Skip to content

envoy: avoid syncing empty Envoy secret #35521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2024
Merged

envoy: avoid syncing empty Envoy secret #35521

merged 1 commit into from
Oct 24, 2024

Conversation

mhofstetter
Copy link
Member

Currently, the Envoy SecretSync on the Cilium Agent (sending K8s secrets from the K8s Secret namespace via xDS to Envoy) sends an "empty" Envoy secret resource if it's not possible to map the K8s secret into a corresponding Envoy secret type.

To avoid confusion, this refactoring doesn't sync K8s secrets that can't be mapped to a corresponding Envoy secret type.

Suggested-by: Yutaro Hayakawa yutaro.hayakawa@isovalent.com

@mhofstetter mhofstetter added kind/enhancement This would improve or streamline existing functionality. area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. release-note/misc This PR makes changes that have no direct user impact. labels Oct 24, 2024
YutaroHayakawa
YutaroHayakawa reviewed Oct 24, 2024
View reviewed changes
@mhofstetter
envoy: avoid syncing empty Envoy secret
4cdadd1 
Currently, the Envoy SecretSync on the Cilium Agent (sending K8s secrets
from the K8s Secret namespace via xDS to Envoy) sends an "empty" Envoy secret
resource if it's not possible to map the K8s secret into a corresponding
Envoy secret type.

To avoid confusion, this refactoring doesn't sync K8s secrets that can't
be mapped to a corresponding Envoy secret type.

Suggested-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/envoy-secretsync-avoid-empty-secret branch from fbcb603 to 4cdadd1 Compare October 24, 2024 10:06
@mhofstetter
Copy link
Member Author

/test

@mhofstetter mhofstetter requested a review from sayboras October 24, 2024 10:41
@mhofstetter mhofstetter marked this pull request as ready for review October 24, 2024 10:41
@mhofstetter mhofstetter requested a review from a team as a code owner October 24, 2024 10:41
sayboras
sayboras approved these changes Oct 24, 2024
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks and lgtm ✔️

YutaroHayakawa
YutaroHayakawa approved these changes Oct 24, 2024
View reviewed changes
Copy link
Member

@YutaroHayakawa YutaroHayakawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Oct 24, 2024
@julianwiedmann julianwiedmann added this pull request to the merge queue Oct 24, 2024
Merged via the queue into cilium:main with commit f6109cc Oct 24, 2024
69 checks passed
@mhofstetter mhofstetter deleted the pr/mhofstetter/envoy-secretsync-avoid-empty-secret branch October 24, 2024 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

@YutaroHayakawa YutaroHayakawa YutaroHayakawa approved these changes

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. kind/enhancement This would improve or streamline existing functionality. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mhofstetter @sayboras @YutaroHayakawa @julianwiedmann