knative · KauzClay · Jan 30, 2023 · Jan 30, 2023 · Jan 30, 2023 · Jan 30, 2023
diff --git a/pkg/reconciler/domainmapping/reconciler.go b/pkg/reconciler/domainmapping/reconciler.go
@@ -127,9 +127,11 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, dm *v1alpha1.DomainMappi
 		return err
 	}
 
+	networkConfig := config.FromContext(ctx).Network
+
 	// Reconcile the Ingress resource corresponding to the requested Mapping.
 	logger.Debugf("Mapping %s to ref %s/%s (host: %q, svc: %q)", url, dm.Spec.Ref.Namespace, dm.Spec.Ref.Name, targetHost, targetBackendSvc)
-	desired := resources.MakeIngress(dm, targetBackendSvc, targetHost, ingressClass, httpOption, tls, acmeChallenges...)
+	desired := resources.MakeIngress(dm, targetBackendSvc, targetHost, ingressClass, httpOption, tls, networkConfig.InternalEncryption, acmeChallenges...)
 	ingress, err := r.reconcileIngress(ctx, dm, desired)
 	if err != nil {
 		return err

diff --git a/pkg/reconciler/domainmapping/resources/ingress.go b/pkg/reconciler/domainmapping/resources/ingress.go
@@ -35,8 +35,18 @@ import (
 // backend is always in the same namespace also (as this is required by
 // KIngress).  The created ingress will contain a RewriteHost rule to cause the
 // given hostName to be used as the host.
-func MakeIngress(dm *servingv1alpha1.DomainMapping, backendServiceName, hostName, ingressClass string, httpOption netv1alpha1.HTTPOption, tls []netv1alpha1.IngressTLS, acmeChallenges ...netv1alpha1.HTTP01Challenge) *netv1alpha1.Ingress {
+func MakeIngress(dm *servingv1alpha1.DomainMapping, backendServiceName, hostName, ingressClass string, httpOption netv1alpha1.HTTPOption, tls []netv1alpha1.IngressTLS, encryption bool, acmeChallenges ...netv1alpha1.HTTP01Challenge) *netv1alpha1.Ingress {
 	paths, hosts := routeresources.MakeACMEIngressPaths(acmeChallenges, sets.NewString(dm.GetName()))
+
+	var servicePort intstr.IntOrString
+
+	if encryption {
+		//fmt.Println("setting port to 443")
+		servicePort = intstr.FromInt(netapi.ServiceHTTPSPort)
+		//servicePort = intstr.FromInt(80)
+	} else {
+		servicePort = intstr.FromInt(80)
+	}
 	return &netv1alpha1.Ingress{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      kmeta.ChildName(dm.GetName(), ""),
@@ -69,7 +79,7 @@ func MakeIngress(dm *servingv1alpha1.DomainMapping, backendServiceName, hostName
 								IngressBackend: netv1alpha1.IngressBackend{
 									ServiceNamespace: dm.Namespace,
 									ServiceName:      backendServiceName,
-									ServicePort:      intstr.FromInt(80),
+									ServicePort:      servicePort,
 								},
 							}},
 						}}...),

diff --git a/pkg/reconciler/domainmapping/resources/ingress_test.go b/pkg/reconciler/domainmapping/resources/ingress_test.go
@@ -235,7 +235,217 @@ func TestMakeIngress(t *testing.T) {
 			got := *MakeIngress(&tc.dm,
 				"the-target-svc", "the-rewrite-host", "the-ingress-class",
 				netv1alpha1.HTTPOptionEnabled,
-				tc.tls, tc.acmeChallenges...)
+				tc.tls, false, tc.acmeChallenges...)
+			if diff := cmp.Diff(tc.want, got); diff != "" {
+				t.Errorf("Unexpected Ingress (-want, +got):\n%s", diff)
+			}
+		})
+	}
+
+}
+
+func TestMakeIngressInternalEncryption(t *testing.T) {
+	for _, tc := range []struct {
+		name           string
+		dm             v1alpha1.DomainMapping
+		want           netv1alpha1.Ingress
+		tls            []netv1alpha1.IngressTLS
+		acmeChallenges []netv1alpha1.HTTP01Challenge
+	}{{
+		name: "basic",
+		dm: v1alpha1.DomainMapping{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				UID:       types.UID("the-uid"),
+				Annotations: map[string]string{
+					"some.annotation":                  "some.value",
+					corev1.LastAppliedConfigAnnotation: "blah",
+				},
+			},
+			Spec: v1alpha1.DomainMappingSpec{
+				Ref: duckv1.KReference{
+					Namespace: "the-namespace",
+					Name:      "the-name",
+				},
+			},
+		},
+		want: netv1alpha1.Ingress{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				Annotations: map[string]string{
+					netapi.IngressClassAnnotationKey: "the-ingress-class",
+					"some.annotation":                "some.value",
+				},
+			},
+			Spec: netv1alpha1.IngressSpec{
+				HTTPOption: netv1alpha1.HTTPOptionEnabled,
+				Rules: []netv1alpha1.IngressRule{{
+					Hosts:      []string{"mapping.com"},
+					Visibility: netv1alpha1.IngressVisibilityExternalIP,
+					HTTP: &netv1alpha1.HTTPIngressRuleValue{
+						Paths: []netv1alpha1.HTTPIngressPath{{
+							RewriteHost: "the-rewrite-host",
+							Splits: []netv1alpha1.IngressBackendSplit{{
+								Percent: 100,
+								AppendHeaders: map[string]string{
+									netheader.OriginalHostKey: "mapping.com",
+								},
+								IngressBackend: netv1alpha1.IngressBackend{
+									ServiceName:      "the-target-svc",
+									ServiceNamespace: "the-namespace",
+									ServicePort:      intstr.FromInt(443),
+								},
+							}},
+						}},
+					},
+				}},
+			},
+		},
+	}, {
+		name: "tls",
+		dm: v1alpha1.DomainMapping{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				UID:       types.UID("the-uid"),
+				Annotations: map[string]string{
+					"some.annotation":                  "some.value",
+					corev1.LastAppliedConfigAnnotation: "blah",
+				},
+			},
+			Spec: v1alpha1.DomainMappingSpec{
+				Ref: duckv1.KReference{
+					Namespace: "the-namespace",
+					Name:      "the-name",
+				},
+			},
+		},
+		tls: []netv1alpha1.IngressTLS{{
+			Hosts:      []string{"mapping.com"},
+			SecretName: "secret",
+		}},
+		want: netv1alpha1.Ingress{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				Annotations: map[string]string{
+					netapi.IngressClassAnnotationKey: "the-ingress-class",
+					"some.annotation":                "some.value",
+				},
+			},
+			Spec: netv1alpha1.IngressSpec{
+				HTTPOption: netv1alpha1.HTTPOptionEnabled,
+				Rules: []netv1alpha1.IngressRule{{
+					Hosts:      []string{"mapping.com"},
+					Visibility: netv1alpha1.IngressVisibilityExternalIP,
+					HTTP: &netv1alpha1.HTTPIngressRuleValue{
+						Paths: []netv1alpha1.HTTPIngressPath{{
+							RewriteHost: "the-rewrite-host",
+							Splits: []netv1alpha1.IngressBackendSplit{{
+								Percent: 100,
+								AppendHeaders: map[string]string{
+									netheader.OriginalHostKey: "mapping.com",
+								},
+								IngressBackend: netv1alpha1.IngressBackend{
+									ServiceName:      "the-target-svc",
+									ServiceNamespace: "the-namespace",
+									ServicePort:      intstr.FromInt(443),
+								},
+							}},
+						}},
+					},
+				}},
+				TLS: []netv1alpha1.IngressTLS{{
+					Hosts:      []string{"mapping.com"},
+					SecretName: "secret",
+				}},
+			},
+		},
+	}, {
+		name: "challenges",
+		dm: v1alpha1.DomainMapping{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				UID:       types.UID("the-uid"),
+				Annotations: map[string]string{
+					"some.annotation":                  "some.value",
+					corev1.LastAppliedConfigAnnotation: "blah",
+				},
+			},
+			Spec: v1alpha1.DomainMappingSpec{
+				Ref: duckv1.KReference{
+					Namespace: "the-namespace",
+					Name:      "the-name",
+				},
+			},
+		},
+		acmeChallenges: []netv1alpha1.HTTP01Challenge{{
+			ServiceNamespace: "test-ns",
+			ServiceName:      "cm-solver",
+			ServicePort:      intstr.FromInt(8090),
+			URL: &apis.URL{
+				Scheme: "http",
+				Path:   "/.well-known/acme-challenge/challenge-token",
+				Host:   "mapping.com",
+			},
+		}},
+		want: netv1alpha1.Ingress{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mapping.com",
+				Namespace: "the-namespace",
+				Annotations: map[string]string{
+					netapi.IngressClassAnnotationKey: "the-ingress-class",
+					"some.annotation":                "some.value",
+				},
+			},
+			Spec: netv1alpha1.IngressSpec{
+				HTTPOption: netv1alpha1.HTTPOptionEnabled,
+				Rules: []netv1alpha1.IngressRule{{
+					Hosts:      []string{"mapping.com"},
+					Visibility: netv1alpha1.IngressVisibilityExternalIP,
+					HTTP: &netv1alpha1.HTTPIngressRuleValue{
+						Paths: []netv1alpha1.HTTPIngressPath{{
+							Path: "/.well-known/acme-challenge/challenge-token",
+							Splits: []netv1alpha1.IngressBackendSplit{{
+								IngressBackend: netv1alpha1.IngressBackend{
+									ServiceNamespace: "test-ns",
+									ServiceName:      "cm-solver",
+									ServicePort:      intstr.FromInt(8090),
+								},
+								Percent: 100,
+							}},
+						}, {
+							RewriteHost: "the-rewrite-host",
+							Splits: []netv1alpha1.IngressBackendSplit{{
+								Percent: 100,
+								AppendHeaders: map[string]string{
+									netheader.OriginalHostKey: "mapping.com",
+								},
+								IngressBackend: netv1alpha1.IngressBackend{
+									ServiceName:      "the-target-svc",
+									ServiceNamespace: "the-namespace",
+									ServicePort:      intstr.FromInt(443),
+								},
+							}},
+						}},
+					},
+				}},
+			},
+		},
+	}} {
+		t.Run(tc.name, func(t *testing.T) {
+			tc.want.Labels = kmeta.UnionMaps(tc.dm.Labels, map[string]string{
+				serving.DomainMappingUIDLabelKey:       "the-uid",
+				serving.DomainMappingNamespaceLabelKey: "the-namespace",
+			})
+			tc.want.OwnerReferences = []metav1.OwnerReference{*kmeta.NewControllerRef(&tc.dm)}
+			got := *MakeIngress(&tc.dm,
+				"the-target-svc", "the-rewrite-host", "the-ingress-class",
+				netv1alpha1.HTTPOptionEnabled,
+				tc.tls, true, tc.acmeChallenges...)
 			if diff := cmp.Diff(tc.want, got); diff != "" {
 				t.Errorf("Unexpected Ingress (-want, +got):\n%s", diff)
 			}