Conversation
| return false | ||
| } | ||
|
|
||
| pod, err := client.CoreV1().Pods(podNamespace).Get(context.TODO(), podName, metav1.GetOptions{}) |
There was a problem hiding this comment.
donot call apiserver each time, we could get from the informer cache
| return false | ||
| } | ||
|
|
||
| if pod.Annotations["kmesh.net/redirection"] == "enabled" && pod.Annotations["kmesh.net/bypass"] == "" { |
|
|
||
| pod, err := client.CoreV1().Pods(podNamespace).Get(context.TODO(), podName, metav1.GetOptions{}) | ||
| if err != nil { | ||
| log.Errorf("failed to get pod: %v", err) |
There was a problem hiding this comment.
| log.Errorf("failed to get pod: %v", err) | |
| log.Errorf("get pod failed: %v", err) |
| var secertManager *security.SecretManager | ||
| var err error | ||
| if c.enableSecretManager { | ||
| secertManager, err = security.NewSecretManager() |
There was a problem hiding this comment.
Does ad mode need to start secret manager too?
There was a problem hiding this comment.
no, ads mode is not support now
| func sendCertRequest(security *kmeshsecurity.SecretManager, pod *corev1.Pod, op int) { | ||
| if security != nil { | ||
| Identity := spiffe.Identity{ | ||
| TrustDomain: "cluster.local", |
Codecov ReportAttention: Patch coverage is
... and 2 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
316d1eb to
0fbdb4c
Compare
6845ed2 to
803f7f4
Compare
Signed-off-by: let-bit <glfhmzmy@126.com>
Signed-off-by: let-bit <glfhmzmy@126.com>
| "time" | ||
|
|
||
| "istio.io/istio/pkg/spiffe" | ||
|
|
| }, | ||
| DeleteFunc: func(obj interface{}) { | ||
| pod, ok := obj.(*corev1.Pod) | ||
| if !ok { |
There was a problem hiding this comment.
To be more accurate add the below cast
// When a delete is dropped, the relist will notice a job in the store not
// in the list, leading to the insertion of a tombstone object which contains
// the deleted key/value. Note that this value might be stale.
if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok {
utilruntime.HandleError(fmt.Errorf("couldn't get object from tombstone %#v", obj))
return
}
job, ok = tombstone.Obj.(*corev1.Pod)
if !ok {
utilruntime.HandleError(fmt.Errorf("tombstone contained object that is not a Job %#v", obj))
return
}
}
Signed-off-by: let-bit <glfhmzmy@126.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
What type of PR is this?
/kind enhancement
What this PR does / why we need it:
kmesh secutity only manage pod managed by kmesh
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: