Skip to content

Commit

Permalink
remove need for internal k8s service hosts in provided cert/key pair
Browse files Browse the repository at this point in the history
  • Loading branch information
@alecmerdler
alecmerdler committed Mar 18, 2021
1 parent 093af0b commit e7a9749
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions pkg/kustomize/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,12 +167,8 @@ func EnsureTLSFor(ctx *quaycontext.QuayRegistryContext, quay *v1.QuayRegistry, t

routeFieldGroup := fieldGroup.(*hostsettings.HostSettingsFieldGroup)

svc := quay.GetName() + "-quay-app"
hosts := []string{
routeFieldGroup.ServerHostname,
svc,
strings.Join([]string{svc, quay.GetNamespace(), "svc"}, "."),
strings.Join([]string{svc, quay.GetNamespace(), "svc", "cluster", "local"}, "."),
}

// Only add BUILDMAN_HOSTNAME as host if provided.
Expand All @@ -182,7 +178,8 @@ func EnsureTLSFor(ctx *quaycontext.QuayRegistryContext, quay *v1.QuayRegistry, t

for _, host := range hosts {
if valid, _ := shared.ValidateCertPairWithHostname(tlsCert, tlsKey, host, fieldGroupNameFor("route")); !valid {
fmt.Printf("Host %s not valid for certificates provided. Generating self-signed certs", host) // change to logger?
fmt.Printf("Host %s not valid for certificates provided. Generating self-signed certs", host)

return cert.GenerateSelfSignedCertKey(routeFieldGroup.ServerHostname, []net.IP{}, hosts)
}
}
Expand Down

0 comments on commit e7a9749

Please sign in to comment.