Skip to content

Commit d5588fd

Browse files
pdabelf5pdabelf5
committed
remove otel trusted cert code
1 parent 5e34cb8 commit d5588fd

File tree

2 files changed

+12
-33
lines changed

2 files changed

+12
-33
lines changed

internal/configs/configurator.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -826,11 +826,8 @@ func generateTLSPassthroughHostsConfig(tlsPassthroughPairs map[string]tlsPassthr
826826
// AddOrUpdateCASecret writes the secret content to disk returning the files added/updated
827827
func (cnf *Configurator) AddOrUpdateCASecret(secret *api_v1.Secret, crtFileName, crlFileName string) string {
828828
crtData, crlData := GenerateCAFileContent(secret)
829-
crlFilePath := ""
830829
crtFilePath := cnf.nginxManager.CreateSecret(crtFileName, crtData, nginx.ReadWriteOnlyFileMode)
831-
if len(crlData) > 0 {
832-
crlFilePath = cnf.nginxManager.CreateSecret(crlFileName, crlData, nginx.ReadWriteOnlyFileMode)
833-
}
830+
crlFilePath := cnf.nginxManager.CreateSecret(crlFileName, crlData, nginx.ReadWriteOnlyFileMode)
834831
return fmt.Sprintf("%s %s", crtFilePath, crlFilePath)
835832
}
836833

internal/k8s/controller.go

Lines changed: 11 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -102,12 +102,11 @@ type podEndpoint struct {
102102
}
103103

104104
type specialSecrets struct {
105-
defaultServerSecret string
106-
wildcardTLSSecret string
107-
licenseSecret string
108-
clientAuthSecret string
109-
mgmtTrustedCertSecret string
110-
otelTrustedCertSecret string
105+
defaultServerSecret string
106+
wildcardTLSSecret string
107+
licenseSecret string
108+
clientAuthSecret string
109+
trustedCertSecret string
111110
}
112111

113112
type controllerMetadata struct {
@@ -255,7 +254,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
255254
if input.IsNginxPlus {
256255
specialSecrets.licenseSecret = fmt.Sprintf("%s/%s", input.ControllerNamespace, input.NginxConfigurator.MgmtCfgParams.Secrets.License)
257256
specialSecrets.clientAuthSecret = fmt.Sprintf("%s/%s", input.ControllerNamespace, input.NginxConfigurator.MgmtCfgParams.Secrets.ClientAuth)
258-
specialSecrets.mgmtTrustedCertSecret = fmt.Sprintf("%s/%s", input.ControllerNamespace, input.NginxConfigurator.MgmtCfgParams.Secrets.TrustedCert)
257+
specialSecrets.trustedCertSecret = fmt.Sprintf("%s/%s", input.ControllerNamespace, input.NginxConfigurator.MgmtCfgParams.Secrets.TrustedCert)
259258
}
260259
lbc := &LoadBalancerController{
261260
client: input.KubeClient,
@@ -925,7 +924,7 @@ func (lbc *LoadBalancerController) updateAllConfigs() {
925924
if _, hasCRL := secret.Data[configs.CACrlKey]; hasCRL {
926925
lbc.configurator.MgmtCfgParams.Secrets.TrustedCRL = secret.Name
927926
}
928-
lbc.specialSecrets.mgmtTrustedCertSecret = fmt.Sprintf("%s/%s", secret.Namespace, secret.Name)
927+
lbc.specialSecrets.trustedCertSecret = fmt.Sprintf("%s/%s", secret.Namespace, secret.Name)
929928
lbc.handleSpecialSecretUpdate(secret, reloadNginx)
930929
}
931930
// update special ClientAuth secret in mgmtConfigParams
@@ -1844,9 +1843,7 @@ func (lbc *LoadBalancerController) isSpecialSecret(secretName string) bool {
18441843
return true
18451844
case lbc.specialSecrets.clientAuthSecret:
18461845
return true
1847-
case lbc.specialSecrets.mgmtTrustedCertSecret:
1848-
return true
1849-
case lbc.specialSecrets.otelTrustedCertSecret:
1846+
case lbc.specialSecrets.trustedCertSecret:
18501847
return true
18511848
default:
18521849
return false
@@ -1921,12 +1918,7 @@ func (lbc *LoadBalancerController) handleSpecialSecretUpdate(secret *api_v1.Secr
19211918
if ok := lbc.performNGINXReload(secret); !ok {
19221919
return
19231920
}
1924-
case lbc.specialSecrets.mgmtTrustedCertSecret:
1925-
lbc.updateAllConfigs()
1926-
if ok := lbc.performNGINXReload(secret); !ok {
1927-
return
1928-
}
1929-
case lbc.specialSecrets.otelTrustedCertSecret:
1921+
case lbc.specialSecrets.trustedCertSecret:
19301922
lbc.updateAllConfigs()
19311923
if ok := lbc.performNGINXReload(secret); !ok {
19321924
return
@@ -1952,9 +1944,7 @@ func (lbc *LoadBalancerController) writeSpecialSecrets(secret *api_v1.Secret, sp
19521944
return false
19531945
}
19541946
case secrets.SecretTypeCA:
1955-
if lbc.specialSecrets.mgmtTrustedCertSecret != "" {
1956-
lbc.configurator.AddOrUpdateCASecret(secret, fmt.Sprintf("mgmt/%s", configs.CACrtKey), fmt.Sprintf("mgmt/%s", configs.CACrlKey))
1957-
}
1947+
lbc.configurator.AddOrUpdateCASecret(secret, fmt.Sprintf("mgmt/%s", configs.CACrtKey), fmt.Sprintf("mgmt/%s", configs.CACrlKey))
19581948
case api_v1.SecretTypeTLS:
19591949
// if the secret name matches the specified
19601950
if secretNsName == mgmtClientAuthNamespaceName {
@@ -1991,7 +1981,7 @@ func (lbc *LoadBalancerController) specialSecretValidation(secretNsName string,
19911981
return false
19921982
}
19931983
}
1994-
if secretNsName == lbc.specialSecrets.mgmtTrustedCertSecret {
1984+
if secretNsName == lbc.specialSecrets.trustedCertSecret {
19951985
err := secrets.ValidateCASecret(secret)
19961986
if err != nil {
19971987
nl.Errorf(lbc.Logger, "Couldn't validate the special Secret %v: %v", secretNsName, err)
@@ -2007,14 +1997,6 @@ func (lbc *LoadBalancerController) specialSecretValidation(secretNsName string,
20071997
return false
20081998
}
20091999
}
2010-
if secretNsName == lbc.specialSecrets.otelTrustedCertSecret {
2011-
err := secrets.ValidateCASecret(secret)
2012-
if err != nil {
2013-
nl.Errorf(lbc.Logger, "Couldn't validate the special Secret %v: %v", secretNsName, err)
2014-
lbc.recorder.Eventf(lbc.metadata.pod, api_v1.EventTypeWarning, nl.EventReasonRejected, "the special Secret %v was rejected, using the previous version: %v", secretNsName, err)
2015-
return false
2016-
}
2017-
}
20182000
return true
20192001
}
20202002

0 commit comments

Comments
 (0)