Skip to content

Commit

Permalink
- Putting a bow on it
Browse files Browse the repository at this point in the history
- Final corrections and enhancements
- Let the configuration settings determine log level
  • Loading branch information
ciroque committed Oct 24, 2023
1 parent 76c3e8e commit 3a037c6
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 15 deletions.
1 change: 0 additions & 1 deletion cmd/nginx-loadbalancer-kubernetes/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
)

func main() {
logrus.SetLevel(logrus.DebugLevel)
err := run()
if err != nil {
logrus.Fatal(err)
Expand Down
9 changes: 5 additions & 4 deletions deployments/deployment/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ apiVersion: v1
kind: ConfigMap
data:
nginx-hosts: "https://192.168.96.207/api"
tls-mode: "ss-mtls"
ca-certificate: "nlk-tls-ca-secret"
client-certificate: "nlk-tls-client-secret"
tls-mode: "no-tls"
ca-certificate: ""
client-certificate: ""
log-level: "warn"
metadata:
name: nlk-config
namespace: nlk
namespace: nlk
3 changes: 1 addition & 2 deletions deployments/deployment/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@ spec:
spec:
containers:
- name: nginx-loadbalancer-kubernetes
image: ciroque/nginx-loadbalancer-kubernetes:dev-11
# image: ghcr.io/nginxinc/nginx-loadbalancer-kubernetes:125
image: ghcr.io/nginxinc/nginx-loadbalancer-kubernetes:latest
imagePullPolicy: Always
ports:
- name: http
Expand Down
2 changes: 1 addition & 1 deletion docs/tls/SS-TLS.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ metadata:
data:
nginx-hosts: "http://10.1.1.4:9000/api,http://10.1.1.5:9000/api"
tls-mode: "ss-tls"
caCertificate: "nlk-tls-ca-secret"
ca-certificate: "nlk-tls-ca-secret"
```
## Deployment
Expand Down
14 changes: 7 additions & 7 deletions internal/authentication/factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
)

func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) {
logrus.Debugf("Creating TLS config for mode: '%s'", settings.TlsMode)
logrus.Debugf("authentication::NewTlsConfig Creating TLS config for mode: '%s'", settings.TlsMode)
switch settings.TlsMode {
case "ss-tls": // needs ca cert
return buildSelfSignedTlsConfig(settings.Certificates)
Expand All @@ -38,7 +38,7 @@ func NewTlsConfig(settings *configuration.Settings) (*tls.Config, error) {
}

func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
logrus.Debug("Building self-signed TLS config")
logrus.Debugf("authentication::buildSelfSignedTlsConfig Building self-signed TLS config, CA Secret Key(%v)", certificates.CaCertificateSecretKey)
certPool, err := buildCaCertificatePool(certificates.GetCACertificate())
if err != nil {
return nil, err
Expand All @@ -51,7 +51,7 @@ func buildSelfSignedTlsConfig(certificates *certification.Certificates) (*tls.Co
}

func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
logrus.Debug("buildSelfSignedMtlsConfig Building self-signed mTLS config")
logrus.Debugf("authentication::buildSelfSignedMtlsConfig Building self-signed mTLS config, CA Secret Key(%v), Client Certificate Key(%v)", certificates.CaCertificateSecretKey, certificates.ClientCertificateSecretKey)
certPool, err := buildCaCertificatePool(certificates.GetCACertificate())
if err != nil {
return nil, err
Expand All @@ -72,14 +72,14 @@ func buildSelfSignedMtlsConfig(certificates *certification.Certificates) (*tls.C
}

func buildBasicTlsConfig(skipVerify bool) *tls.Config {
logrus.Debug("Building basic TLS config")
logrus.Debugf("authentication::buildBasicTlsConfig skipVerify(%v)", skipVerify)
return &tls.Config{
InsecureSkipVerify: skipVerify,
}
}

func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, error) {
logrus.Debug("Building CA TLS config")
logrus.Debugf("authentication::buildCaTlsConfig, Client Certificate Key(%v)", certificates.ClientCertificateSecretKey)
certificate, err := buildCertificates(certificates.GetClientCertificate())
if err != nil {
return nil, err
Expand All @@ -92,12 +92,12 @@ func buildCaTlsConfig(certificates *certification.Certificates) (*tls.Config, er
}

func buildCertificates(privateKeyPEM []byte, certificatePEM []byte) (tls.Certificate, error) {
logrus.Debug("Building certificates")
logrus.Debugf("authentication::buildCertificates, Private Key(%v), Certificate(%v)", privateKeyPEM, certificatePEM)
return tls.X509KeyPair(certificatePEM, privateKeyPEM)
}

func buildCaCertificatePool(caCert []byte) (*x509.CertPool, error) {
logrus.Debugf("Building CA certificate pool")
logrus.Debugf("authentication::buildCaCertificatePool, CA Certificate(%v)", caCert)
block, _ := pem.Decode(caCert)
if block == nil {
return nil, fmt.Errorf("failed to decode PEM block containing CA certificate")
Expand Down
31 changes: 31 additions & 0 deletions internal/configuration/settings.go
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,8 @@ func (s *Settings) handleUpdateEvent(_ interface{}, obj interface{}) {
logrus.Warnf("Settings::handleUpdateEvent: client-certificate key not found in ConfigMap")
}

setLogLevel(configMap.Data["log-level"])

logrus.Debugf("Settings::handleUpdateEvent: \n\tHosts: %v,\n\tSettings: %v ", s.NginxPlusHosts, configMap)
}

Expand All @@ -327,3 +329,32 @@ func isOurConfig(obj interface{}) (*corev1.ConfigMap, bool) {
configMap, ok := obj.(*corev1.ConfigMap)
return configMap, ok && configMap.Name == ConfigMapName && configMap.Namespace == ConfigMapsNamespace
}

func setLogLevel(logLevel string) {
logrus.Debugf("Settings::setLogLevel: %s", logLevel)
switch logLevel {
case "panic":
logrus.SetLevel(logrus.PanicLevel)

case "fatal":
logrus.SetLevel(logrus.FatalLevel)

case "error":
logrus.SetLevel(logrus.ErrorLevel)

case "warn":
logrus.SetLevel(logrus.WarnLevel)

case "info":
logrus.SetLevel(logrus.InfoLevel)

case "debug":
logrus.SetLevel(logrus.DebugLevel)

case "trace":
logrus.SetLevel(logrus.TraceLevel)

default:
logrus.SetLevel(logrus.WarnLevel)
}
}

0 comments on commit 3a037c6

Please sign in to comment.