Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for TLS termination policies to OpenShift Routes #1089

Merged
merged 7 commits into from
Nov 29, 2023
Merged

feat: add support for TLS termination policies to OpenShift Routes #1089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3dc46aa
feat: add support for TLS termination policies to OpenShift Routes
Soumil-07 Sep 11, 2023
9ed2ef8
fix: resolve logical error with switch case statements
Soumil-07 Sep 11, 2023
fd896e8
Merge branch 'main' into feat/tls-termination-policy
HarikrishnanBalagopal Sep 24, 2023
5c2a841
Merge branch 'main' into feat/tls-termination-policy
HarikrishnanBalagopal Sep 28, 2023
2fc3393
Merge branch 'main' into feat/tls-termination-policy
HarikrishnanBalagopal Oct 6, 2023
f73efa0
fix: requested changes
Soumil-07 Nov 28, 2023
5c0e779
Merge branch 'main' into feat/tls-termination-policy
HarikrishnanBalagopal Nov 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions common/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,16 @@ const (
ConfigIngressHostKeySuffix = IngressKey + d + "host"
//ConfigIngressTLSKeySuffix represents ingress tls Key
ConfigIngressTLSKeySuffix = IngressKey + d + "tls"
//RouteKey represents route keyword
RouteKey = "route"
//TLSKey represents TLS keyword
TLSKey = "tls"
//ConfigRouteTLSTerminationPolicy represents the Route's TLS Termination Policy
ConfigRouteTLSTerminationPolicy = RouteKey + d + TLSKey + d + "terminationpolicy"
//ConfigRouteTLSKeyKey represents the Route's TLS Key
ConfigRouteTLSKeyKey = RouteKey + d + TLSKey + d + "key"
//ConfigRouteTLSCertificateKey represents the Route's TLS Certificate
ConfigRouteTLSCertificateKey = RouteKey + d + TLSKey + d + "certificate"
//ConfigTargetClusterTypeKey represents target cluster type key
ConfigTargetClusterTypeKey = ConfigTargetKey + d + "clustertype"
//ConfigImageRegistryKey represents image registry Key
Expand Down
30 changes: 28 additions & 2 deletions transformer/kubernetes/apiresource/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,10 @@ func (d *Service) createRoutes(service irtypes.Service, ir irtypes.EnhancedIR, t
if relPaths[i] == "" {
continue
}
route := d.createRoute(ir.Name, service, servicePort, hostPrefixes[i], relPaths[i], ir, targetCluster)
desc := "Select a TLS termination policy for the route. (default: passthrough)"
options := []string{string(okdroutev1.TLSTerminationEdge), string(okdroutev1.TLSTerminationPassthrough), string(okdroutev1.TLSTerminationReencrypt)}
terminationPolicy := qaengine.FetchSelectAnswer(common.ConfigRouteTLSTerminationPolicy, desc, nil, string(okdroutev1.TLSTerminationPassthrough), options, nil)
route := d.createRoute(ir.Name, service, servicePort, hostPrefixes[i], relPaths[i], ir, targetCluster, okdroutev1.TLSTerminationType(terminationPolicy))
routes = append(routes, route)
}
return routes
Expand All @@ -311,7 +314,7 @@ func (d *Service) createRoutes(service irtypes.Service, ir irtypes.EnhancedIR, t
// [https://bugzilla.redhat.com/show_bug.cgi?id=1773682]
// Can't use https because of this https://github.com/openshift/origin/issues/2162
// When service has multiple ports,the route needs a port name. Port number doesn't seem to work.
func (d *Service) createRoute(irName string, service irtypes.Service, port core.ServicePort, hostprefix, path string, ir irtypes.EnhancedIR, targetCluster collecttypes.ClusterMetadata) *okdroutev1.Route {
func (d *Service) createRoute(irName string, service irtypes.Service, port core.ServicePort, hostprefix, path string, ir irtypes.EnhancedIR, targetCluster collecttypes.ClusterMetadata, tlsTerminationKind okdroutev1.TLSTerminationType) *okdroutev1.Route {
weight := int32(1) //Hard-coded to 1 to avoid Helm v3 errors
ingressArray := []okdroutev1.RouteIngress{{Host: ""}} //Hard-coded to empty string to avoid Helm v3 errors

Expand Down Expand Up @@ -340,6 +343,7 @@ func (d *Service) createRoute(irName string, service irtypes.Service, port core.
Name: service.Name,
Weight: &weight,
},
TLS: d.getTlsConfig(tlsTerminationKind),
Port: &okdroutev1.RoutePort{TargetPort: intstr.IntOrString{Type: intstr.String, StrVal: port.Name}},
},
Status: okdroutev1.RouteStatus{
Expand Down Expand Up @@ -534,3 +538,25 @@ func (d *Service) getExposeInfo(service irtypes.Service) (servicePorts []core.Se
func (d *Service) getHostName(irName string) string {
return irName + ".com"
}

func (d *Service) getTlsConfig(tlsTerminationKind okdroutev1.TLSTerminationType) *okdroutev1.TLSConfig {
switch tlsTerminationKind {
case okdroutev1.TLSTerminationPassthrough, okdroutev1.TLSTerminationReencrypt:
return &okdroutev1.TLSConfig{
Termination: tlsTerminationKind,
}
case okdroutev1.TLSTerminationEdge:
keyDesc := "Enter the contents of the TLS Key. (PEM Format)"
key := qaengine.FetchMultilineInputAnswer(common.ConfigRouteTLSKeyKey, keyDesc, nil, "", nil)
certDesc := "Enter the contents of the TLS Certificate. (PEM Format)"
cert := qaengine.FetchMultilineInputAnswer(common.ConfigRouteTLSCertificateKey, certDesc, nil, "", nil)

return &okdroutev1.TLSConfig{
Termination: tlsTerminationKind,
Key: key,
Certificate: cert,
}
}

return nil // unreachable
}
Loading