sds: fix issues with auto-generated TLS cert for SDS server #177

yskopets · 2019-09-08T16:33:04Z

changes:

apparently, Envoy's SDS client (Google gRPC) does require DNS SAN in a X509 cert of an SDS server
auto-generate SDS cert for Postgres-based deployment as well
use RSA keys for SDS certs (for consistency with in-mesh certs and similar troubleshooting)

yskopets requested a review from jakubdyszkiewicz September 8, 2019 16:33

yskopets added control-plane labels Sep 8, 2019

yskopets added this to the 0.1 milestone Sep 8, 2019

yskopets force-pushed the renaming/kuma-injector branch from c68fdbf to d9d091e Compare September 8, 2019 18:04

sds: fix issues with auto-generated TLS cert for SDS server

5991339

yskopets force-pushed the fix/issues-with-tls-cert-for-sds-server branch from 0f74933 to 5991339 Compare September 8, 2019 18:06

jakubdyszkiewicz approved these changes Sep 8, 2019

View reviewed changes

yskopets changed the base branch from renaming/kuma-injector to master September 8, 2019 19:46

yskopets merged commit 90c459d into master Sep 8, 2019

yskopets deleted the fix/issues-with-tls-cert-for-sds-server branch September 10, 2019 12:41

Provide feedback