jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-06-09 12:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

support ingress secret&skip mcp validate (#36)

Browse Source
This commit is contained in:
澄潭
2022-11-08 11:28:44 +08:00
committed by GitHub
parent 294c26735b
commit 04cfef254a
4 changed files with 76 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
istio/1.12/patches/istio/20221107-mcp-skip-validate.patch Normal file
View File

@@ -0,0 +1,12 @@
diff -Naur istio/pilot/pkg/bootstrap/configcontroller.go new/pilot/pkg/bootstrap/configcontroller.go
--- istio/pilot/pkg/bootstrap/configcontroller.go 2022-11-07 21:47:11.000000000 +0800
+++ new/pilot/pkg/bootstrap/configcontroller.go 2022-11-07 21:50:31.000000000 +0800
@@ -250,7 +250,7 @@
if err != nil {
return fmt.Errorf("failed to dial XDS %s %v", configSource.Address, err)
}
- store := memory.Make(collections.Pilot)
+ store := memory.MakeSkipValidation(collections.Pilot)
configController := memory.NewController(store)
configController.RegisterHasSyncedHandler(xdsMCP.HasSynced)
xdsMCP.Store = model.MakeIstioStore(configController)

37
istio/1.12/patches/istio/20221107-support-ingress-secret.patch Normal file
View File

@@ -0,0 +1,37 @@
diff -Naur istio/pilot/pkg/model/credentials/ali_resource.go new/pilot/pkg/model/credentials/ali_resource.go
--- istio/pilot/pkg/model/credentials/ali_resource.go 2022-11-07 21:40:10.000000000 +0800
+++ new/pilot/pkg/model/credentials/ali_resource.go 2022-11-07 19:03:22.000000000 +0800
@@ -4,6 +4,7 @@
"fmt"
"strings"
+ "istio.io/istio/pilot/pkg/features"
"istio.io/istio/pkg/cluster"
)
@@ -13,6 +14,9 @@
)
func ToKubernetesIngressResource(clusterId, namespace, name string) string {
+ if clusterId == "" {
+ clusterId = features.ClusterName
+ }
return fmt.Sprintf("%s://%s/%s/%s", KubernetesIngressSecretType, clusterId, namespace, name)
}
diff -Naur istio/pilot/pkg/xds/sds.go new/pilot/pkg/xds/sds.go
--- istio/pilot/pkg/xds/sds.go 2022-11-07 21:40:10.000000000 +0800
+++ new/pilot/pkg/xds/sds.go 2022-11-07 21:44:28.000000000 +0800
@@ -229,6 +229,12 @@
} else {
deniedResources = append(deniedResources, r.Name)
}
+ case credentials.KubernetesIngressSecretType:
+ if isAuthorized() {
+ allowedResources = append(allowedResources, r)
+ } else {
+ deniedResources = append(deniedResources, r.Name)
+ }
default:
// Should never happen
log.Warnf("unknown credential type %q", r.Type)