Skip to content

Enable CryptoMB PrivateKeyProvider extension#3752

Merged
istio-testing merged 1 commit intoistio:masterfrom
rveerama1:private-key-provider
Mar 7, 2022
Merged

Enable CryptoMB PrivateKeyProvider extension#3752
istio-testing merged 1 commit intoistio:masterfrom
rveerama1:private-key-provider

Conversation

@rveerama1
Copy link
Copy Markdown
Member

@rveerama1 rveerama1 commented Mar 4, 2022
edited
Loading

What this PR does / why we need it:

Envoy cryptomb contrib extension is an extension which brings tls private key providers features to Istio.

Currently, it can be activated via ProxyConfig in Istio service-mesh environment, the config looks like below:
To set the mesh wide defaults, configure the defaultConfig section of meshConfig. For example:

    meshConfig:
      defaultConfig:
        privateKeyProvider:
          cryptomb:
            pollDelay: 0.01s

This can also be configured on a per-workload basis by configuring the proxy.istio.io/config annotation on the pod.
For example:

    annotations:
      proxy.istio.io/config: |
        privateKeyProvider:
          cryptomb:
            pollDelay: 0.01s

istio-api addition PR: istio/api#2261
istio related changes PR: istio/istio#37681

@rveerama1 @ipuustin
Enable CryptoMB PrivateKeyProvider extension
fad3576 
Co-authored-by: Ismo Puustinen <ismo.puustinen@intel.com>
@rveerama1 rveerama1 requested a review from a team March 4, 2022 09:16
@istio-policy-bot
Copy link
Copy Markdown

istio-policy-bot commented Mar 4, 2022

😊 Welcome @rveerama1! This is either your first contribution to the Istio proxy repo, or it's been
awhile since you've been here.

You can learn more about the Istio working groups, code of conduct, and contributing guidelines
by referring to Contributing to Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

@istio-testing istio-testing added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. needs-ok-to-test labels Mar 4, 2022
@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Mar 4, 2022

Hi @rveerama1. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced Mar 4, 2022
Closed
Merged
@zirain
Copy link
Copy Markdown
Member

zirain commented Mar 5, 2022

/ok-to-test

@istio-testing istio-testing added ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Mar 5, 2022
@rveerama1
Copy link
Copy Markdown
Member Author

rveerama1 commented Mar 7, 2022

/retest

lambdai
lambdai approved these changes Mar 7, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@lambdai lambdai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's ok to me that the proxy build with this contrib extension.

I have concern whether to introduce istio api on top of contrib feature, but it is discussed in istio/api issue

@istio-testing istio-testing merged commit 5642c25 into istio:master Mar 7, 2022
@rveerama1 rveerama1 mentioned this pull request Jun 10, 2022
Merged
5 tasks
@rveerama1 rveerama1 mentioned this pull request Nov 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lambdai lambdai lambdai approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rveerama1 @istio-policy-bot @istio-testing @zirain @lambdai