control-plane: sds: add stub implementations #144
Conversation
yskopets
force-pushed
the
feature/sds-listen-on-tls
branch
from
66f475c
to
78c97b6
Compare
yskopets
force-pushed
the
feature/sds-stub-providers
branch
from
4c3fb57
to
de5174d
Compare
yskopets
force-pushed
the
feature/sds-listen-on-tls
branch
from
78c97b6
to
abef3e1
Compare
yskopets
force-pushed
the
feature/sds-stub-providers
branch
2 times, most recently
from
f50a15a
to
512bf73
Compare
| } | ||
|
|
||
| func (s *server) version(msg proto.Message) string { | ||
| return core.NewUUID() |
There was a problem hiding this comment.
I'm not sure here, but with XDS such code would mean that Envoy and Control Plane would go back and forth exchanging data, because version is different every time. Can we either hardcode some string or do the same thing as we did with XDS which is comparing previous sent value?
or does it work here just fine?
There was a problem hiding this comment.
The typical workflow on a SDS stream is:
- -> DiscoveryRequest
- <- DiscoveryResponse
- -> DiscoveryRequest (ACK)
after that, there is no more communication.
So, the version can be anything
| Token: string(credential), | ||
| }, | ||
| } | ||
| if err := k.client.Create(ctx, tokenReview); err != nil { |
There was a problem hiding this comment.
I can see that we create this TokenReview with a client. How K8S then manages it? Don't we have to delete this after the review or K8S will clean it for us?
There was a problem hiding this comment.
TokenReview object is not persisted.
Technically, it's a only method call (POST), but designed to fit into k8s API model
| } | ||
| } | ||
|
|
||
| func DefaultDataplaneResolver(resourceManager core_manager.ResourceManager) func(context.Context, core_xds.ProxyId) (*core_mesh.DataplaneResource, error) { |
There was a problem hiding this comment.
the return type can be DataplaneResolver
There was a problem hiding this comment.
sorry, I interfered into your review process.
Both universal and k8s authenticators have been moved into a separate PR - https://github.com/Kong/kuma/pull/149
yskopets
force-pushed
the
feature/sds-stub-providers
branch
from
512bf73
to
dd66383
Compare
yskopets
changed the base branch from
feature/sds-listen-on-tls
to
feature/add-builtin-ca-manager
yskopets
force-pushed
the
feature/add-builtin-ca-manager
branch
from
199b4a3
to
ce53851
Compare
yskopets
changed the base branch from
feature/add-builtin-ca-manager
to
master
yskopets
force-pushed
the
feature/sds-stub-providers
branch
from
dd66383
to
ebf8214
Compare
changes:
mesh_cacertificate (to validate remote side) andindentity_certcertificate (to authenticate itself to the remote side)