Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(k8s-discovery): support mTLS #8699

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

feat(k8s-discovery): support mTLS #8699

wants to merge 15 commits into from
+752 −22

Conversation

e1ijah1
Copy link

@e1ijah1 e1ijah1 commented Jan 17, 2023
edited

Description

support mTLS authentication with kubernetes apiserver for discovery

Fixes #7516

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@e1ijah1 e1ijah1 marked this pull request as ready for review January 26, 2023 09:23
@e1ijah1 e1ijah1 mentioned this pull request Jan 27, 2023
Closed
5 tasks
@e1ijah1
chore: fix kubernetes ci
97c996d
@e1ijah1
chore: fix kubernetes test
3d42072 
chore: fix kubernetes ci environment variables

chore: fix kubernetes ci environment variables
spacewander
spacewander reviewed Jan 28, 2023
View reviewed changes
.github/workflows/kubernetes-ci.yml Outdated Show resolved Hide resolved
.github/workflows/kubernetes-ci.yml Outdated

export BASE64_CSR=$(cat ./t/certs/k8s_mtls.csr | base64 | tr -d '\n')

envsubst < ./t/certs/k8s_mtls_csr.yaml | kubectl apply -f -
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to set up a mtls proxy in the CI. Pros:

  1. don't need to touch current k8s config
  2. don't need to add cert config in non-mtls test
  3. we can cover non-mtls path in the test
  4. we can test different cert without duplicate k8s env

@spacewander
Copy link
Member

Please make the CI pass, thanks!

@github-actions
Copy link

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

@github-actions github-actions bot added the stale label Sep 20, 2023
@moonming
Copy link
Member

moonming commented Oct 9, 2023

@e1ijah1 do you have time to fix comments and make CI happy? thanks

@e1ijah1
Copy link
Author

e1ijah1 commented Oct 12, 2023

@e1ijah1 do you have time to fix comments and make CI happy? thanks

I would like to try to fix the CI this weekend😊

@moonming
Copy link
Member

@e1ijah1 do you have time to fix comments and make CI happy? thanks

I would like to try to fix the CI this weekend😊

great 👍

@Revolyssup
Copy link
Contributor

@e1ijah1 Any progress so far here?

@github-actions GitHub Actions
Copy link

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

@github-actions github-actions bot added the stale label Dec 30, 2023
@github-actions GitHub Actions
Copy link

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.

@github-actions github-actions bot closed this Jan 27, 2024
@Revolyssup Revolyssup reopened this Jan 29, 2024
@Revolyssup
Copy link
Contributor

@e1ijah1 Are you still working on this PR?

@github-actions github-actions bot removed the stale label Jan 29, 2024
@Revolyssup
Copy link
Contributor

@e1ijah1 Can you resolve the merge conflicts and make some progress on this PR?

@Revolyssup
Copy link
Contributor

@e1ijah1 Looks like you're no longer available. Maybe @shreemaan-abhishek can take this one.

@nitishfy
Copy link

Is there anyone working on this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spacewander spacewander spacewander left review comments

@shreemaan-abhishek shreemaan-abhishek Awaiting requested review from shreemaan-abhishek

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Apache APISIX backlog
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: add mTLS authentication with kubernetes apiserver
6 participants
@e1ijah1 @spacewander @moonming @Revolyssup @nitishfy @monkeyDluffy6017