updating doc and fixes nginx passthrough

Author: jshum2479

documentation/staging/content/navigate/kubernetes/k8s-ingress-controller.md

@@ -50,7 +50,7 @@ cluster attempts to pull the image and start the container.
 To create this secret, enable `Create Docker Hub Secret` and fill in the pull secret data in the `Docker Hub Username`, `Docker Hub Password`,
 and `Docker Hub Email Address` fields.
 - For NGINX ingress controller, if you desire to have SSL pass through ingress route, enable `
-  Allow SSL pass through to target service`.
+  Allow SSL pass through to target service`.  
 
 #### TLS Secret for Ingress Routes
 Use this pane to configure the Transport Layer Security (TLS) secret containing the certificate and private key data that will be used by the
@@ -91,12 +91,13 @@ When editing a route:
 - Specify transport option for the ingress route.
     * Select `Plain HTTP` for unencrypted traffic from client through ingress controller to the target service
     * Select `SSL terminate at ingress controller` for SSL 
-      terminate 
+      terminating 
       at ingress controller and then unencrypted traffic from ingress controller to target service.  Check `Is 
       target service WebLogic Console?
       ` if the target service is `WebLogic Console` service.  
     * Select `SSL pass through` for SSL traffic pass through ingress 
-      controller and terminate at target service.  Make sure the `Target Port` is SSL port.
+      controller and terminate at target service.  If you select this option, all SSL traffic from the `Virtual Host` 
+      will be routed to the target service.  Make sure the `Target Port` supports SSL.
 - Use the `Ingress Route Annotations` table to
 add annotations to the ingress route, as needed.  Do not remove any pre-populated annotations.
 

webui/src/js/utils/ingress-resource-generator.js

@@ -78,6 +78,10 @@ define(['models/wkt-project', 'js-yaml'],
       createNginxRoutesAsYaml(item) {
         const namespace = item['targetServiceNameSpace'] || 'default';
         const version = window.api.process.getVersion();
+        let path = item['path'];
+        if (this.isSSLPassThrough(item)) {
+          path = '/';
+        }
 
         const result = {
           apiVersion: 'networking.k8s.io/v1',
@@ -101,7 +105,7 @@ define(['models/wkt-project', 'js-yaml'],
                           }
                         }
                       },
-                      path: item['path'],
+                      path: path,
                       pathType: 'Prefix'
                     }
                   ]
@@ -110,21 +114,23 @@ define(['models/wkt-project', 'js-yaml'],
             ]
           }
         };
-        this.addTlsSpec(result, item);
+        // No need to set TLS if passthrough
+        if (!this.isSSLPassThrough(item)) {
+          this.addTlsSpec(result, item);
+        }
+
         this.addVirtualHost(result, item);
 
         if (this.isSSLTerminateAtIngress(item)) {
-          if (item['isConsoleService']) {
-            if (!('annotations' in item)) {
-              item['annotations'] = {};
-            }
-            // must have nl at the end
-            item.annotations['nginx.ingress.kubernetes.io/configuration-snippet'] = 'more_clear_input_headers' +
+          if (!('annotations' in item)) {
+            item['annotations'] = {};
+          }
+          // must have nl at the end
+          item.annotations['nginx.ingress.kubernetes.io/configuration-snippet'] = 'more_clear_input_headers' +
               ' "WL-Proxy-Client-IP" "WL-Proxy-SSL";\n'
               + 'more_set_input_headers "X-Forwarded-Proto: https";\n'
               + 'more_set_input_headers "WL-Proxy-SSL: true";\n';
-            item.annotations['nginx.ingress.kubernetes.io/ingress.allow-http'] = 'false';
-          }
+          item.annotations['nginx.ingress.kubernetes.io/ingress.allow-http'] = 'false';
         }
 
         this.addAnnotations(result, item);
@@ -139,15 +145,15 @@ define(['models/wkt-project', 'js-yaml'],
         }
       }
 
-      isTraefikSSLPassThrough(item) {
+      isSSLPassThrough(item) {
         if (item && item['tlsOption'] === 'ssl_passthrough') {
           return true;
         } else {
           return false;
         }
       }
 
-      isTraefikPlain(item) {
+      isPlainHTTP(item) {
         if (item && item['tlsOption'] === 'plain') {
           return true;
         } else {
@@ -251,7 +257,7 @@ define(['models/wkt-project', 'js-yaml'],
           result.spec.tls = { secretName: item['tlsSecretName'] };
         }
         // SSL passthrough
-        if (this.project.ingress.specifyIngressTLSSecret.value && this.isTraefikSSLPassThrough(item)) {
+        if (this.project.ingress.specifyIngressTLSSecret.value && this.isSSLPassThrough(item)) {
           const obj = { passthrough: true };
           result.spec.tls = [ obj ];
 
@@ -278,14 +284,14 @@ define(['models/wkt-project', 'js-yaml'],
 
       addTlsSpec(result, item) {
         // If the Ingress TLS secret is not enabled, do not add the ingress TLS secret name even if it exists.
-        if (this.project.ingress.specifyIngressTLSSecret.value && !this.isTraefikPlain(item)) {
+        if (this.project.ingress.specifyIngressTLSSecret.value && !this.isPlainHTTP(item)) {
           if (!item['tlsSecretName']) {
             item['tlsSecretName'] = this.project.ingress.ingressTLSSecretName.value;
           }
 
           const obj = { secretName: item['tlsSecretName'] };
           if (item['virtualHost']) {
-            obj['hosts'] = item['virtualHost'];
+            obj['hosts'] = [ item['virtualHost'] ];
           }
           result.spec.tls = [ obj ];
         }