Refactor CA to plugins #694
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lobkovilya
reviewed
Apr 23, 2020
app/kumactl/cmd/get/get_meshes.go
Outdated
| mtls = "builtin" | ||
| } | ||
| if mesh.MTLSEnabled() { | ||
| mtls = mesh.Spec.GetMtls().GetEnabledBackend() |
There was a problem hiding this comment.
Maybe makes sense to write its type also, like builtin/ca-1? Because that change makes kumactl get meshes less informative
There was a problem hiding this comment.
Question to @subnetmarco how should kumactl get meshes look like?
Right now given
type: Mesh
name: default
mtls:
enabledBackend: ca-1
backends:
- name: ca-1
type: builtin
- name: ca-2
type: provided
config: ...
I print
NAME mTLS METRICS LOGGING TRACING
default ca-1 off off off
If enabledBackend is not specified, I print off.
Ilya's argument is that it less information because previously we've seen the type (only the type since it was 1 CA per mesh)
There was a problem hiding this comment.
We came into conclusion with Marco that we will only display current backend with a format like you proposed which is type/name.
I will refactor also others in the same way when I unify the config for Tracing/Logging/Metrics.
jakubdyszkiewicz
force-pushed
the
feat/secrets-api
branch
from
76f242f
to
7da2b30
Compare
jakubdyszkiewicz
force-pushed
the
feat/refactor-provided
branch
from
c7cc0df
to
653491c
Compare
jakubdyszkiewicz
force-pushed
the
feat/refactor-provided
branch
from
653491c
to
5662311
Compare
lobkovilya
approved these changes
Apr 27, 2020
jakubdyszkiewicz
force-pushed
the
feat/refactor-provided
branch
from
d378de7
to
04c791c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Mesh model
Mesh model changed from
to
Config can be anything (
google.protobuf.Struct) therefore each plugin has to validate it's backend.This also means that there might be multiple backends of the same type in one Mesh.
Provided CA
In case of provided, we no longer have to upload cert+key with
kumactl manage ca provided. Instead you use Secret Management API to upload cert as a secret and reference it in the config.Therefore
kumactl manage ca provided(whole manage subcommand) is gone as well as webservice to handle it.We no longer have to validate if there is only one cert since config implies that there is only one.
Data Source
I introduced a concept of
DataSource. When defining a cert and key for providedyou can also provide the cert and key via file or with just inline bytes.
It was easy to implement and it's great for testing and may be also used on production if someone prefers to store certs in files.
Tests
Builtin CA was lacking in tests, so I added them. Tests for provided had to be rewritten.
I'm sorry about the volume of this PR. It was all tangled up and was really hard to split into multiple PRs and keep the functionality working.