jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-30 07:37:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Jwt policy compat (#266)

Browse Source
This commit is contained in:
澄潭
2023-04-03 16:14:42 +08:00
committed by GitHub
parent 7fd3f43c0d
commit 5f32e159e5
10 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
helm/core/templates/controller-deployment.yaml
View File

@@ -80,7 +80,7 @@ spec:
- name: REVISION
value: "{{ .Values.revision | default `default` }}"
- name: JWT_POLICY
value: {{ .Values.global.jwtPolicy }}
value: {{ include "controller.jwtPolicy" . }}
- name: PILOT_CERT_PROVIDER
value: "istiod"
- name: POD_NAME
@@ -147,7 +147,7 @@ spec:
volumeMounts:
- name: config
mountPath: /etc/istio/config
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
{{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token
mountPath: /var/run/secrets/tokens
readOnly: true
@@ -241,7 +241,7 @@ spec:
- emptyDir:
medium: Memory
name: local-certs
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
{{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token
projected:
sources:
@@ -249,6 +249,7 @@ spec:
audience: {{ .Values.global.sds.token.aud }}
expirationSeconds: 43200
path: istio-token
{{- end }}
# Optional: user-generated root
- name: cacerts
secret:
@@ -264,4 +265,3 @@ spec:
name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
{{- end }}
{{- end }}
{{- end }}