Margo Crawford
fa49beb623
Change length of TLS certs and CA.
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-26 12:05:17 -08:00
Margo Crawford
9bd206cedb
impersonator_config_test.go: small refactor of test helpers
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-26 11:27:19 -08:00
Ryan Richard
5b01e4be2d
impersonator_config.go: handle more error cases
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-26 10:58:56 -08:00
Ryan Richard
bbbb40994d
Prefer hostnames over IPs when making certs to match load balancer ingress
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-25 17:03:34 -08:00
Ryan Richard
0cae72b391
Get hostname from load balancer ingress to use for impersonator certs
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-25 11:40:14 -08:00
Margo Crawford
9a8c80f20a
Impersonator checks cert addresses when `endpoint` config is a hostname
...
Also update concierge_impersonation_proxy_test.go integration test
to use real TLS when calling the impersonator.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-25 10:27:19 -08:00
Margo Crawford
8fc68a4b21
WIP improved cert management in impersonator config
...
- Allows Endpoint to be a hostname, not just an IP address
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-24 17:08:58 -08:00
Ryan Richard
aee7a7a72b
More WIP managing TLS secrets from the impersonation config controller
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-24 16:03:26 -08:00
Ryan Richard
d42c533fbb
WIP managing TLS secrets from the impersonation config controller
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-24 10:57:36 -08:00
Margo Crawford
22a3e73bac
impersonator_config_test.go: use require.Len() when applicable
...
Also fix a lint error in concierge_impersonation_proxy_test.go
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-17 17:29:56 -08:00
Margo Crawford
0ad91c43f7
ImpersonationConfigController uses servicesinformer
...
This is a more reliable way to determine whether the load balancer
is already running.
Also added more unit tests for the load balancer.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-02-17 17:22:13 -08:00
Margo Crawford
67da840097
Add loadbalancer for impersonation proxy when needed
2021-02-16 15:57:02 -08:00
Ryan Richard
5cd60fa5f9
Move starting/stopping impersonation proxy server to a new controller
...
- Watch a configmap to read the configuration of the impersonation
proxy and reconcile it.
- Implements "auto" mode by querying the API for control plane nodes.
- WIP: does not create a load balancer or proper TLS certificates yet.
Those will come in future commits.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-11 17:25:52 -08:00