Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

envoy: Support ca.crt Secrets #20458

Merged
merged 1 commit into from
Jul 14, 2022
Merged

envoy: Support ca.crt Secrets #20458

merged 1 commit into from
Jul 14, 2022

Conversation

jrajahalme
Copy link
Member

Add support for CA certificates in generic secrets with ca.crt
key. These are translated to Envoy validation contexts. Adding support
for remaining Envoy validation context configs is TBD.

Signed-off-by: Jarno Rajahalme jarno@isovalent.com

CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key.

@jrajahalme
envoy: Support ca.crt Secrets
bd30785 
Add support for CA certificates in generic secrets with `ca.crt`
key. These are translated to Envoy validation contexts. Adding support
for remaining Envoy validation context configs is TBD.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme added area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. needs-backport/1.12 labels Jul 11, 2022
@jrajahalme jrajahalme requested a review from a team July 11, 2022 09:33
@jrajahalme jrajahalme requested a review from a team as a code owner July 11, 2022 09:33
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.12.0 Jul 11, 2022
@jrajahalme
Copy link
Member Author

/test

sayboras
sayboras approved these changes Jul 11, 2022
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💯

This PR will open more use cases related to l7 tls feature 💯. Just a note that RBAC secret is currently guarded by ingressController.enabled as per below manifest, we can cleanup/improve later on.

https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/templates/cilium-agent/rolebinding.yaml#L1

@aanm aanm merged commit d45d305 into cilium:master Jul 14, 2022
@ldelossa ldelossa mentioned this pull request Jul 15, 2022
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.12 in 1.12.0 Jul 15, 2022
@aanm aanm added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Jul 18, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.12 to Backport done to v1.12 in 1.12.0 Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

@nathanjsweet nathanjsweet Awaiting requested review from nathanjsweet

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.12.0
Backport done to v1.12
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jrajahalme @sayboras @ldelossa @aanm