Closed OliverMKing closed 3 months ago
Changes Missing Coverage | Covered Lines | Changed/Added Lines | % | ||
---|---|---|---|---|---|
pkg/controller/controller.go | 0 | 4 | 0.0% | ||
pkg/controller/keyvault/ingress_tls.go | 44 | 69 | 63.77% | ||
<!-- | Total: | 49 | 78 | 62.82% | --> |
Totals | |
---|---|
Change from base Build 8391177511: | -0.4% |
Covered Lines: | 2656 |
Relevant Lines: | 3343 |
/ok-to-test sha=8177500
/ok-to-test sha=b886254
/ok-to-test sha=0f31414
/ok-to-test sha=cec8cd3
/ok-to-test sha=acfd433
/ok-to-test sha=28adffb
in the description,
If the Ingress contains both required Ingresses
this is referring to annotations right?
in the description,
If the Ingress contains both required Ingresses
this is referring to annotations right?
yes
Description
Adds a tls reconciler that adds the TLS portion to Ingresses that have the keyvault tls cert managed by us. We reconcile the Ingress object to point to the managed secret that contains the cert pulled from keyvault if the Ingress contains a specific annotation.
To use this feature, users will need to add the
kubernetes.azure.com/tls-cert-keyvault-managed: true
annotation to their Ingress.Essentially, the reconcile logic is as follows:
kubernetes.azure.com/tls-cert-keyvault-managed: true
annotationkubernetes.azure.com/tls-cert-keyvault-managed: true
annotation but doesn't contain thekubernetes.azure.com/tls-cert-keyvault-uri: <uri>
annotation then we push an Event to the Ingress informing them that we can't manage TLS without that.Type of change
Please delete options that are not relevant.
How Has This Been Tested?
unit
Checklist: