Support custom ssl chiphers

Signed-off-by: Tamal Saha <tamal@appscode.com>

.config/api-rules/violation_exceptions.list

@@ -165,6 +165,7 @@ API rule violation: list_type_missing,voyagermesh.dev/apimachinery/apis/voyager/
 API rule violation: list_type_missing,voyagermesh.dev/apimachinery/apis/voyager/v1,IngressTLS,Hosts
 API rule violation: list_type_missing,voyagermesh.dev/apimachinery/apis/voyager/v1,OAuth,Paths
 API rule violation: list_type_missing,voyagermesh.dev/apimachinery/apis/voyager/v1,TCPIngressRuleValue,ALPN
+API rule violation: list_type_missing,voyagermesh.dev/apimachinery/apis/voyager/v1,TLSConfig,Ciphers
 API rule violation: names_match,k8s.io/api/core/v1,AzureDiskVolumeSource,DataDiskURI
 API rule violation: names_match,k8s.io/api/core/v1,ContainerStatus,LastTerminationState
 API rule violation: names_match,k8s.io/api/core/v1,DaemonEndpoint,Port

apis/voyager/v1/ingress.go

@@ -79,6 +79,8 @@ type IngressSpec struct {
 	// port according to the hostname specified through the SNI TLS extension.
 	TLS []IngressTLS `json:"tls,omitempty"`
 
+	TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
+
 	// Config volumes are used to mount any secret or configmap into HAProxy pods.
 	ConfigVolumes []VolumeSource `json:"configVolumes,omitempty"`
 
@@ -187,6 +189,10 @@ type IngressSpec struct {
 	Coordinator CoordinatorSpec `json:"coordinator,omitempty"`
 }
 
+type TLSConfig struct {
+	Ciphers []string `json:"ciphers,omitempty"`
+}
+
 // IngressTLS describes the transport layer security associated with an Ingress.
 type IngressTLS struct {
 	// Hosts are a list of hosts included in the TLS certificate. The values in

crds/voyager.appscode.com_ingresses.yaml

@@ -2674,6 +2674,13 @@ spec:
                       type: string
                   type: object
                 type: array
+              tlsConfig:
+                properties:
+                  ciphers:
+                    items:
+                      type: string
+                    type: array
+                type: object
               tolerations:
                 description: If specified, the pod's tolerations.
                 items:

go.mod

@@ -15,7 +15,7 @@ require (
 	k8s.io/client-go v0.25.1
 	k8s.io/klog/v2 v2.80.1
 	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea
-	kmodules.xyz/client-go v0.25.23
+	kmodules.xyz/client-go v0.25.33
 	kmodules.xyz/crd-schema-fuzz v0.25.0
 	kmodules.xyz/monitoring-agent-api v0.25.0
 	kmodules.xyz/webhook-runtime v0.25.0
@@ -91,7 +91,7 @@ require (
 	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.1.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gomodules.xyz/mergo v0.3.13 // indirect
 	gomodules.xyz/pointer v0.1.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

go.sum

@@ -822,8 +822,8 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
-gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 gomodules.xyz/mergo v0.3.13 h1:q6cL/MMXZH/MrR2+yjSihFFq6UifXqjwaqI48B6cMEM=
 gomodules.xyz/mergo v0.3.13/go.mod h1:F/2rKC7j0URTnHUKDiTiLcGdLMhdv8jK2Za3cRTUVmc=
 gomodules.xyz/pointer v0.1.0 h1:sG2UKrYVSo6E3r4itAjXfPfe4fuXMi0KdyTHpR3vGCg=
@@ -998,8 +998,8 @@ k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-kmodules.xyz/client-go v0.25.23 h1:qz5XJYHLVZUowqfRXEJD7JQ4iaLLzQ1O1zPMmsdrkJw=
-kmodules.xyz/client-go v0.25.23/go.mod h1:wbdzLEoDYiCPI6dTW0mIAGNwkwFV4lC5BN1FJxiDsbw=
+kmodules.xyz/client-go v0.25.33 h1:i5E88wDXFbR3ljoHCuIdjLR6Uobcb0Xc06i3UXIXJ9s=
+kmodules.xyz/client-go v0.25.33/go.mod h1:r/Va2Y6t1G8X1sPRjrQC6FWB3oh/i6rjssmlfJnbCmg=
 kmodules.xyz/crd-schema-fuzz v0.25.0 h1:c5ZxNRqJak1bkGhECmyrKpzKGThFMB4088Kynyvngbc=
 kmodules.xyz/crd-schema-fuzz v0.25.0/go.mod h1:VigFz19GwCxMGhb3YjCtlSXmfXb0J/g9du1So6rvqsk=
 kmodules.xyz/monitoring-agent-api v0.25.0 h1:RU9RBeCqQdoS381xXy8cM1aqT+7qmtuPI3KxNQoX16Y=

openapi/swagger.json

@@ -2613,6 +2613,9 @@
             "$ref": "#/definitions/dev.voyagermesh.apimachinery.apis.voyager.v1.IngressTLS"
           }
         },
+        "tlsConfig": {
+          "$ref": "#/definitions/dev.voyagermesh.apimachinery.apis.voyager.v1.TLSConfig"
+        },
         "tolerations": {
           "description": "If specified, the pod's tolerations.",
           "type": "array",
@@ -2742,6 +2745,18 @@
         }
       }
     },
+    "dev.voyagermesh.apimachinery.apis.voyager.v1.TLSConfig": {
+      "type": "object",
+      "properties": {
+        "ciphers": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "default": ""
+          }
+        }
+      }
+    },
     "dev.voyagermesh.apimachinery.apis.voyager.v1.VolumeSource": {
       "description": "Represents the source of a volume to mount. Only one of its members may be specified.",
       "type": "object",

vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go

@@ -1,6 +1,7 @@
 package jsonpatch
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"reflect"
@@ -64,6 +65,9 @@ func NewOperation(op, path string, value interface{}) Operation {
 //
 // An error will be returned if any of the two documents are invalid.
 func CreatePatch(a, b []byte) ([]Operation, error) {
+	if bytes.Equal(a, b) {
+		return []Operation{}, nil
+	}
 	var aI interface{}
 	var bI interface{}
 	err := json.Unmarshal(a, &aI)

vendor/kmodules.xyz/client-go/Makefile

@@ -45,7 +45,7 @@ endif
 ### These variables should not need tweaking.
 ###
 
-SRC_PKGS := admissionregistration api apiextensions apiregistration apps batch certificates client core discovery dynamic extensions meta networking openapi policy rbac storage tools
+SRC_PKGS := admissionregistration api apiextensions apiregistration apps batch certificates client conditions core discovery dynamic extensions meta networking openapi policy rbac storage tools
 SRC_DIRS := $(SRC_PKGS) *.go
 
 DOCKER_PLATFORMS := linux/amd64 linux/arm linux/arm64
@@ -154,7 +154,7 @@ gen-crd-protos:
 			--packages=-k8s.io/api/core/v1,kmodules.xyz/client-go/api/v1
 
 .PHONY: gen-enum
-gen-enum:
+gen-enum: $(BUILD_DIRS)
 	@docker run                                                 \
 	    -i                                                      \
 	    --rm                                                    \

vendor/kmodules.xyz/client-go/apiextensions/kubernetes.go

@@ -58,7 +58,7 @@ func RegisterCRDs(client crd_cs.Interface, crds []*CustomResourceDefinition) err
 			},
 			metav1.UpdateOptions{},
 		)
-		if err != nil {
+		if err != nil && !kerr.IsAlreadyExists(err) {
 			return err
 		}
 	}

vendor/modules.txt

@@ -327,7 +327,7 @@ golang.org/x/text/unicode/norm
 # golang.org/x/time v0.1.0
 ## explicit
 golang.org/x/time/rate
-# gomodules.xyz/jsonpatch/v2 v2.3.0
+# gomodules.xyz/jsonpatch/v2 v2.4.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
 # gomodules.xyz/mergo v0.3.13
@@ -990,7 +990,7 @@ k8s.io/utils/path
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# kmodules.xyz/client-go v0.25.23
+# kmodules.xyz/client-go v0.25.33
 ## explicit; go 1.18
 kmodules.xyz/client-go
 kmodules.xyz/client-go/apiextensions