Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mtls prototype 1 #2

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
6 changes: 6 additions & 0 deletions cmd/controller/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ func main() {
endpointsInformer := kubeInformerFactory.Core().V1().Endpoints()
configMapInformer := kubeInformerFactory.Core().V1().ConfigMaps()
virtualServiceInformer := servingInformerFactory.Networking().V1alpha3().VirtualServices()
destinationRuleInformer := servingInformerFactory.Networking().V1alpha3().DestinationRules()
authenticationPolicyInformer := servingInformerFactory.Authentication().V1alpha1().Policies()
vpaInformer := vpaInformerFactory.Poc().V1alpha1().VerticalPodAutoscalers()

// Build all of our controllers, with the clients constructed above.
Expand All @@ -160,6 +162,8 @@ func main() {
endpointsInformer,
configMapInformer,
vpaInformer,
destinationRuleInformer,
authenticationPolicyInformer,
&revControllerConfig,
),
route.NewController(
Expand Down Expand Up @@ -201,6 +205,8 @@ func main() {
endpointsInformer.Informer().HasSynced,
configMapInformer.Informer().HasSynced,
virtualServiceInformer.Informer().HasSynced,
destinationRuleInformer.Informer().HasSynced,
authenticationPolicyInformer.Informer().HasSynced,
} {
if ok := cache.WaitForCacheSync(stopCh, synced); !ok {
logger.Fatalf("failed to wait for cache at index %v to sync", i)
Expand Down
10 changes: 8 additions & 2 deletions config/200-clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@ rules:
resources: ["builds"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices"]
resources: ["virtualservices", "destinationrules"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["authentication.istio.io"]
resources: ["policies"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
---
kind: ClusterRole
Expand Down Expand Up @@ -55,5 +58,8 @@ rules:
resources: ["builds"]
verbs: ["get", "list", "update", "patch", "watch"]
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices"]
resources: ["virtualservices", "destinationrules"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["authentication.istio.io"]
resources: ["policies"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
22 changes: 22 additions & 0 deletions config/400-activator-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,25 @@ spec:
port: 80
targetPort: 8080
type: NodePort
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: activator-destination-rule
namespace: knative-serving
spec:
host: activator-service.knative-serving.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
---
apiVersion: "authentication.istio.io/v1alpha1"
kind: Policy
metadata:
name: activator-service-auth-policy
namespace: knative-serving
spec:
targets:
- name: activator-service
peers:
- mtls:
2 changes: 1 addition & 1 deletion hack/update-codegen.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ CODEGEN_PKG=${CODEGEN_PKG:-$(cd ${SERVING_ROOT}; ls -d -1 ./vendor/k8s.io/code-g
# instead of the $GOPATH directly. For normal projects this can be dropped.
${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \
github.com/knative/serving/pkg/client github.com/knative/serving/pkg/apis \
"serving:v1alpha1 istio:v1alpha3" \
"serving:v1alpha1 istio:v1alpha3 istio/authentication:v1alpha1" \
--go-header-file ${SERVING_ROOT}/hack/boilerplate/boilerplate.go.txt

# Update code to change Gatewaies -> Gateways to workaround cleverness of codegen pluralizer.
Expand Down
18 changes: 18 additions & 0 deletions pkg/apis/istio/authentication/register.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package authentication

const (
GroupName = "authentication.istio.io"
)
23 changes: 23 additions & 0 deletions pkg/apis/istio/authentication/v1alpha1/doc.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
Copyright 2018 The Knative Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Api versions allow the api contract for a resource to be changed while keeping
// backward compatibility by support multiple concurrent versions
// of the same resource

// +k8s:deepcopy-gen=package
// +groupName=authentication.istio.io
package v1alpha1
Loading