Margo Crawford
fa49beb623
Change length of TLS certs and CA.
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-26 12:05:17 -08:00
Margo Crawford
9bd206cedb
impersonator_config_test.go: small refactor of test helpers
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-26 11:27:19 -08:00
Ryan Richard
5b01e4be2d
impersonator_config.go: handle more error cases
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-26 10:58:56 -08:00
Ryan Richard
bbbb40994d
Prefer hostnames over IPs when making certs to match load balancer ingress
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-25 17:03:34 -08:00
Ryan Richard
0cae72b391
Get hostname from load balancer ingress to use for impersonator certs
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-25 11:40:14 -08:00
Margo Crawford
9a8c80f20a
Impersonator checks cert addresses when endpoint
config is a hostname
...
Also update concierge_impersonation_proxy_test.go integration test
to use real TLS when calling the impersonator.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-25 10:27:19 -08:00
Margo Crawford
8fc68a4b21
WIP improved cert management in impersonator config
...
- Allows Endpoint to be a hostname, not just an IP address
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-24 17:08:58 -08:00
Ryan Richard
aee7a7a72b
More WIP managing TLS secrets from the impersonation config controller
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-24 16:03:26 -08:00
Ryan Richard
d42c533fbb
WIP managing TLS secrets from the impersonation config controller
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-24 10:57:36 -08:00
Margo Crawford
19881e4d7f
Increase how long we wait for loadbalancers to be deleted for int test
...
Also add some log messages which might help us debug issues like this
in the future.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-18 15:58:27 -08:00
Margo Crawford
22a3e73bac
impersonator_config_test.go: use require.Len() when applicable
...
Also fix a lint error in concierge_impersonation_proxy_test.go
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-17 17:29:56 -08:00
Margo Crawford
0ad91c43f7
ImpersonationConfigController uses servicesinformer
...
This is a more reliable way to determine whether the load balancer
is already running.
Also added more unit tests for the load balancer.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-17 17:22:13 -08:00
Margo Crawford
67da840097
Add loadbalancer for impersonation proxy when needed
2021-02-16 15:57:02 -08:00
Ryan Richard
5cd60fa5f9
Move starting/stopping impersonation proxy server to a new controller
...
- Watch a configmap to read the configuration of the impersonation
proxy and reconcile it.
- Implements "auto" mode by querying the API for control plane nodes.
- WIP: does not create a load balancer or proper TLS certificates yet.
Those will come in future commits.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-11 17:25:52 -08:00