no tls for internal services

knative-extensions · Jun 20, 2022 · 70c66a4 · 70c66a4
1 parent d690d73
commit 70c66a4
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 18 deletions.
diff --git a/config/200-serviceaccount.yaml b/config/200-serviceaccount.yaml
@@ -55,7 +55,6 @@ rules:
  - apiGroups: ["networking.internal.knative.dev"]
  resources: ["ingresses/status"]
  verbs: ["update"]
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -73,10 +73,6 @@ const (
  // ListenerPortAnnotationKey is the annotation key for assigning the ingress to a particular
  // envoy listener port. Only applicable to internal services.
  ListenerPortAnnotationKey = "kourier.knative.dev/listener-port"
-
- // TLSListenerPortAnnotationKey is the annotation key for assigning the ingress to a particular
- // envoy listener port for TLS connection. Only applicable to internal services.
- TLSListenerPortAnnotationKey = "kourier.knative.dev/listener-tls-port"
 )
 
 var disableHTTP2Annotation = kmap.KeyPriority{

diff --git a/pkg/generator/caches.go b/pkg/generator/caches.go
@@ -149,9 +149,8 @@ func (caches *Caches) ToEnvoySnapshot(ctx context.Context) (cache.Snapshot, erro
  localVHostsForListener := localVHostsPerListener[translatedIngress.listener].vhost
  localVHostsForListener = append(localVHostsForListener, translatedIngress.internalVirtualHosts...)
  localVHostsPerListener[translatedIngress.listener] = portVHost{
- port: translatedIngress.port,
- tlsPort: translatedIngress.tlsPort,
- vhost: localVHostsForListener,
+ port: translatedIngress.port,
+ vhost: localVHostsForListener,
  }
  } else {
  localVHosts = append(localVHosts, translatedIngress.internalVirtualHosts...)

diff --git a/pkg/generator/ingress_translator.go b/pkg/generator/ingress_translator.go
@@ -50,7 +50,6 @@ type translatedIngress struct {
  name types.NamespacedName
  listener string
  port uint32
- tlsPort uint32
  sniMatches []*envoy.SNIMatch
  clusters []*v3.Cluster
  externalVirtualHosts []*route.VirtualHost
@@ -268,7 +267,6 @@ func (translator *IngressTranslator) translateIngress(ctx context.Context, ingre
  }
  listener := ""
  port := uint32(0)
- tlsPort := uint32(0)
 
  if config.FromContext(ctx).Kourier.TrafficIsolation == pkgconfig.IsolationIngressPort {
  logger.Infof("Getting namespace %v\n", ingress.Namespace)
@@ -286,13 +284,6 @@ func (translator *IngressTranslator) translateIngress(ctx context.Context, ingre
  }
  port = uint32(p)
  }
- if value, ok := ns.Annotations[pkgconfig.TLSListenerPortAnnotationKey]; ok {
- p, err := strconv.ParseInt(value, 10, 32)
- if err != nil {
- return nil, err
- }
- tlsPort = uint32(p)
- }
  }
 
  // REVISIT: When neither annotations if found then default to the default behavior (no isolation)
@@ -305,7 +296,6 @@ func (translator *IngressTranslator) translateIngress(ctx context.Context, ingre
  },
  listener: listener,
  port: port,
- tlsPort: tlsPort,
  sniMatches: sniMatches,
  clusters: clusters,
  externalVirtualHosts: externalHosts,