Skip to content

pilot: fix verified certificate when mtls and referencegrants#55859

Merged
istio-testing merged 2 commits intoistio:masterfrom
kkk777-7:fix-referencegrants-mtls
Apr 15, 2025
Merged

pilot: fix verified certificate when mtls and referencegrants#55859
istio-testing merged 2 commits intoistio:masterfrom
kkk777-7:fix-referencegrants-mtls

Conversation

@kkk777-7
Copy link
Copy Markdown
Contributor

@kkk777-7 kkk777-7 commented Apr 9, 2025

Please provide a description of this PR:
Fixes #55623

Add <secret name>-cacerts to verify Certificate when mtls and referencegrants are satisfied.

@kkk777-7
pilot: fix verified certificate when mtls and referencegrants
6e7fe56 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7 kkk777-7 requested a review from a team as a code owner April 9, 2025 18:36
@istio-policy-bot
Copy link
Copy Markdown

istio-policy-bot commented Apr 9, 2025

😊 Welcome @kkk777-7! This is either your first contribution to the Istio istio repo, or it's been
a while since you've been here.

You can learn more about the Istio working groups, Code of Conduct, and contribution guidelines
by referring to Contributing to Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs-ok-to-test labels Apr 9, 2025
@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Apr 9, 2025

Hi @kkk777-7. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kkk777-7
Copy link
Copy Markdown
Contributor Author

kkk777-7 commented Apr 10, 2025

@howardjohn
thank you review!
Please reply with /ok-to-test

@zirain
Copy link
Copy Markdown
Member

zirain commented Apr 10, 2025

/ok-to-test

@istio-testing istio-testing added ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Apr 10, 2025
@kkk777-7
Add release note
47cb119 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@istio-testing istio-testing merged commit 0f4450c into istio:master Apr 15, 2025
29 checks passed
@AlejandroRodarte
Copy link
Copy Markdown

AlejandroRodarte commented Apr 16, 2025

Hello @kkk777-7, I reported Issue #55623.

Just wanted to comment to thank you for taking the time to fix the issue.

Best of luck and wish you success in your future projects.

fjglira pushed a commit to fjglira/istio that referenced this pull request Sep 26, 2025
Automator: merge upstream changes to openshift-service-mesh/istio@master
951abee 
* upstream/master:
  Automator: update ztunnel@master in istio/istio@master (istio#55950)
  Automator: update proxy@master in istio/istio@master (istio#55938)
  gateway: refactor event handling (istio#55758)
  initial ClusterTrustBundle v1alpha1 support (istio#55592)
  gateway: add support for using workload certificate (istio#55899)
  krt: implement folder based collections (istio#55337)
  support envVarFrom in istiod chart (istio#55872)
  pilot: fix verified certificate when mtls and referencegrants (istio#55859)
  default maxconnectionstoacceptpersocketevent to a sensible value (istio#55817)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howardjohn howardjohn howardjohn approved these changes

Assignees

No one assigned

Labels

ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ReferenceGrants stop working when mTLS is enabled for a Gateway Listener

6 participants

@kkk777-7 @istio-policy-bot @istio-testing @zirain @AlejandroRodarte @howardjohn