Skip to content

Commit

Permalink
NE-1803: Reload router when defaultDestinationCA is updated
Browse files Browse the repository at this point in the history
  • Loading branch information
bharath-b-rh committed Aug 14, 2024
1 parent a33f2b6 commit 6095cf8
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 6 deletions.
18 changes: 12 additions & 6 deletions pkg/router/router_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,16 @@ func TestMain(m *testing.M) {

h.workdir = workdir
h.dirs = map[string]string{
"whitelist": filepath.Join(workdir, "router", "whitelists"),
"certs": filepath.Join(workdir, "router", "certs"),
"whitelist": filepath.Join(workdir, "router", "whitelists"),
"certs": filepath.Join(workdir, "router", "certs"),
"serviceCA": filepath.Join(workdir, "service-ca"),
"serviceCAData": filepath.Join(workdir, "service-ca", "..data/"),
}

createRouterDirs()
defaultDestinationCA := filepath.Join(h.dirs["serviceCA"], "service-ca.crt")
os.Create(filepath.Join(h.dirs["serviceCAData"], "service-ca.crt"))
os.Symlink(filepath.Join(h.dirs["serviceCAData"], "service-ca.crt"), defaultDestinationCA)

// The template plugin which is wrapped
svcFetcher := templateplugin.NewListWatchServiceLookup(client.CoreV1(), 60*time.Second, namespace)
Expand Down Expand Up @@ -147,10 +152,11 @@ pgfj+yGLmkUw8JwgGH6xCUbHO+WBUFSlPf+Y50fJeO+OrjqPXAVKeSV3ZCwWjKT4
u3YLAbyW/lHhOCiZu2iAI8AbmXem9lW6Tr7p/97s0w==
-----END RSA PRIVATE KEY-----
`,
DefaultCertificateDir: h.dirs["certs"],
ReloadFn: func(shutdown bool) error { return nil },
TemplatePath: "../../images/router/haproxy/conf/haproxy-config.template",
ReloadInterval: reloadInterval,
DefaultCertificateDir: h.dirs["certs"],
DefaultDestinationCAPath: defaultDestinationCA,
ReloadFn: func(shutdown bool) error { return nil },
TemplatePath: "../../images/router/haproxy/conf/haproxy-config.template",
ReloadInterval: reloadInterval,
HTTPResponseHeaders: []templateplugin.HTTPHeader{{
Name: "x-foo",
Value: "'bar'",
Expand Down
28 changes: 28 additions & 0 deletions pkg/router/template/router.go
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,9 @@ func newTemplateRouter(cfg templateRouterCfg) (*templateRouter, error) {
if err := router.watchMutualTLSCert(); err != nil {
return nil, err
}
if err := router.watchCABundleCert(); err != nil {
return nil, err
}
if router.dynamicConfigManager != nil {
log.V(0).Info("initializing dynamic config manager ... ")
router.dynamicConfigManager.Initialize(router, router.defaultCertificatePath)
Expand Down Expand Up @@ -1521,3 +1524,28 @@ func privateKeysFromPEM(pemCerts []byte) ([]byte, error) {
}
return buf.Bytes(), nil
}

// watchCABundleCert watches the directory containing the CA bundle certificate
// and reloads the router if the directory contents change.
func (r *templateRouter) watchCABundleCert() error {
if len(r.defaultDestinationCAPath) == 0 {
log.V(0).Info("defaultDestinationCAPath is empty, file watcher not created")
return nil
}

caBundleDir := filepath.Dir(r.defaultDestinationCAPath)
reloadFn := func() {
log.V(0).Info("reloading to get updated default destination CA certificate bundle")
r.rateLimitedCommitFunction.RegisterChange()
}

if err := r.watchVolumeMountDir(caBundleDir, reloadFn); err != nil {
// On encountering an error will log it and not return the error because
// DefaultDestinationCAPath is an optional configuration parameter, and an
// error here shouldn't cause router to exit.
log.V(0).Error(err, "failed to establish watch on CA bundle certificate directory")
return nil
}

return nil
}

0 comments on commit 6095cf8

Please sign in to comment.