From 0d666397a9ee3d982371b61cd6b361a833094bf0 Mon Sep 17 00:00:00 2001 From: andrew Date: Tue, 21 May 2024 15:50:26 +0700 Subject: [PATCH] =?UTF-8?q?=E2=9A=A1=20update=20SNI=20cert=20&&=20handle?= =?UTF-8?q?=20error?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 2 +- go.sum | 2 ++ pkg/ingress/controller/controller.go | 6 ++++- pkg/utils/vngcloud/loadbalancer.go | 4 +-- pkg/utils/vngcloud/loadbalancer_listener.go | 4 +-- pkg/utils/vngcloud/loadbalancer_pool.go | 4 +-- pkg/utils/vngcloud/loadbalancer_utils.go | 30 +++++++++++++++++---- pkg/utils/vngcloud/security_group.go | 5 +++- 8 files changed, 43 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index faffa70..672bbec 100755 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.18.2 - github.com/vngcloud/vngcloud-go-sdk v1.0.6 + github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b gopkg.in/gcfg.v1 v1.2.3 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 diff --git a/go.sum b/go.sum index 2511683..9321d20 100755 --- a/go.sum +++ b/go.sum @@ -231,6 +231,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/vngcloud/vngcloud-go-sdk v1.0.6 h1:AU7cNVUq0LZ2pNyKbr7+qfE+/+6U0GnbBvwGHRV+OYk= github.com/vngcloud/vngcloud-go-sdk v1.0.6/go.mod h1:3ZjgN6oq5o7sYrShj2dOPOBF3cqWk6IW+/0VVpJWYf4= +github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b h1:WUU4MuMeXakkmlD3Qlt0IanlNpxgTihTy1PrI9VWqDg= +github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b/go.mod h1:3ZjgN6oq5o7sYrShj2dOPOBF3cqWk6IW+/0VVpJWYf4= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/pkg/ingress/controller/controller.go b/pkg/ingress/controller/controller.go index 6cb1d0a..b811a8d 100644 --- a/pkg/ingress/controller/controller.go +++ b/pkg/ingress/controller/controller.go @@ -958,8 +958,12 @@ func (c *Controller) inspectIngress(ing *nwv1.Ingress) (*Expander, error) { return nil, vErrors.ErrNoCertificateFound } else { listenerHttpsOpts := serviceConf.CreateListenerOptions(true) - listenerHttpsOpts.CertificateAuthorities = &(serviceConf.CertificateIDs) listenerHttpsOpts.DefaultCertificateAuthority = &(serviceConf.CertificateIDs[0]) + if len(serviceConf.CertificateIDs) > 1 { + listenerHttpsOpts.CertificateAuthorities = PointerOf[[]string](serviceConf.CertificateIDs[1:]) + } else { + listenerHttpsOpts.CertificateAuthorities = PointerOf[[]string]([]string{}) + } listenerHttpsOpts.ClientCertificate = PointerOf[string]("") ingressInspect.ListenerExpander = append(ingressInspect.ListenerExpander, &utils.ListenerExpander{ CreateOpts: *listenerHttpsOpts, diff --git a/pkg/utils/vngcloud/loadbalancer.go b/pkg/utils/vngcloud/loadbalancer.go index bf73c5b..f1065a0 100644 --- a/pkg/utils/vngcloud/loadbalancer.go +++ b/pkg/utils/vngcloud/loadbalancer.go @@ -61,8 +61,8 @@ func DeleteLB(client *client.ServiceClient, projectID string, lbID string) error var err error for { - err = loadbalancer.Delete(client, opt) - if err != nil && IsLoadBalancerNotReady(err) { + errSdk := loadbalancer.Delete(client, opt) + if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) { klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds") time.Sleep(5 * time.Second) continue diff --git a/pkg/utils/vngcloud/loadbalancer_listener.go b/pkg/utils/vngcloud/loadbalancer_listener.go index 9e35f95..e273e15 100644 --- a/pkg/utils/vngcloud/loadbalancer_listener.go +++ b/pkg/utils/vngcloud/loadbalancer_listener.go @@ -46,8 +46,8 @@ func DeleteListener(client *client.ServiceClient, projectID string, lbID, listen var err error for { - err = listener.Delete(client, opt) - if err != nil && IsLoadBalancerNotReady(err) { + errSdk := listener.Delete(client, opt) + if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) { klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds") time.Sleep(5 * time.Second) continue diff --git a/pkg/utils/vngcloud/loadbalancer_pool.go b/pkg/utils/vngcloud/loadbalancer_pool.go index d72fa72..f554528 100644 --- a/pkg/utils/vngcloud/loadbalancer_pool.go +++ b/pkg/utils/vngcloud/loadbalancer_pool.go @@ -101,8 +101,8 @@ func DeletePool(client *client.ServiceClient, projectID string, lbID, poolID str var err error for { - err = pool.Delete(client, opt) - if err != nil && IsLoadBalancerNotReady(err) { + errSdk := pool.Delete(client, opt) + if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) { klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds") time.Sleep(5 * time.Second) continue diff --git a/pkg/utils/vngcloud/loadbalancer_utils.go b/pkg/utils/vngcloud/loadbalancer_utils.go index 159cffb..085b8da 100644 --- a/pkg/utils/vngcloud/loadbalancer_utils.go +++ b/pkg/utils/vngcloud/loadbalancer_utils.go @@ -234,9 +234,7 @@ func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.Create TimeoutConnection: lisOptions.TimeoutConnection, DefaultPoolId: *lisOptions.DefaultPoolId, DefaultCertificateAuthority: lisOptions.DefaultCertificateAuthority, - // Headers: lisOptions.Headers, - // ClientCertificate: lisOptions.ClientCertificateAuthentication, - // ......................................... update later + CertificateAuthorities: lisOptions.CertificateAuthorities, } if ilis.AllowedCidrs != lisOptions.AllowedCidrs || ilis.TimeoutClient != lisOptions.TimeoutClient || @@ -249,11 +247,33 @@ func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.Create klog.Infof("listener need update default pool id: %s", *lisOptions.DefaultPoolId) isNeedUpdate = true } - if lisOptions.DefaultCertificateAuthority != nil && (ilis.DefaultCertificateAuthority == nil || *(ilis.DefaultCertificateAuthority) != *(lisOptions.DefaultCertificateAuthority)) { + if lisOptions.DefaultCertificateAuthority != nil && + (ilis.DefaultCertificateAuthority == nil || *(ilis.DefaultCertificateAuthority) != *(lisOptions.DefaultCertificateAuthority)) { klog.Infof("listener need update default certificate authority: %s", *lisOptions.DefaultCertificateAuthority) isNeedUpdate = true } - // update cert SNI here ....................................................... + + if len(ilis.CertificateAuthorities) > 0 && lisOptions.CertificateAuthorities == nil { + isNeedUpdate = true + } else if lisOptions.CertificateAuthorities != nil { + if len(ilis.CertificateAuthorities) != len(*lisOptions.CertificateAuthorities) { + klog.Infof("listener need update certificate authorities") + isNeedUpdate = true + } else { + maps := make(map[string]bool) + for _, ca := range ilis.CertificateAuthorities { + maps[ca] = true + } + for _, ca := range *lisOptions.CertificateAuthorities { + if _, ok := maps[ca]; !ok { + klog.Infof("listener need update certificate authorities") + isNeedUpdate = true + break + } + } + } + } + if !isNeedUpdate { return nil } diff --git a/pkg/utils/vngcloud/security_group.go b/pkg/utils/vngcloud/security_group.go index aa21fa4..2ad0c31 100644 --- a/pkg/utils/vngcloud/security_group.go +++ b/pkg/utils/vngcloud/security_group.go @@ -58,5 +58,8 @@ func CreateSecurityGroup(client *client.ServiceClient, projectID string, name st opt.Name = name opt.Description = description resp, err := secgroup.Create(client, opt) - return resp, err + if err != nil { + return nil, err.Error + } + return resp, nil }