djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,439 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Margo Crawford fa49beb623 Change length of TLS certs and CA. 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-26 12:05:17 -08:00
Margo Crawford 9bd206cedb impersonator_config_test.go: small refactor of test helpers 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-26 11:27:19 -08:00
Ryan Richard 5b01e4be2d impersonator_config.go: handle more error cases 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-26 10:58:56 -08:00
Ryan Richard bbbb40994d Prefer hostnames over IPs when making certs to match load balancer ingress 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-25 17:03:34 -08:00
Ryan Richard 0cae72b391 Get hostname from load balancer ingress to use for impersonator certs 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-25 11:40:14 -08:00
Margo Crawford 9a8c80f20a Impersonator checks cert addresses when `endpoint` config is a hostname 
Also update concierge_impersonation_proxy_test.go integration test
to use real TLS when calling the impersonator.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-25 10:27:19 -08:00
Margo Crawford 8fc68a4b21 WIP improved cert management in impersonator config 
- Allows Endpoint to be a hostname, not just an IP address

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-24 17:08:58 -08:00
Ryan Richard aee7a7a72b More WIP managing TLS secrets from the impersonation config controller 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-24 16:03:26 -08:00
Ryan Richard d42c533fbb WIP managing TLS secrets from the impersonation config controller 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-24 10:57:36 -08:00
Margo Crawford 22a3e73bac impersonator_config_test.go: use require.Len() when applicable 
Also fix a lint error in concierge_impersonation_proxy_test.go

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-17 17:29:56 -08:00
Margo Crawford 0ad91c43f7 ImpersonationConfigController uses servicesinformer 
This is a more reliable way to determine whether the load balancer
is already running.
Also added more unit tests for the load balancer.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-02-17 17:22:13 -08:00
Margo Crawford 67da840097 Add loadbalancer for impersonation proxy when needed 2021-02-16 15:57:02 -08:00
Ryan Richard 5cd60fa5f9 Move starting/stopping impersonation proxy server to a new controller 
- Watch a configmap to read the configuration of the impersonation
  proxy and reconcile it.
- Implements "auto" mode by querying the API for control plane nodes.
- WIP: does not create a load balancer or proper TLS certificates yet.
  Those will come in future commits.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-02-11 17:25:52 -08:00