feat(ingress): add secret validation to ingress analyzer

This commit adds a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster. This helps to ensure that only valid secrets are used in the ingress configuration. Signed-off-by: Matthis Holleville <matthish29@gmail.com>
k8sgpt-ai · Mar 29, 2023 · ba5c666 · ba5c666
1 parent fe683b7
commit ba5c666
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pkg/analyzer/ingressAnalyzer.go b/pkg/analyzer/ingressAnalyzer.go
@@ -33,6 +33,12 @@ func AnalyzeIngress(ctx context.Context, config *AnalysisConfiguration, client *
 			}
 		}
 
+		for _, tls := range ing.Spec.TLS {
+			_, err := client.GetClient().CoreV1().Secrets(ing.Namespace).Get(ctx, tls.SecretName, metav1.GetOptions{})
+			if err != nil {
+				failures = append(failures, fmt.Sprintf("Ingress uses the secret %s/%s as a TLS certificate which does not exist.", ing.Namespace, tls.SecretName))
+			}
+		}
 		if len(failures) > 0 {
 			preAnalysis[fmt.Sprintf("%s/%s", ing.Namespace, ing.Name)] = PreAnalysis{
 				Ingress:        ing,