Skip to content
This repository has been archived by the owner on Apr 17, 2019. It is now read-only.

Create firewall rule, update certs when secrets are updated #791

Merged
merged 6 commits into from
Apr 28, 2016
Merged

Create firewall rule, update certs when secrets are updated #791

merged 6 commits into from
Apr 28, 2016

Conversation

bprashanth
Copy link

Fixes #1 on https://github.com/kubernetes/contrib/blob/master/ingress/controllers/gce/BETA_LIMITATIONS.md.

Also allows certificate update when the Kubernetes secret changes, and contains changes in preperation for running the controller on the master.

Assigning to Minhan, @kubernetes/goog-cluster fyi

This was referenced Apr 18, 2016
Merged
Closed
@bprashanth bprashanth mentioned this pull request Apr 19, 2016
Closed
@bprashanth
Copy link
Author

@freehan tests passed

freehan
freehan reviewed Apr 27, 2016
View reviewed changes
ingress/controllers/gce/firewalls/firewalls.go
netset "k8s.io/kubernetes/pkg/util/net/sets"
)

// Src range from which the GCE L7 performs health checks.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: add link to doc here https://cloud.google.com/compute/docs/load-balancing/health-checks#health_check_source_ips_and_firewall_rules

I have no idea where is it come from in my first glance.

@freehan
Copy link
Contributor

freehan commented Apr 28, 2016

LGTM. Sorry for keep you waiting.

@freehan freehan added the lgtm Indicates that a PR is ready to be merged. label Apr 28, 2016
@bprashanth
Copy link
Author

Thanks!

@bprashanth bprashanth merged commit e51c08a into kubernetes-retired:master Apr 28, 2016
k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this pull request May 7, 2016
Merge pull request #24391 from bprashanth/ing_templated_controller
2b46c4b 
Automatic merge from submit-queue

Template the ingress controller 

We still need kubernetes-retired/contrib#791 to run the controller as a static pod
ref #23663
@aknuds1
Copy link

aknuds1 commented May 18, 2016

Eagerly waiting on this to make its way into GKE. AFAICT TLS secret changes aren't currently applied.

@zhaytee
Copy link

zhaytee commented Mar 15, 2017

Did this ever make it into GKE? It's a critical requirement for any production service using Ingress objects on GKE and LetsEncrypt TLS certs (which need to be rotated out every 90 days).

@gkop
Copy link

gkop commented Mar 17, 2017

I just tried a simple apply on an edited secret, and yes it worked. The web console and gcloud compute ssl-certificates list reported the change right away, and the load balancer started serving it up in about 10 minutes. It would be nice to have this officially documented! Especially because there are other corners of k8s where changes to secrets aren't automatically picked up, like deployments, so we don't take it for granted.

@evanj
Copy link

evanj commented Jun 20, 2017
edited
Loading

I can verify the same thing, although in my case gcloud compute ssl-certificates list did not reflect the change immediately. It appeared that nothing happened, but after about ~10 minutes or so the change was applied in all the UIs and on the load balancer itself. Seamless!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@bprashanth @freehan @aknuds1 @zhaytee @gkop @evanj @googlebot