Closed farcaller closed 6 years ago
This PR adds a sanity check for k8sExtensions.IngressTLS resource. If the resource is malformed, no attempt to request a certificate would be made.
k8sExtensions.IngressTLS
Here's an example of bad tls:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test annotations: kubernetes.io/tls-acme: "true" spec: tls: - hosts: - test.example - secretName: test-tls rules: - host: test.example http: paths: - path: / backend: serviceName: test servicePort: 80
Notice that secretName has a typo in front of it.
secretName
Such a yaml would be gladly accepted by k8s (which is a k8s problem, surely), but kube-lego makes it worse by first requesting and obtaining a certificate and then failing to store it anywhere.
This seems like a good idea to me. I have made this mistake in my ingresses before.
I'd like to see this check in kube-lego.
Just the one comment, otherwise LGTM!
Thanks for your PR and sorry for the long wait
This PR adds a sanity check for
k8sExtensions.IngressTLS
resource. If the resource is malformed, no attempt to request a certificate would be made.Here's an example of bad tls:
Notice that
secretName
has a typo in front of it.Such a yaml would be gladly accepted by k8s (which is a k8s problem, surely), but kube-lego makes it worse by first requesting and obtaining a certificate and then failing to store it anywhere.