls-secret-us.yaml
133+
tests/data/tls/tls-secret.yaml
134+
tests/data/virtual-server-tls/tls-secret.yaml
135+
tests/data/prometheus/secret.yaml
136+
common-secrets/tls-secret-invalid-type-some.yaml
137+
tests/data/tls/invalid-tls-secret.yaml
138+
common-secrets/tls-secret-invalid-type-broken.yaml
139+
tests/data/wildcard-tls-secret/invalid-wildcard-tls-secret.yaml
140+
common-secrets/wildcard-tls-secret.yaml
141+
tests/data/wildcard-tls-secret/wildcard-tls-secret.yaml
142+
common-secrets/wildcard-tls-secret-gb.yaml
143+
tests/data/wildcard-tls-secret/gb-wildcard-tls-secret.yaml
144+
common-secrets/vs-tls-secret.yaml
145+
tests/data/ap-waf-grpc/tls-secret.yaml
146+
common-secrets/app-tls-secret.yaml
147+
tests/data/common/app/secure/secret/app-tls-secret.yaml
148+
tests/data/transport-server-tls-passthrough/standard/secure-app-secret.yaml
149+
tests/data/transport-server-backup-service/standard/secure-app-secret.yaml
150+
common-secrets/tls-secret-tcp-lb-cafe.yaml
151+
tests/data/transport-server-tcp-load-balance/new-tls-secret.yaml
152+
common-secrets/kic-tls-secret.yaml
153+
tests/data/transport-server-tcp-load-balance/tcp-tls-secret.yaml
154+
common-secrets/tls-secret-test.yaml
155+
tests/data/service-insight/secret.yaml
156+
common-secrets/invalid-tls-secret-sometype.yaml
157+
tests/data/virtual-server-tls/invalid-tls-secret.yaml
158+
common-secrets/cafe-secret.yaml
159+
tests/data/transport-server-with-host/cafe-secret.yaml
160+
common-secrets/ca-key-pair.yaml
161+
tests/data/virtual-server-certmanager/issuer-secret.yaml
162+
163+
#mTLS Bundle Certificate secrets
164+
common-secrets/test-egress-mtls-secret.yaml
165+
common-secrets/test-egress-tls-client-secret.yaml
166+
common-secrets/test-secure-app-tls-secret.yaml
167+
common-secrets/test-egress-mtls-secret-crl.yaml
168+
tests/data/egress-mtls/secret/egress-mtls-secret.yaml
169+
tests/data/egress-mtls/secret/egress-mtls-secret-crl.yaml
170+
tests/data/egress-mtls/secret/tls-secret.yaml
171+
tests/data/common/app/secure-ca/app-tls-secret.yaml
172+
common-secrets/example-egress-trusted-ca-secret.yaml
173+
common-secrets/example-egress-mtls-client-secret.yaml
174+
common-secrets/example-secure-app-tls-secret.yaml
175+
common-secrets/example-egress-trusted-ca-secret-crl.yaml
176+
examples/custom-resources/egress-mtls/egress-trusted-ca-secret.yaml
177+
examples/custom-resources/egress-mtls/egress-trusted-ca-secret-crl.yaml
178+
examples/custom-resources/egress-mtls/egress-mtls-secret.yaml
179+
examples/custom-resources/egress-mtls/secure-app-tls-secret.yaml
180+
181+
#TLS Certificate secrets
182+
common-secrets/cafe-passwd-basic-auth-secret.yaml
183+
examples/ingress-resources/basic-auth/cafe-passwd.yaml
184+
examples/custom-resources/basic-auth/cafe-passwd.yaml
185+
common-secrets/auth-basic-master-htpasswd-basic-auth-secret.yaml
186+
tests/data/auth-basic-auth-mergeable/auth-basic-master-secret.yaml
187+
common-secrets/auth-basic-master-htpasswd-basic-auth-secret-updated.yaml
188+
tests/data/auth-basic-auth-mergeable/auth-basic-master-secret-updated.yaml
189+
common-secrets/auth-basic-minion-htpasswd-basic-auth-secret.yaml
190+
tests/data/auth-basic-auth-mergeable/auth-basic-minion-secret.yaml
191+
common-secrets/auth-basic-minion-htpasswd-basic-auth-secret-updated.yaml
192+
tests/data/auth-basic-auth-mergeable/auth-basic-minion-secret-updated.yaml
193+
common-secrets/auth-basic-policy-htpasswd-secret-invalid.yaml
194+
tests/data/auth-basic-policy/secret/htpasswd-secret-invalid.yaml
195+
common-secrets/auth-basic-policy-htpasswd-secret-empty.yaml
196+
tests/data/auth-basic-policy/secret/htpasswd-secret-valid-empty.yaml
197+
common-secrets/auth-basic-policy-htpasswd-secret-valid.yaml
198+
tests/data/auth-basic-policy/secret/htpasswd-secret-valid.yaml
199+
common-secrets/auth-basic-secrets-htpasswd-secret.yaml
200+
tests/data/auth-basic-secrets/auth-basic-secret.yaml
201+
common-secrets/auth-basic-secrets-htpasswd-secret-updated.yaml
202+
tests/data/auth-basic-secrets/auth-basic-secret-updated.yaml
203+
common-secrets/auth-basic-secrets-htpasswd-secret-invalid.yaml
204+
tests/data/auth-basic-secrets/auth-basic-secret-invalid.yaml
205+
206+
#Jwks secrets
207+
common-secrets/example-jwt-jwks-secret.yaml
208+
examples/custom-resources/jwt/jwk-secret.yaml
209+
common-secrets/tests-jwt-master-jwk.yaml
210+
tests/data/jwt-auth-mergeable/jwt-master-secret.yaml
211+
common-secrets/tests-jwt-master-jwk-updated.yaml
212+
tests/data/jwt-auth-mergeable/jwt-master-secret-updated.yaml
213+
common-secrets/tests-jwt-minion-jwk.yaml
214+
tests/data/jwt-auth-mergeable/jwt-minion-secret.yaml
215+
common-secrets/tests-jwt-minion-jwk-updated.yaml
216+
tests/data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml
217+
common-secrets/tests-jwt-policy-invalid-jwk.yaml
218+
tests/data/jwt-policy/secret/jwk-secret-invalid.yaml
219+
common-secrets/tests-jwt-policy-valid-jwk.yaml
220+
tests/data/jwt-policy/secret/jwk-secret-valid.yaml
221+
common-secrets/tests-jwt-secret-invalid-jwk.yaml
222+
tests/data/jwt-secrets/jwt-secret-invalid.yaml
223+
common-secrets/tests-jwt-secret-valid-jwk.yaml
224+
tests/data/jwt-secrets/jwt-secret.yaml
225+
common-secrets/tests-jwt-secret-updated-jwk.yaml
226+
tests/data/jwt-secrets/jwt-secret-updated.yaml
227+
228+
229+
# END CERTGEN SECTION. YOU MAY EDIT BELOW

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ require (
2121
github.com/stretchr/testify v1.11.1
2222
go.opentelemetry.io/otel v1.38.0
2323
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
24+
golang.org/x/crypto v0.45.0
2425
k8s.io/api v0.34.2
2526
k8s.io/apiextensions-apiserver v0.34.2
2627
k8s.io/apimachinery v0.34.2
@@ -177,7 +178,6 @@ require (
177178
go.uber.org/zap v1.27.0 // indirect
178179
go.yaml.in/yaml/v2 v2.4.3 // indirect
179180
go.yaml.in/yaml/v3 v3.0.4 // indirect
180-
golang.org/x/crypto v0.45.0 // indirect
181181
golang.org/x/mod v0.29.0 // indirect
182182
golang.org/x/net v0.47.0 // indirect
183183
golang.org/x/oauth2 v0.31.0 // indirect

0 commit comments

Comments
 (0)