Upload ingress certificates stored in k8s secret. #6
Conversation
Currently, when one uses an Ingress resource fronted by Cloudflare CDN, and that Ingress uses a TLS certificate, that certificate has to be uploaded to Cloudflare as well. Otherwise, Cloudflare cannot serve the content under SSL since it does not have the certificate. This commit enables automatically uploading the Ingress's certificate (found under the Ingress's TLS secret) to Cloudflare, via its APIs. Then, Cloudflare can serve that Ingress under SSL.
|
Hello, I'm the Infolinks Robot, here to help with development on this issue. Useful commands:
Note that you first need to authenticate to Infobot on Slack; to do that, just head over to Slack and type |
|
|
||
|
|
||
| # build headers | ||
| def build_cloudflare_request_headers(auth_email: str, auth_key: str) -> Mapping[str, str]: |
There was a problem hiding this comment.
Can we share "build_cloudflare_request_headers" function with the other Python script? (ie. a shared Python file imported in both Python scripts)
|
|
||
| # upload certificate to cloudflare | ||
| def upload_certificate(zone_id: str, auth_email: str, auth_key: str, key: str, crt: str): | ||
| url: str = f"{CF_BASE_URL}/zones/{zone_id}" |
There was a problem hiding this comment.
CF_BASE_URL should also be imported from a shared Python file.
| argparser.add_argument('auth_key', metavar='KEY', help='authentication key of the Cloudflare account') | ||
| args = argparser.parse_args() | ||
|
|
||
| zone: dict = requests.get( |
There was a problem hiding this comment.
Lets also add a fetch_cloudflare_zone function in the shared Python script.
|
|
||
| requests.post(url=certificates_url, | ||
| headers=build_cloudflare_request_headers(auth_email=auth_email, auth_key=auth_key), | ||
| json=certificate).raise_for_status() |
There was a problem hiding this comment.
Per your suggestion, lets also check if the certificate exists; if so, compare it and update if necessary. Otherwise, create (as you do now).
Currently, when one uses an Ingress resource fronted by Cloudflare CDN, and that Ingress uses a TLS certificate, that certificate has to be uploaded to Cloudflare as well. Otherwise, Cloudflare cannot serve the content under SSL since it does not have the certificate.
This commit enables automatically uploading the Ingress's certificate (found under the Ingress's TLS secret) to Cloudflare, via its APIs. Then, Cloudflare can serve that Ingress under SSL.