Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup workload SDS for egress #20543

Merged
merged 1 commit into from
Jan 27, 2020
Merged

Setup workload SDS for egress #20543

merged 1 commit into from
Jan 27, 2020

Conversation

howardjohn
Copy link
Member

@howardjohn howardjohn commented Jan 27, 2020
edited by istio-policy-bot

Right now egress is in a pretty broken state because we expect
everything to be on SDS, but egress isn't. If we turn SDS on, we get
Ingress SDS which is broken for Egress. This attempts to get just
workload SDS, not Gateway sds.

For #20535

@howardjohn
Setup workload SDS for egress
9f6aa02 
Right now egress is in a pretty broken state because we expect
everything to be on SDS, but egress isn't. If we turn SDS on, we get
Ingress SDS which is broken for Egress. This attempts to get just
workload SDS, not Gateway sds.

For istio#20535
@istio-testing istio-testing added the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Jan 27, 2020
@googlebot googlebot added the cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. label Jan 27, 2020
@istio-testing istio-testing added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 27, 2020
@howardjohn howardjohn marked this pull request as ready for review January 27, 2020 16:07
@howardjohn howardjohn requested review from a team as code owners January 27, 2020 16:07
@istio-testing istio-testing removed the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Jan 27, 2020
@howardjohn howardjohn added this to the 1.5 milestone Jan 27, 2020
@howardjohn howardjohn mentioned this pull request Jan 27, 2020
Merged
JimmyCYJ
JimmyCYJ reviewed Jan 27, 2020
View reviewed changes
Copy link
Member

@JimmyCYJ JimmyCYJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have any integration test, or restore the TestSdsEgressGatewayIstioMutual to cover this change?
https://github.com/istio/istio/blob/master/tests/integration/security/sds_egress/sds_istio_mutual_egress_test.go

@howardjohn
Copy link
Member Author

@JimmyCYJ we don't have great coverage. We cannot restore that test since its broken. I have another PR that add some egress coverage: #20551 but its not doing anything with secrets

@istio-testing istio-testing merged commit f94d9b5 into istio:master Jan 27, 2020
This was referenced Jan 28, 2020
Open
Closed
howardjohn added a commit to howardjohn/istio that referenced this pull request Jan 29, 2020
@howardjohn
Setup workload SDS for egress (istio#20543)
97680fe 
Right now egress is in a pretty broken state because we expect
everything to be on SDS, but egress isn't. If we turn SDS on, we get
Ingress SDS which is broken for Egress. This attempts to get just
workload SDS, not Gateway sds.

For istio#20535

(cherry picked from commit f94d9b5)
@howardjohn howardjohn mentioned this pull request Jan 29, 2020
Merged
istio-testing pushed a commit that referenced this pull request Jan 30, 2020
@howardjohn
Cherrypick Ingress SDS fixes to 1.5 (#20665)
c31b832 
* Setup workload SDS for egress (#20543)

Right now egress is in a pretty broken state because we expect
everything to be on SDS, but egress isn't. If we turn SDS on, we get
Ingress SDS which is broken for Egress. This attempts to get just
workload SDS, not Gateway sds.

For #20535

(cherry picked from commit f94d9b5)

* Istiod/fix ingress sds (#20625)

* Fix ingress SDS

* Temporarily turn on all tests

* Revert "Temporarily turn on all tests"

This reverts commit 4dd318e5401820cf2cf7d4c2451beede0c962a96.

* fix merge

(cherry picked from commit 3940640)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elfinhe elfinhe elfinhe approved these changes

@JimmyCYJ JimmyCYJ JimmyCYJ approved these changes

Assignees

@myidpt myidpt

@JimmyCYJ JimmyCYJ

Labels
cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
1.5
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@howardjohn @elfinhe @JimmyCYJ @myidpt @googlebot @istio-testing