8b7c30cfbd
- TLS certificates can be configured on the OIDCProviderConfig using the `secretName` field. - When listening for incoming TLS connections, choose the TLS cert based on the SNI hostname of the incoming request. - Because SNI hostname information on incoming requests does not include the port number of the request, we add a validation that OIDCProviderConfigs where the issuer hostnames (not including port number) are the same must use the same `secretName`. - Note that this approach does not yet support requests made to an IP address instead of a hostname. Also note that `localhost` is considered a hostname by SNI. - Add port 443 as a container port to the pod spec. - A new controller watches for TLS secrets and caches them in memory. That same in-memory cache is used while servicing incoming connections on the TLS port. - Make it easy to configure both port 443 and/or port 80 for various Service types using our ytt templates for the supervisor. - When deploying to kind, add another nodeport and forward it to the host on another port to expose our new HTTPS supervisor port to the host. |
||
|---|---|---|
| .. | ||
| lib | ||
| boilerplate.go.txt | ||
| get-ldflags.sh | ||
| header.txt | ||
| kind-down.sh | ||
| kind-up.sh | ||
| module.sh | ||
| prepare-for-integration-tests.sh | ||
| tilt-down.sh | ||
| tilt-up.sh | ||
| update.sh | ||
| verify.sh | ||