🔨 fix: empty CA Certificate when update https listener, lb4 sync afte…

…r 60s init
vngcloud · Jun 25, 2024 · 65691cc · 65691cc
1 parent 755044a
commit 65691cc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/pkg/utils/vngcloud/loadbalancer_utils.go b/pkg/utils/vngcloud/loadbalancer_utils.go
@@ -237,8 +237,8 @@ func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.Create
 		CertificateAuthorities:      lisOptions.CertificateAuthorities,
 
 		// not support update these fields
-		Headers:           ilis.Headers, // L7: if this field is nil, it will update empty ? => set it nil in L4
-		ClientCertificate: nil,
+		Headers:           ilis.Headers,                         // L7: if this field is nil, it will update empty ? => set it nil in L4
+		ClientCertificate: ilis.ClientCertificateAuthentication, // L7: if this field is nil, it will update empty ? => set it nil in L4
 	}
 	if ilis.AllowedCidrs != lisOptions.AllowedCidrs ||
 		ilis.TimeoutClient != lisOptions.TimeoutClient ||

diff --git a/pkg/vngcloud/vlb.go b/pkg/vngcloud/vlb.go
@@ -117,6 +117,7 @@ func (c *vLB) Init() {
 		return
 	}
 
+	time.Sleep(60 * time.Second)
 	go wait.Until(c.nodeSyncLoop, 60*time.Second, c.stopCh)
 	<-c.stopCh
 }
@@ -876,6 +877,10 @@ func (c *vLB) ensureListenerV2(lbID, lisName string, listenerOpts listener.Creat
 	updateOpts := vngcloudutil.CompareListenerOptions(lis, &listenerOpts)
 	if updateOpts != nil {
 		updateOpts.Headers = nil
+		updateOpts.ClientCertificate = nil
+		updateOpts.DefaultCertificateAuthority = nil
+		updateOpts.CertificateAuthorities = nil
+
 		err := vngcloudutil.UpdateListener(c.vLBSC, c.getProjectID(), lbID, lis.UUID, updateOpts)
 		if err != nil {
 			klog.Error("error when update listener: ", err)