Revert "Add sds_name into gateway config."#777
Closed
rshriram wants to merge 3 commits intorelease-1.1from
Closed
Conversation
Collaborator
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rshriram The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
googlebot
added
the
cla: yes
rshriram
requested review from
JimmyCYJ and
wenchenglu
and removed request for
frankbu and
kyessenov
Contributor
|
Using the name of the gateway resource sounds like a reasonable convention,
+1
…On Tue, Jan 29, 2019, 11:14 istio-bot ***@***.***> wrote:
[APPROVALNOTIFIER] This PR is *APPROVED*
This pull-request has been approved by: *rshriram
<#777#>*
The full list of commands accepted by this bot can be found here
<https://go.k8s.io/bot-commands>.
The pull request process is described here
<https://git.k8s.io/community/contributors/guide/owners.md#the-code-review-process>
Needs approval from an approver in each of these files:
- OWNERS <https://github.com/istio/api/blob/release-1.1/OWNERS>
[rshriram]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#777 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAFI6ip4YYbGYOQO9XGpmaLqYDRiPePHks5vIJ2pgaJpZM4aYvRO>
.
|
Member
|
cc @myidpt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reverts #772
This change had several implications that were not fully considered. The servers on a gateway are merged. Server hosts can be of ns/* format or just *.
On an API level, asking for both the certificates and some SDS name does not provide an indication of which one will be used. One could specify arbitrary cert paths and soem valid SDS name or vice versa, making it hard to reason about the system behavior.
The right design should be to use the port name.gatewayname.namespace as the sds name in code, thus requiring no user input in the API. Or atleast a oneOf sdsName and certs so that the user can be explicit about the use of SDS, along with a constraint that SDS names must be unique across all servers in the system.