Commit dd42468f authored by Cezar Sá Espinola's avatar Cezar Sá Espinola Committed by Cezar Sá Espinola

Always add https port to service even though it might not be available

This is a mitigation for cloud providers in which changing the existing
ports of a LoadBalancer might be problematic or cause downtime.
parent 0aa465f7
Pipeline #65257718 failed with stages
in 8 minutes and 5 seconds
......@@ -44,13 +44,20 @@ func TestReconcileNginx_reconcileService(t *testing.T) {
assert.NoError(t, err)
assert.NotNil(t, got)
expectedPorts := []corev1.ServicePort{
corev1.ServicePort{
{
Name: "http",
TargetPort: intstr.FromString("http"),
Protocol: corev1.ProtocolTCP,
NodePort: int32(0),
Port: int32(80),
},
{
Name: "https",
TargetPort: intstr.FromString("https"),
Protocol: corev1.ProtocolTCP,
NodePort: int32(0),
Port: int32(443),
},
}
assert.Equal(t, expectedPorts, got.Spec.Ports)
},
......@@ -82,6 +89,13 @@ func TestReconcileNginx_reconcileService(t *testing.T) {
},
Spec: corev1.ServiceSpec{
Ports: []corev1.ServicePort{
{
Name: "https",
TargetPort: intstr.FromString("https"),
Protocol: corev1.ProtocolTCP,
Port: int32(443),
NodePort: int32(30667),
},
{
Name: "http",
Protocol: corev1.ProtocolTCP,
......@@ -107,7 +121,7 @@ func TestReconcileNginx_reconcileService(t *testing.T) {
Name: "https",
TargetPort: intstr.FromString("https"),
Protocol: corev1.ProtocolTCP,
NodePort: int32(0),
NodePort: int32(30667),
Port: int32(443),
},
}
......
......@@ -80,6 +80,11 @@ func NewDeployment(n *v1alpha1.Nginx) (*appv1.Deployment, error) {
ContainerPort: defaultHTTPPort,
Protocol: corev1.ProtocolTCP,
},
{
Name: defaultHTTPSPortName,
ContainerPort: defaultHTTPSPort,
Protocol: corev1.ProtocolTCP,
},
},
Resources: n.Spec.PodTemplate.Resources,
ReadinessProbe: &corev1.Probe{
......@@ -155,20 +160,18 @@ func NewService(n *v1alpha1.Nginx) *corev1.Service {
TargetPort: intstr.FromString(defaultHTTPPortName),
Port: int32(80),
},
{
Name: defaultHTTPSPortName,
Protocol: corev1.ProtocolTCP,
TargetPort: intstr.FromString(defaultHTTPSPortName),
Port: int32(443),
},
},
Selector: LabelsForNginx(n.Name),
LoadBalancerIP: lbIP,
Type: nginxService(n),
},
}
if n.Spec.Certificates != nil {
service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{
Name: defaultHTTPSPortName,
Protocol: corev1.ProtocolTCP,
TargetPort: intstr.FromString(defaultHTTPSPortName),
Port: int32(443),
})
}
return &service
}
......@@ -264,11 +267,6 @@ func setupTLS(secret *v1alpha1.TLSSecret, dep *appv1.Deployment) {
return
}
dep.Spec.Template.Spec.Containers[0].Ports = append(dep.Spec.Template.Spec.Containers[0].Ports, corev1.ContainerPort{
Name: defaultHTTPSPortName,
ContainerPort: defaultHTTPSPort,
Protocol: corev1.ProtocolTCP,
})
dep.Spec.Template.Spec.Containers[0].ReadinessProbe = &corev1.Probe{
Handler: corev1.Handler{
HTTPGet: &corev1.HTTPGetAction{
......@@ -286,10 +284,10 @@ func setupTLS(secret *v1alpha1.TLSSecret, dep *appv1.Deployment) {
var items []corev1.KeyToPath
for _, item := range secret.Items {
items = append(items, corev1.KeyToPath{
Key: item.CertificateField,
Key: item.CertificateField,
Path: valueOrDefault(item.CertificatePath, item.CertificateField),
}, corev1.KeyToPath{
Key: item.KeyField,
Key: item.KeyField,
Path: valueOrDefault(item.KeyPath, item.KeyField),
})
}
......@@ -299,7 +297,7 @@ func setupTLS(secret *v1alpha1.TLSSecret, dep *appv1.Deployment) {
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secret.SecretName,
Items: items,
Items: items,
},
},
})
......
......@@ -37,7 +37,7 @@ func nginxWithService() v1alpha1.Nginx {
func nginxWithCertificate() v1alpha1.Nginx {
n := baseNginx()
n.Spec.Certificates = &v1alpha1.TLSSecret{
SecretName: "my-secret",
SecretName: "my-secret",
Items: []v1alpha1.TLSSecretItem{
{
KeyField: "key-field",
......@@ -88,6 +88,11 @@ func baseDeployment() appv1.Deployment {
ContainerPort: defaultHTTPPort,
Protocol: corev1.ProtocolTCP,
},
{
Name: defaultHTTPSPortName,
ContainerPort: defaultHTTPSPort,
Protocol: corev1.ProtocolTCP,
},
},
ReadinessProbe: &corev1.Probe{
Handler: corev1.Handler{
......@@ -222,7 +227,7 @@ func Test_NewDeployment(t *testing.T) {
name: "with-tls",
nginxFn: func(n v1alpha1.Nginx) v1alpha1.Nginx {
n.Spec.Certificates = &v1alpha1.TLSSecret{
SecretName: "my-secret",
SecretName: "my-secret",
Items: []v1alpha1.TLSSecretItem{
{
CertificateField: "cert-field",
......@@ -284,7 +289,7 @@ func Test_NewDeployment(t *testing.T) {
Items: []v1alpha1.TLSSecretItem{
{
CertificateField: "cert.crt",
KeyField: "cert.key",
KeyField: "cert.key",
},
},
}
......@@ -336,15 +341,15 @@ func Test_NewDeployment(t *testing.T) {
name: "with-two-certificates",
nginxFn: func(n v1alpha1.Nginx) v1alpha1.Nginx {
n.Spec.Certificates = &v1alpha1.TLSSecret{
SecretName: "my-secret",
SecretName: "my-secret",
Items: []v1alpha1.TLSSecretItem{
{
CertificateField: "rsa.crt.pem",
CertificateField: "rsa.crt.pem",
KeyField: "rsa.key.pem",
},
{
CertificateField: "ecdsa.crt.pem",
KeyField: "ecdsa.key.pem",
KeyField: "ecdsa.key.pem",
},
},
}
......@@ -574,6 +579,12 @@ func TestNewService(t *testing.T) {
TargetPort: intstr.FromString("http"),
Port: int32(80),
},
{
Name: "https",
Protocol: corev1.ProtocolTCP,
TargetPort: intstr.FromString("https"),
Port: int32(443),
},
},
Selector: map[string]string{
"nginx_cr": "my-nginx",
......@@ -607,6 +618,12 @@ func TestNewService(t *testing.T) {
TargetPort: intstr.FromString("http"),
Port: int32(80),
},
{
Name: "https",
Protocol: corev1.ProtocolTCP,
TargetPort: intstr.FromString("https"),
Port: int32(443),
},
},
Selector: map[string]string{
"nginx_cr": "my-nginx",
......@@ -694,6 +711,12 @@ func TestNewService(t *testing.T) {
TargetPort: intstr.FromString("http"),
Port: int32(80),
},
{
Name: "https",
Protocol: corev1.ProtocolTCP,
TargetPort: intstr.FromString("https"),
Port: int32(443),
},
},
Selector: map[string]string{
"nginx_cr": "my-nginx",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment