Bug-fix: Clear stale listener SSL configuration when an Ingress is updated#145
Open
jlamillan wants to merge 1 commit into
Open
Bug-fix: Clear stale listener SSL configuration when an Ingress is updated#145jlamillan wants to merge 1 commit into
jlamillan wants to merge 1 commit into
Conversation
jlamillan
force-pushed
the
jlamillan/fix-stale-ssl-bug
branch
from
June 4, 2026 03:26
531be1d to
84aa2f9
Compare
AkarshES
reviewed
Jun 22, 2026
jlamillan
force-pushed
the
jlamillan/fix-stale-ssl-bug
branch
3 times, most recently
from
June 22, 2026 23:02
795726e to
bc9c8bd
Compare
jlamillan
force-pushed
the
jlamillan/fix-stale-ssl-bug
branch
from
June 29, 2026 17:17
bc9c8bd to
2f07119
Compare
|
Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA). To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application. When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated. If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public. |
…figured as TCP passthrough. Signed-off-by: jesse.millan <jesse.millan@oracle.com>
jlamillan
force-pushed
the
jlamillan/fix-stale-ssl-bug
branch
from
June 30, 2026 17:24
0ddd944 to
97f3a94
Compare
AkarshES
approved these changes
Jul 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #144 issue of stale OCI Load Balancer listener SSL configuration when an Ingress is updated to TCP passthrough.
For TCP ingresses, listener TLS config is ignored by design, but existing OCI listener
SslConfigurationcan be left during an update, which can cause corresponding OCI listeners on the load-balancer remainuse-ssl=truewith a cipher suite even though the desired listener protocol was TCP passthrough e.g.Changes
SslConfiguration.sslConfiguration: null.Manual verification
First, I create an
HTTP2Ingress resource withspc.tlsand verifieduse-ssl=trueon the OCI load-balancer listener. Then I subsequently updated the protocol Ingress to beTCPviaoci-native-ingress.oraclecloud.com/protocol: TCPand removedspc.tlsand then re-verified protocol anduse-ssl=falseon the OCI load-balancer. OCI load-balancer was reconciled appropriately.I’ve also repeatedly run our product's integration tests in OCI Native mode with this change which creates multiple OCI load balancers with DNS names and certificates across different Ingress configurations, then validates the endpoints end to end. I also reviewed the OCI Load Balancer work requests and OCI Native ingress controller logs during the CI tests.