Sort the Certificates by the secret name

Certificates for ingress rules are stored in Kubernetes secrets. This change sorts the certs based on the secret name they are stored in. When selecting a certificate for a hostname the first secret found is used.
acorn-io · May 26, 2022 · ec1d0d5 · ec1d0d5
1 parent a2eb1da
commit ec1d0d5
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pkg/controller/appdefinition/ingress.go b/pkg/controller/appdefinition/ingress.go
@@ -3,6 +3,7 @@ package appdefinition
 import (
 	"crypto/x509"
 	"encoding/pem"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -84,15 +85,21 @@ func getCerts(namespace string, req router.Request) ([]*TLSCert, error) {
 		result = append(result, cert)
 	}
 
+	sort.Slice(result, func(i, j int) bool {
+		return result[i].SecretName < result[j].SecretName
+	})
+
 	return result, nil
 }
 
 func getCertsForPublishedHosts(rules []networkingv1.IngressRule, certs []*TLSCert) (ingressTLS []networkingv1.IngressTLS) {
 	certSecretToHostMapping := map[string][]string{}
 	for _, rule := range rules {
 		for _, cert := range certs {
+			// Find the first cert and stop looking
 			if cert.certForThisDomain(rule.Host) {
 				certSecretToHostMapping[cert.SecretName] = append(certSecretToHostMapping[cert.SecretName], rule.Host)
+				break
 			}
 		}
 	}