Merge pull request #861 from TrekkieCoder/main

loxilb-io/kube-loxilb#34 Initial patch to facilitate https by default
loxilb-io · Nov 2, 2024 · d65e8e7 · d65e8e7
2 parents 4d08274 + 5941e43
commit d65e8e7
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/cicd/common.sh b/cicd/common.sh
@@ -22,6 +22,15 @@ docker_extra_opts=""
 #  lxdocker="ghcr.io/loxilb-io/loxilb:latestu22"
 #fi
 
+
+if [ ! -d loxilb.io ]; then
+  ../common/minica --domains loxilb.io
+  mkdir cert
+  cp minica.pem cert/rootCA.crt
+  cp loxilb.io/cert.pem cert/server.crt
+  cp loxilb.io/key.pem cert/server.key
+fi
+
 loxilbs=()
 
 ## Given a docker name(arg1), return its pid
@@ -118,7 +127,7 @@ spawn_docker_host() {
       get_llb_peerIP $dname
       docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $ka_opts $extra_opts
     else
-      docker run -u root --cap-add SYS_ADMIN   --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log $loxilb_config --name $dname $lxdocker $bgp_opts
+      docker run -u root --cap-add SYS_ADMIN   --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log -v `pwd`/cert:/opt/loxilb/cert/ $loxilb_config --name $dname $lxdocker $bgp_opts
       docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $extra_opts
     fi
   elif [[ "$dtype" == "host" ]]; then

diff --git a/cicd/common/minica b/cicd/common/minica
diff --git a/options/options.go b/options/options.go
@@ -13,7 +13,7 @@ var Opts struct {
 	Host              string         `long:"host" description:"the IP to listen on" default:"0.0.0.0" env:"HOST"`
 	Port              int            `long:"port" description:"the port to listen on for insecure connections" default:"11111" env:"PORT"`
 	TLS               bool           `long:"tls" description:"enable TLS " env:"TLS"`
-	TLSHost           string         `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
+	TLSHost           string         `long:"tls-host" description:"the IP to listen on for tls" default:"0.0.0.0" env:"TLS_HOST"`
 	TLSPort           int            `long:"tls-port" description:"the port to listen on for secure connections" default:"8091" env:"TLS_PORT"`
 	TLSCertificate    flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" default:"/opt/loxilb/cert/server.crt" env:"TLS_CERTIFICATE"`
 	TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" default:"/opt/loxilb/cert/server.key" env:"TLS_PRIVATE_KEY"`