chore: make CA certificate annotations use plural form (#6845)

Kong · Dec 16, 2024 · 7d370af · 7d370af · github-actions · Dec 16, 2024
1 parent 15200c7
commit 7d370af
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -205,8 +205,10 @@ Adding a new version? You'll need three changes:
     upstream connections of a `Service`.
   - `konghq.com/tls-verify-depth`: set to an integer to specify the maximum
     depth of the certificate chain that will be verified.
-  - `konghq.com/ca-certificates`: set to a comma-delimited list of CA
-    certificates' names to use for verification.
+  - `konghq.com/ca-certificates-secrets`: set to a comma-delimited list of CA
+    certificate Secrets' names to use for verification.
+  - `konghq.com/ca-certificates-configmaps`: set to a comma-delimited list of CA
+    certificate ConfigMaps' names to use for verification.
   [#6707](https://github.com/Kong/kubernetes-ingress-controller/pull/6707)
 - Combine Kong gateway services from rules of `HTTPRoute` sharing the same
   backends (same combination of group, kind, namespace, name, port and weight)

diff --git a/examples/ingress-upstream-tls.yaml b/examples/ingress-upstream-tls.yaml
@@ -42,10 +42,10 @@ metadata:
     app: goecho
   name: goecho
   annotations:
-    konghq.com/tls-verify: "true"           # Enable TLS verification of the upstream.
-    konghq.com/ca-certificates-secret: "ca" # The CA root certificate secret used for verification.
-    konghq.com/protocol: "https"            # Has to be either https or tls when TLS verification is enabled.
-    konghq.com/host-header: "goecho"        # This will make Kong use `goecho` server name when validating server-presented TLS certificate.
+    konghq.com/tls-verify: "true"            # Enable TLS verification of the upstream.
+    konghq.com/ca-certificates-secrets: "ca" # The CA root certificate secret used for verification.
+    konghq.com/protocol: "https"             # Has to be either https or tls when TLS verification is enabled.
+    konghq.com/host-header: "goecho"         # This will make Kong use `goecho` server name when validating server-presented TLS certificate.
 spec:
   ports:
   - port: 443

diff --git a/internal/annotations/annotations.go b/internal/annotations/annotations.go
@@ -69,8 +69,8 @@ const (
 	RewriteURIKey               = "/rewrite"
 	TLSVerifyKey                = "/tls-verify"
 	TLSVerifyDepthKey           = "/tls-verify-depth"
-	CACertificatesSecretsKey    = "/ca-certificates-secret"
-	CACertificatesConfigMapsKey = "/ca-certificates-configmap"
+	CACertificatesSecretsKey    = "/ca-certificates-secrets"
+	CACertificatesConfigMapsKey = "/ca-certificates-configmaps"
 
 	// GatewayClassUnmanagedKey is an annotation used on a Gateway resource to
 	// indicate that the GatewayClass should be reconciled according to unmanaged
Benchmark suite	Current: `7d370af`	Previous: `15200c7`	Ratio
`BenchmarkGetPluginRelations`	`22743` ns/op 7600 B/op 66 allocs/op	`8180` ns/op 7600 B/op 66 allocs/op	`2.78`
`BenchmarkGetPluginRelations - ns/op`	`22743` ns/op	`8180` ns/op	`2.78`