-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
control-plane: sds: add stub implementations #144
Conversation
66f475c
to
78c97b6
Compare
4c3fb57
to
de5174d
Compare
78c97b6
to
abef3e1
Compare
f50a15a
to
512bf73
Compare
} | ||
|
||
func (s *server) version(msg proto.Message) string { | ||
return core.NewUUID() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure here, but with XDS such code would mean that Envoy and Control Plane would go back and forth exchanging data, because version is different every time. Can we either hardcode some string or do the same thing as we did with XDS which is comparing previous sent value?
or does it work here just fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The typical workflow on a SDS stream is:
- -> DiscoveryRequest
- <- DiscoveryResponse
- -> DiscoveryRequest (ACK)
after that, there is no more communication.
So, the version can be anything
Token: string(credential), | ||
}, | ||
} | ||
if err := k.client.Create(ctx, tokenReview); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can see that we create this TokenReview
with a client. How K8S then manages it? Don't we have to delete this after the review or K8S will clean it for us?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TokenReview
object is not persisted.
Technically, it's a only method call (POST), but designed to fit into k8s API model
} | ||
} | ||
|
||
func DefaultDataplaneResolver(resourceManager core_manager.ResourceManager) func(context.Context, core_xds.ProxyId) (*core_mesh.DataplaneResource, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the return type can be DataplaneResolver
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry, I interfered into your review process.
Both universal
and k8s
authenticators have been moved into a separate PR - https://github.com/Kong/kuma/pull/149
512bf73
to
dd66383
Compare
199b4a3
to
ce53851
Compare
dd66383
to
ebf8214
Compare
changes:
mesh_ca
certificate (to validate remote side) andindentity_cert
certificate (to authenticate itself to the remote side)