Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve secret handling #399

Merged
merged 1 commit into from
Oct 18, 2018
Merged

Improve secret handling #399

merged 1 commit into from
Oct 18, 2018

Commits on Oct 18, 2018

  1. Improve secret handling 

    - Simplify the secret handling logic.
- Change the secret handling logic. See below.

Changes:

1. An Ingress includes TLS termination, but the referenced
TLS Secret is missing in Kubernetes/invalid or goes missing/
becomes invalid. An Ingress can be a regular Ingress or a
mergeable Master.

Before: the Ingress resource was rejected.

Now: the Ingress resource is not rejected. Instead, the generated
config for that Ingress resource now includes the ssl_ciphers
directive set to "NULL", which makes NGINX break any attempt to
establish a TLS connection with the corresponding Ingress host.

2. An Ingress includes JWT auth, but the referenced JWK is
missing in Kubernetes/invalid or goes missing/becomes invalid.
An Ingress can be a regular Ingress, a mergeable Master or
a mergeable Minion.

Before: the Ingress resource was rejected.

Now. the Ingress resource is not rejected. However, the generated
config for that Ingress still references the JWK on the file system,
which does not exist. This makes NGINX Plus return a 500 response
for a request to the corresponding Ingress host (or the path of the
host for mergeable minions).
    @pleshakov
    pleshakov committed Oct 18, 2018
    Configuration menu
    Copy the full SHA
    7596444 View commit details
    Browse the repository at this point in the history