dubbo-xds: remove Istio first-party-jwt dependency #12201
Comments
howardjohn
added
the
type/discussion
|
The reason Dubbo needs first-party-jwt is that right now istio doesn't support injecting these configurations into Dubbo deployments. I think we can remove it after we have a nice way to inject templates. |
|
Istio already has a mechanism to inject arbitrary things, including the token into the app container. Similar example: https://github.com/istio/istio/blob/6e6dd6424d16331678ba11615a678a0c12f3508f/manifests/charts/istio-control/istio-discovery/files/grpc-simple.yaml#L49 |
This configuration is great and can solve most problems. However, I still have a question that the parameters injected by this template currently seem to be a bit "framework bound". This template looks like it has a one-to-one correspondence with the gRPC configuration. Or is it possible to provide a more general injection template in istio? |
|
Sorry for the confusion. The template is just an example one for gRPC (note this one is problematic, as it disables auth entirely, which is being worked on. But just an example of how injection can be used even without a sidecar) https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental shows how you can add completely arbitrary templates |
This is considered legacy in Istio and upstream is looking into removal: istio/istio#44585.
Can you help give some insight on the requirement for this in dubbo and if it can be dropped?
The text was updated successfully, but these errors were encountered: