Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve SDS service at Citadel agent #15850

Closed
JimmyCYJ opened this issue Jul 25, 2019 · 3 comments
Closed

Improve SDS service at Citadel agent #15850

JimmyCYJ opened this issue Jul 25, 2019 · 3 comments
Assignees
@JimmyCYJ
Labels
area/security lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while

Comments

@JimmyCYJ
Copy link
Member

JimmyCYJ commented Jul 25, 2019
edited
Loading

Bug description
Currently there are some improvements required at Citadel agent.

  1. Make sure only one push is done per SDS request. We don't check push numbers for each SDS request, and we need to avoid multiple pushes.
  2. Handle nonce in SDS request properly. This field is ignored by Citadel agent, only version info and token are checked.
  3. Handle error_detail in a SDS request, we can log the error and add metrics for this error. Better to make this behavior consistent with Pilot.

Affected product area (please put an X in all that apply)

[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[X] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

#13439
@JimmyCYJ JimmyCYJ self-assigned this Jul 25, 2019
@JimmyCYJ
Copy link
Member Author

cc @quanjielin @myidpt

This was referenced Jul 25, 2019
Merged
Merged
Merged
@stale
Copy link

stale bot commented Oct 24, 2019

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Oct 24, 2019
@istio-policy-bot istio-policy-bot added lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while lifecycle/needs-triage and removed stale labels Oct 24, 2019
@istio-policy-bot
Copy link

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2019-07-25. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

@istio-policy-bot istio-policy-bot added the lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. label Feb 19, 2020
@JimmyCYJ JimmyCYJ mentioned this issue Feb 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JimmyCYJ JimmyCYJ

Labels
area/security lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JimmyCYJ @istio-policy-bot