@@ -1003,6 +1003,295 @@ func Test_defaultModelBuilder_Build(t *testing.T) {
1003
1003
}
1004
1004
}
1005
1005
}
1006
+ }` ,
1007
+ },
1008
+ {
1009
+ name : "Ingress - using acm and internet-facing case with the same acm certificate for default and sni listener" ,
1010
+ env : env {
1011
+ svcs : []* corev1.Service {ns_1_svc_1 , ns_1_svc_2 , ns_1_svc_3 },
1012
+ },
1013
+ fields : fields {
1014
+ resolveViaDiscoveryCalls : []resolveViaDiscoveryCall {resolveViaDiscoveryCallForInternetFacingLB },
1015
+ listLoadBalancersCalls : []listLoadBalancersCall {listLoadBalancerCallForEmptyLB },
1016
+ enableBackendSG : true ,
1017
+ },
1018
+ args : args {
1019
+ ingGroup : Group {
1020
+ ID : GroupID {Namespace : "ns-1" , Name : "ing-1" },
1021
+ Members : []ClassifiedIngress {
1022
+ {
1023
+ Ing : & networking.Ingress {ObjectMeta : metav1.ObjectMeta {
1024
+ Namespace : "ns-1" ,
1025
+ Name : "ing-1" ,
1026
+ Annotations : map [string ]string {
1027
+ "alb.ingress.kubernetes.io/scheme" : "internet-facing" ,
1028
+ "alb.ingress.kubernetes.io/certificate-arn" : "arn:aws:acm:us-east-1:9999999:certificate/11111111,arn:aws:acm:us-east-1:9999999:certificate/33333333,arn:aws:acm:us-east-1:9999999:certificate/22222222,,arn:aws:acm:us-east-1:9999999:certificate/11111111" ,
1029
+ "alb.ingress.kubernetes.io/mutual-authentication" : `[{"port":443,"mode":"off"}]` ,
1030
+ },
1031
+ },
1032
+ Spec : networking.IngressSpec {
1033
+ Rules : []networking.IngressRule {
1034
+ {
1035
+ Host : "app-1.example.com" ,
1036
+ IngressRuleValue : networking.IngressRuleValue {
1037
+ HTTP : & networking.HTTPIngressRuleValue {
1038
+ Paths : []networking.HTTPIngressPath {
1039
+ {
1040
+ Path : "/svc-1" ,
1041
+ Backend : networking.IngressBackend {
1042
+ Service : & networking.IngressServiceBackend {
1043
+ Name : ns_1_svc_1 .Name ,
1044
+ Port : networking.ServiceBackendPort {
1045
+ Name : "http" ,
1046
+ },
1047
+ },
1048
+ },
1049
+ },
1050
+ {
1051
+ Path : "/svc-2" ,
1052
+ Backend : networking.IngressBackend {
1053
+ Service : & networking.IngressServiceBackend {
1054
+ Name : ns_1_svc_2 .Name ,
1055
+ Port : networking.ServiceBackendPort {
1056
+ Name : "http" ,
1057
+ },
1058
+ },
1059
+ },
1060
+ },
1061
+ },
1062
+ },
1063
+ },
1064
+ },
1065
+ {
1066
+ Host : "app-2.example.com" ,
1067
+ IngressRuleValue : networking.IngressRuleValue {
1068
+ HTTP : & networking.HTTPIngressRuleValue {
1069
+ Paths : []networking.HTTPIngressPath {
1070
+ {
1071
+ Path : "/svc-3" ,
1072
+ Backend : networking.IngressBackend {
1073
+ Service : & networking.IngressServiceBackend {
1074
+ Name : ns_1_svc_3 .Name ,
1075
+ Port : networking.ServiceBackendPort {
1076
+ Name : "https" ,
1077
+ },
1078
+ },
1079
+ },
1080
+ },
1081
+ },
1082
+ },
1083
+ },
1084
+ },
1085
+ },
1086
+ },
1087
+ },
1088
+ },
1089
+ },
1090
+ },
1091
+ },
1092
+ wantStackPatch : `
1093
+ {
1094
+ "resources": {
1095
+ "AWS::EC2::SecurityGroup": {
1096
+ "ManagedLBSecurityGroup": {
1097
+ "spec": {
1098
+ "ingress": [
1099
+ {
1100
+ "fromPort": 443,
1101
+ "ipProtocol": "tcp",
1102
+ "ipRanges": [
1103
+ {
1104
+ "cidrIP": "0.0.0.0/0"
1105
+ }
1106
+ ],
1107
+ "toPort": 443
1108
+ }
1109
+ ]
1110
+ }
1111
+ }
1112
+ },
1113
+ "AWS::ElasticLoadBalancingV2::Listener": {
1114
+ "443": {
1115
+ "spec": {
1116
+ "certificates": [
1117
+ {
1118
+ "certificateARN": "arn:aws:acm:us-east-1:9999999:certificate/11111111"
1119
+ },
1120
+ {
1121
+ "certificateARN": "arn:aws:acm:us-east-1:9999999:certificate/33333333"
1122
+ },
1123
+ {
1124
+ "certificateARN": "arn:aws:acm:us-east-1:9999999:certificate/22222222"
1125
+ },
1126
+ {
1127
+ "certificateARN": "arn:aws:acm:us-east-1:9999999:certificate/11111111"
1128
+ }
1129
+ ],
1130
+ "defaultActions": [
1131
+ {
1132
+ "fixedResponseConfig": {
1133
+ "contentType": "text/plain",
1134
+ "statusCode": "404"
1135
+ },
1136
+ "type": "fixed-response"
1137
+ }
1138
+ ],
1139
+ "loadBalancerARN": {
1140
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN"
1141
+ },
1142
+ "port": 443,
1143
+ "protocol": "HTTPS",
1144
+ "sslPolicy": "ELBSecurityPolicy-2016-08",
1145
+ "mutualAuthentication" : {
1146
+ "mode" : "off",
1147
+ "trustStoreArn": ""
1148
+ }
1149
+ }
1150
+ },
1151
+ "80": null
1152
+ },
1153
+ "AWS::ElasticLoadBalancingV2::ListenerRule": {
1154
+ "443:1": {
1155
+ "spec": {
1156
+ "actions": [
1157
+ {
1158
+ "forwardConfig": {
1159
+ "targetGroups": [
1160
+ {
1161
+ "targetGroupARN": {
1162
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-1:http/status/targetGroupARN"
1163
+ }
1164
+ }
1165
+ ]
1166
+ },
1167
+ "type": "forward"
1168
+ }
1169
+ ],
1170
+ "conditions": [
1171
+ {
1172
+ "field": "host-header",
1173
+ "hostHeaderConfig": {
1174
+ "values": [
1175
+ "app-1.example.com"
1176
+ ]
1177
+ }
1178
+ },
1179
+ {
1180
+ "field": "path-pattern",
1181
+ "pathPatternConfig": {
1182
+ "values": [
1183
+ "/svc-1"
1184
+ ]
1185
+ }
1186
+ }
1187
+ ],
1188
+ "listenerARN": {
1189
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::Listener/443/status/listenerARN"
1190
+ },
1191
+ "priority": 1
1192
+ }
1193
+ },
1194
+ "443:2": {
1195
+ "spec": {
1196
+ "actions": [
1197
+ {
1198
+ "forwardConfig": {
1199
+ "targetGroups": [
1200
+ {
1201
+ "targetGroupARN": {
1202
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-2:http/status/targetGroupARN"
1203
+ }
1204
+ }
1205
+ ]
1206
+ },
1207
+ "type": "forward"
1208
+ }
1209
+ ],
1210
+ "conditions": [
1211
+ {
1212
+ "field": "host-header",
1213
+ "hostHeaderConfig": {
1214
+ "values": [
1215
+ "app-1.example.com"
1216
+ ]
1217
+ }
1218
+ },
1219
+ {
1220
+ "field": "path-pattern",
1221
+ "pathPatternConfig": {
1222
+ "values": [
1223
+ "/svc-2"
1224
+ ]
1225
+ }
1226
+ }
1227
+ ],
1228
+ "listenerARN": {
1229
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::Listener/443/status/listenerARN"
1230
+ },
1231
+ "priority": 2
1232
+ }
1233
+ },
1234
+ "443:3": {
1235
+ "spec": {
1236
+ "actions": [
1237
+ {
1238
+ "forwardConfig": {
1239
+ "targetGroups": [
1240
+ {
1241
+ "targetGroupARN": {
1242
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/ns-1/ing-1-svc-3:https/status/targetGroupARN"
1243
+ }
1244
+ }
1245
+ ]
1246
+ },
1247
+ "type": "forward"
1248
+ }
1249
+ ],
1250
+ "conditions": [
1251
+ {
1252
+ "field": "host-header",
1253
+ "hostHeaderConfig": {
1254
+ "values": [
1255
+ "app-2.example.com"
1256
+ ]
1257
+ }
1258
+ },
1259
+ {
1260
+ "field": "path-pattern",
1261
+ "pathPatternConfig": {
1262
+ "values": [
1263
+ "/svc-3"
1264
+ ]
1265
+ }
1266
+ }
1267
+ ],
1268
+ "listenerARN": {
1269
+ "$ref": "#/resources/AWS::ElasticLoadBalancingV2::Listener/443/status/listenerARN"
1270
+ },
1271
+ "priority": 3
1272
+ }
1273
+ },
1274
+ "80:1": null,
1275
+ "80:2": null,
1276
+ "80:3": null
1277
+ },
1278
+ "AWS::ElasticLoadBalancingV2::LoadBalancer": {
1279
+ "LoadBalancer": {
1280
+ "spec": {
1281
+ "name": "k8s-ns1-ing1-159dd7a143",
1282
+ "scheme": "internet-facing",
1283
+ "subnetMapping": [
1284
+ {
1285
+ "subnetID": "subnet-c"
1286
+ },
1287
+ {
1288
+ "subnetID": "subnet-d"
1289
+ }
1290
+ ]
1291
+ }
1292
+ }
1293
+ }
1294
+ }
1006
1295
}` ,
1007
1296
},
1008
1297
{
0 commit comments