This is an automated email from the ASF dual-hosted git repository. robocanic pushed a commit to branch ospp-2024 in repository https://gitbox.apache.org/repos/asf/dubbo-kubernetes.git
commit 5dc6c53a436bc3b8953d7e5d1af2df93c0617415 Merge: e149d5f4 eeb5ee84 Author: Ken Liu <[email protected]> AuthorDate: Sat Feb 15 21:48:55 2025 +0800 Merge pull request #315 from Yan0613/master [feature] enable zero trust security .github/workflows/ci.yml | 12 +- .github/workflows/dubbo-release.yaml | 2 +- .github/workflows/dubboctl-release.yaml | 2 +- .gitignore | 4 +- api/common/v1alpha1/tls/tls.go | 123 ++ api/common/v1alpha1/tls/zz_generated.deepcopy.go | 51 + api/mesh/options.pb.go | 278 ++-- api/mesh/v1alpha1/dds.proto | 1 - api/mesh/v1alpha1/mesh.pb.go | 383 ++++-- api/mesh/v1alpha1/mesh.proto | 18 + api/mesh/v1alpha1/selector.pb.go | 156 +++ api/mesh/v1alpha1/selector.proto | 11 + api/mesh/v1alpha1/timeout.pb.go | 570 ++++++++ api/mesh/v1alpha1/timeout.proto | 71 + api/mesh/v1alpha1/timeout_helpers.go | 16 + api/mesh/v1alpha1/zoneegress_helpers.go | 3 + api/system/v1alpha1/datasource.pb.go | 29 +- app/dubbo-ui/fs.go | 18 + dubboctl/cmd/manifest.go | 11 +- dubboctl/cmd/manifest_test.go | 47 +- dubboctl/cmd/profile.go | 5 +- dubboctl/cmd/profile_test.go | 25 +- dubboctl/cmd/repository_test.go | 43 - dubboctl/cmd/root.go | 157 +-- dubboctl/{cmd/root.go => pkg/common/common.go} | 125 +- .../dashboard_all_cmds.go => pkg/dashboard/all.go} | 6 +- dubboctl/{cmd => pkg/dashboard}/dashboard.go | 4 +- dubboctl/{cmd => pkg/deploy}/build.go | 44 +- dubboctl/{cmd => pkg/deploy}/client.go | 41 +- dubboctl/{cmd => pkg/deploy}/create.go | 62 +- dubboctl/{cmd => pkg/deploy}/create_test.go | 55 +- dubboctl/{cmd => pkg/deploy}/deploy.go | 36 +- dubboctl/{cmd => pkg/deploy}/repository.go | 56 +- .../root_test.go => pkg/deploy/repository_test.go} | 60 +- .../{cmd/completion_util.go => pkg/deploy/util.go} | 7 +- .../generate/certificate.go} | 2 +- dubboctl/{cmd => pkg/generate}/generate.go | 4 +- .../ssh_agent_conf.go => pkg/manifest/common.go} | 15 +- .../{cmd/manifest_diff.go => pkg/manifest/diff.go} | 4 +- .../manifest/generate.go} | 14 +- .../manifest/install.go} | 22 +- .../manifest/uninstall.go} | 22 +- .../{cmd/profile_diff.go => pkg/profile/diff.go} | 8 +- .../{cmd/profile_list.go => pkg/profile/list.go} | 8 +- .../{cmd/proxy_context.go => pkg/proxy/context.go} | 4 +- dubboctl/{cmd => pkg/proxy}/proxy.go | 9 +- dubboctl/{cmd => pkg/registry}/registry.go | 9 +- dubboctl/{ => pkg}/templates/go/README.md | 0 dubboctl/{ => pkg}/templates/go/common/.gitignore | 0 .../{ => pkg}/templates/go/common/api/api.pb.go | 0 .../{ => pkg}/templates/go/common/api/api.proto | 0 .../templates/go/common/api/api_triple.pb.go | 0 dubboctl/{ => pkg}/templates/go/common/cmd/app.go | 0 .../templates/go/common/conf/dubbogo.yaml | 0 dubboctl/{ => pkg}/templates/go/common/go.mod | 0 dubboctl/{ => pkg}/templates/go/common/go.sum | 0 .../templates/go/common/pkg/service/service.go | 0 dubboctl/{ => pkg}/templates/java/README.md | 0 .../{ => pkg}/templates/java/common/.gitignore | 0 dubboctl/{ => pkg}/templates/java/common/pom.xml | 0 .../java/com/example/demo/DemoApplication.java | 0 .../example/demo/demos/web/BasicController.java | 0 .../demo/demos/web/PathVariableController.java | 0 .../main/java/com/example/demo/demos/web/User.java | 0 .../com/example/demo/dubbo/api/DemoService.java | 0 .../com/example/demo/dubbo/consumer/Consumer.java | 0 .../demo/dubbo/service/DemoServiceImpl.java | 0 .../java/common/src/main/resources/application.yml | 0 .../common/src/main/resources/log4j.properties | 0 .../common/src/main/resources/static/index.html | 0 .../com/example/demo/DemoApplicationTests.java | 0 dubboctl/{ => pkg}/templates/manifest.yaml | 0 go.mod | 1 + go.sum | 4 + {dubboctl/internal => operator}/dubbo/client.go | 7 +- .../internal => operator}/dubbo/client_test.go | 0 {dubboctl/internal => operator}/dubbo/deploy.tpl | 0 {dubboctl/internal => operator}/dubbo/deployer.go | 5 +- .../internal => operator}/dubbo/dockerfile.go | 0 {dubboctl/internal => operator}/dubbo/dubbo.go | 0 .../internal => operator}/dubbo/dubbo_test.go | 0 {dubboctl/internal => operator}/dubbo/errors.go | 0 .../internal => operator}/dubbo/repositories.go | 0 .../dubbo/repositories_test.go | 39 +- .../internal => operator}/dubbo/repository.go | 5 +- {dubboctl/internal => operator}/dubbo/template.go | 5 +- {dubboctl/internal => operator}/dubbo/templates.go | 5 +- .../dubbo/templates_embedded.go | 7 +- .../internal => operator}/dubbo/templates_test.go | 4 +- .../customTemplateRepo/customRuntime/.gitinclude | 0 .../customRuntime/customTemplate/custom.impl | 0 .../customTemplateRepo/go/customTemplate/custom.go | 0 .../customTemplateRepo/node/json/index.js | 0 .../customTemplateRepo/node/json/json.js | 0 .../customTemplateRepo/test/tpla/customtpl.txt | 0 .../customTemplateRepo/test/tplb/executable.sh | 0 .../customTemplateRepo/test/tplc/customtpl.txt | 0 .../dubbo/testdata/repository-a.git/COMMIT_EDITMSG | 0 .../dubbo/testdata/repository-a.git/HEAD | 0 .../dubbo/testdata/repository-a.git/config | 0 .../dubbo/testdata/repository-a.git/description | 0 .../testdata/repository-a.git/hooks/.gitinclude | 0 .../dubbo/testdata/repository-a.git/index | Bin .../dubbo/testdata/repository-a.git/info/exclude | 0 .../dubbo/testdata/repository-a.git/logs/HEAD | 0 .../testdata/repository-a.git/logs/refs/heads/main | 0 .../repository-a.git/logs/refs/remotes/origin/HEAD | 0 .../32/bad9e3775e80ae9b7483acf6d7630bf8b945e9 | Bin .../88/3ff23f61018546cac0c302c5c75e3c65ed832d | Bin .../91/f1295d025a69a8ae87296ea5fda680672275d9 | Bin .../af/e663f9ef928be2b5cb93f836c0905e60f09ab2 | 0 .../d5/c0914f5e90ce1ccc3ee90e44ab610f466c774f | Bin .../dd/c6c5f6af77cfd92693c2b5b910b22a26379d01 | Bin .../e7/ca8dffd312a48aac1f2aadd64a13ac34e021b9 | Bin .../ee/f72a905e2866c0e4b4d13cb14bf118c8e8aa0b | Bin .../ef/1e6c8ed28e25dec915e8cd7479dacf671665ed | Bin .../repository-a.git/objects/info/.gitinclude | 0 .../repository-a.git/objects/pack/.gitinclude | 0 ...ck-3cc26077b1d72f3ffb9484d7baca188936db8c5e.idx | Bin ...k-3cc26077b1d72f3ffb9484d7baca188936db8c5e.pack | Bin .../dubbo/testdata/repository-a.git/packed-refs | 0 .../repository-a.git/refs/heads/.gitinclude | 0 .../testdata/repository-a.git/refs/heads/main | 0 .../repository-a.git/refs/remotes/origin/HEAD | 0 .../repository-a.git/refs/tags/.gitinclude | 0 .../dubbo/testdata/repository.git/HEAD | 0 .../dubbo/testdata/repository.git/config | 0 .../dubbo/testdata/repository.git/description | 0 .../repository.git/hooks/applypatch-msg.sample | 0 .../repository.git/hooks/commit-msg.sample | 0 .../repository.git/hooks/fsmonitor-watchman.sample | 0 .../repository.git/hooks/post-update.sample | 0 .../repository.git/hooks/pre-applypatch.sample | 0 .../repository.git/hooks/pre-commit.sample | 0 .../repository.git/hooks/pre-merge-commit.sample | 0 .../testdata/repository.git/hooks/pre-push.sample | 0 .../repository.git/hooks/pre-rebase.sample | 0 .../repository.git/hooks/pre-receive.sample | 0 .../repository.git/hooks/prepare-commit-msg.sample | 0 .../repository.git/hooks/push-to-checkout.sample | 0 .../testdata/repository.git/hooks/update.sample | 0 .../dubbo/testdata/repository.git/info/exclude | 0 .../00/9641334a89d30963a68442a132e5f8ef389ba8 | Bin .../27/d75d0e58009a59e1ff8a52a3297e1e0574138b | Bin .../43/0739f6d9930f74a6aef1a410f0f0727d171cef | Bin .../44/788c5d0e56a8bb819c56a307b6c8de4045e020 | Bin .../93/bd2fa63bb19bf11231dde8709672bd1428e57c | Bin .../b2/7e306a552e80fcae0bfa959bd6e8652de70c69 | Bin .../b7/5832d0a4a4bb0409cca573b2c97b017d088f90 | Bin .../c8/fdee8e0a172c9e1544bc127b2bfb35829ffe1f | 0 .../e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 | Bin .../dubbo/testdata/repository.git/refs/heads/main | 0 .../testdata/repository.git/refs/heads/master | 0 {dubboctl/internal => operator}/dubbo/validate.go | 0 {dubboctl/internal => operator}/http/transport.go | 0 {dubboctl/internal => operator}/manifest/common.go | 13 +- .../internal => operator}/manifest/common_test.go | 0 .../manifest/render/render.go | 9 +- .../manifest/render/render_test.go | 5 +- .../manifest/render/testchart/.helmignore | 0 .../manifest/render/testchart/Chart.yaml | 0 .../manifest/render/testchart/templates/NOTES.txt | 0 .../render/testchart/templates/_helpers.tpl | 0 .../render/testchart/templates/deployment.yaml | 0 .../manifest/render/testchart/templates/hpa.yaml | 0 .../render/testchart/templates/ingress.yaml | 0 .../render/testchart/templates/service.yaml | 0 .../render/testchart/templates/serviceaccount.yaml | 0 .../testchart/templates/tests/test-connection.yaml | 0 .../manifest/render/testchart/values.yaml | 0 {dubboctl/internal => operator}/manifest/tree.go | 61 +- {dubboctl/internal => operator}/manifest/util.go | 0 {dubboctl/internal => operator}/mock/builder.go | 5 +- {dubboctl/internal => operator}/mock/client.go | 2 +- {dubboctl/internal => operator}/mock/pusher.go | 5 +- .../pkg}/apis/dubbo.apache.org/v1alpha1/types.go | 0 .../internal => operator/pkg}/builders/builders.go | 5 +- .../pkg}/builders/builders_test.go | 9 +- .../pkg}/builders/dockerfile/build.go | 7 +- .../pkg}/builders/pack/build.go | 11 +- .../pkg}/builders/pack/build_test.go | 7 +- .../pkg}/builders/pack/mirror/error.go | 0 .../pkg}/builders/pack/mirror/mirror.go | 0 .../pkg}/docker/creds/credentials.go | 5 +- .../pkg}/docker/creds/credentials_test.go | 9 +- .../pkg}/docker/docker_client.go | 15 +- .../pkg}/docker/docker_client_ssh_test.go | 5 +- .../pkg}/docker/docker_client_test.go | 5 +- .../pkg}/docker/docker_client_windows_test.go | 5 +- .../cmd => operator/pkg/docker}/prompt/prompt.go | 7 +- .../internal => operator/pkg}/docker/pusher.go | 5 +- .../pkg}/docker/pusher_test.go | 7 +- {dubboctl/internal => operator/pkg}/envoy/envoy.go | 0 .../pkg}/envoy/memory_limit_darwin.go | 0 .../pkg}/envoy/memory_limit_linux.go | 0 .../pkg}/envoy/memory_limit_windows.go | 0 .../pkg}/envoy/remote_bootstrap.go | 0 .../pkg}/filesystem/filesystem.go | 0 .../pkg}/generated/templates/generate.go | 2 +- .../pkg}/generated/zz_filesystem_generated.go | 0 {dubboctl => operator/pkg}/identifier/const.go | 0 {dubboctl => operator/pkg}/identifier/path.go | 2 +- {dubboctl/internal => operator/pkg}/kube/client.go | 0 {dubboctl/internal => operator/pkg}/kube/common.go | 0 .../internal => operator/pkg}/kube/common_test.go | 0 .../internal => operator/pkg}/kube/component.go | 29 +- {dubboctl/internal => operator/pkg}/kube/object.go | 5 +- .../internal => operator/pkg}/kube/object_test.go | 0 .../internal => operator/pkg}/kube/operator.go | 4 +- .../internal => operator/pkg}/kube/port_foward.go | 0 .../testdata/input/ctl_client-apply_manifest.yaml | 0 .../input/ctl_client-apply_object-create.yaml | 0 .../ctl_client-apply_object-update-before.yaml | 0 .../input/ctl_client-apply_object-update.yaml | 0 .../input/ctl_client-remove_manifest-before.yaml | 0 .../testdata/input/ctl_client-remove_manifest.yaml | 0 .../ctl_client-remove_object-delete-before.yaml | 0 .../input/ctl_client-remove_object-delete.yaml | 0 .../admin_component-render_manifest.golden.yaml | 0 .../want/ctl_client-apply_object-create.yaml | 0 .../want/ctl_client-apply_object-update.yaml | 0 .../nacos_component-render_manifest.golden.yaml | 0 ...rometheus_component-render_manifest.golden.yaml | 0 ...kywalking_component-render_manifest.golden.yaml | 0 .../zipkin_component-render_manifest.golden.yaml | 0 ...zookeeper_component-render_manifest.golden.yaml | 0 .../pkg}/ssh/ssh_agent_conf.go | 0 .../pkg}/ssh/ssh_agent_conf_windows.go | 0 .../internal => operator/pkg}/ssh/ssh_dialer.go | 64 +- .../internal => operator/pkg}/ssh/terminal.go | 0 .../internal => operator/pkg}/testing/testing.go | 0 {dubboctl/internal => operator/pkg}/util/config.go | 0 .../internal => operator/pkg}/util/config_test.go | 7 +- {dubboctl/internal => operator/pkg}/util/env.go | 0 {dubboctl/internal => operator/pkg}/util/file.go | 0 {dubboctl/internal => operator/pkg}/util/filter.go | 0 .../internal => operator/pkg}/util/filter_test.go | 0 {dubboctl/internal => operator/pkg}/util/golden.go | 0 .../internal => operator/pkg}/util/golden_test.go | 0 {dubboctl/internal => operator/pkg}/util/names.go | 0 .../internal => operator/pkg}/util/names_test.go | 0 {dubboctl/internal => operator/pkg}/util/path.go | 0 .../internal => operator/pkg}/util/reflect.go | 0 .../internal => operator/pkg}/util/sortedset.go | 0 .../pkg}/util/testdata/TestLoad/dubbo/config.yaml | 0 .../pkg}/util/testdata/dubbo/config.yaml | 0 {dubboctl/internal => operator/pkg}/util/yaml.go | 0 .../internal => operator/pkg}/util/yaml_test.go | 0 .../internal => operator}/registry/registry.go | 0 {dubboctl/internal => operator}/registry/zk/zk.go | 5 +- .../api-server/authn/authenticator.go | 10 +- .../api-server/authn/localhost.go | 30 +- .../authn/skip.go} | 35 +- .../api-server/customization/api_manager.go | 60 +- .../types/errors.go} | 29 +- pkg/config/access/config.go | 161 +++ pkg/config/api-server/config.go | 278 ++++ pkg/config/app/dubbo-cp/config.go | 134 +- pkg/config/intercp/config.go | 105 ++ .../mirror/error.go => pkg/core/access/errors.go | 33 +- pkg/core/access/metadata.go | 52 + pkg/core/bootstrap/bootstrap.go | 68 +- pkg/core/ca/manager.go | 48 + pkg/core/managers/apis/mesh/mesh_helpers.go | 28 + pkg/core/managers/apis/mesh/mesh_manager.go | 25 + pkg/core/managers/apis/mesh/mesh_validator.go | 60 + pkg/core/plugins/interfaces.go | 57 +- pkg/core/plugins/registry.go | 28 +- pkg/core/resources/access/admin_resource_access.go | 77 ++ pkg/core/resources/access/resource_access.go | 33 + pkg/core/resources/apis/system/global_secret.go | 122 ++ pkg/core/resources/model/resource.go | 1 + pkg/core/rest/errors/error_handler.go | 176 +++ pkg/core/rest/errors/errors.go | 85 ++ pkg/core/rest/errors/types/error.go | 63 + pkg/core/runtime/builder.go | 76 +- pkg/core/runtime/runtime.go | 57 +- .../core/secrets/cipher/cipher.go | 13 +- .../core/secrets/cipher/none.go | 16 +- .../core/secrets/cipher/todo.go | 6 +- pkg/core/secrets/manager/global_manager.go | 142 ++ pkg/core/secrets/manager/manager.go | 159 +++ .../core/secrets/manager/manager_suite_test.go | 14 +- pkg/core/secrets/manager/validator.go | 97 ++ pkg/core/secrets/manager/validator_test.go | 157 +++ .../core/secrets/store/adapter.go | 12 +- .../const.go => pkg/core/secrets/store/store.go | 10 +- pkg/core/tokens/default_signing_key.go | 105 ++ pkg/core/tokens/issuer.go | 72 + pkg/core/tokens/keys.go | 75 + pkg/core/tokens/revocations.go | 91 ++ pkg/core/tokens/signing_key.go | 138 ++ pkg/core/tokens/signing_key_accessor.go | 67 + pkg/core/tokens/signing_key_manager.go | 120 ++ pkg/core/tokens/static_signing_key_accessor.go | 61 + .../common/cmd/app.go => pkg/core/tokens/token.go | 25 +- pkg/core/tokens/validator.go | 113 ++ pkg/core/xds/types.go | 46 +- pkg/dds/context/context.go | 2 + .../dds/service/envoy_admin_rpcs.go | 30 +- pkg/dds/service/server.go | 24 + pkg/defaults/components.go | 29 + pkg/defaults/envoy_admin_ca.go | 91 ++ .../cmd/app.go => pkg/envoy/admin/access/access.go | 18 +- pkg/envoy/admin/access/static.go | 81 ++ pkg/envoy/admin/client.go | 219 +++ pkg/envoy/admin/sanitize.go | 59 + pkg/envoy/admin/sanitize_test.go | 61 + .../dubbo_test.go => pkg/envoy/admin/suite_test.go | 14 +- pkg/envoy/admin/testdata/full_config.json | 1429 ++++++++++++++++++++ pkg/envoy/admin/testdata/golden.full_config.json | 1429 ++++++++++++++++++++ pkg/envoy/admin/testdata/golden.no_hds.json | 1411 +++++++++++++++++++ pkg/envoy/admin/testdata/no_hds.json | 1411 +++++++++++++++++++ pkg/envoy/admin/tls/pki.go | 99 ++ pkg/multitenant/multitenant.go | 82 ++ .../authn/api-server/certs/authenticator.go | 25 +- .../plugins/authn/api-server/certs/plugin.go | 29 +- .../authn/api-server/tokens/access/access.go | 8 +- .../authn/api-server/tokens/access/static.go | 58 + .../api-server/tokens/admin_token_bootstrap.go | 125 ++ .../tokens/admin_token_bootstrap_test.go | 78 ++ .../authn/api-server/tokens/authenticator.go | 57 + .../authn/api-server/tokens/cli/plugin.go} | 32 +- .../authn/api-server/tokens/issuer/issuer.go | 57 + .../authn/api-server/tokens/issuer/token.go | 32 +- .../authn/api-server/tokens/issuer/validator.go} | 31 +- pkg/plugins/authn/api-server/tokens/plugin.go | 125 ++ .../authn/api-server/tokens/tokens_suite_test.go | 14 +- .../authn/api-server/tokens/ws/client/client.go | 53 +- .../plugins/authn/api-server/tokens/ws/request.go | 8 +- .../api-server/tokens/ws/server/webservice.go | 109 ++ .../tokens/ws/testdata/ws-0-validFor.golden.json | 19 + .../ws/testdata/ws-missing-validFor.golden.json | 19 + .../tokens/ws/testdata/ws-no-name.golden.json | 19 + .../testdata/ws-token-issuer-disabled.golden.json | 7 + .../authn/api-server/tokens/ws/ws_suite_test.go | 14 +- pkg/plugins/authn/api-server/tokens/ws/ws_test.go | 160 +++ .../plugins/authn/api/authn.go | 17 +- .../plugins/ca/builtin/builtin_suite_test.go | 14 +- pkg/plugins/ca/builtin/ca.go | 110 ++ .../ca/builtin/config/builtin_ca_config.pb.go | 237 ++++ .../ca/builtin/config/builtin_ca_config.proto | 22 + pkg/plugins/ca/builtin/manager.go | 212 +++ pkg/plugins/ca/builtin/manager_test.go | 325 +++++ .../cmd/app.go => pkg/plugins/ca/builtin/plugin.go | 24 +- pkg/plugins/ca/provided/ca_cert_validator.go | 59 + pkg/plugins/ca/provided/ca_cert_validator_test.go | 269 ++++ .../ca/provided/config/provided_ca_config.pb.go | 173 +++ .../ca/provided/config/provided_ca_config.proto | 16 + pkg/plugins/ca/provided/manager.go | 146 ++ pkg/plugins/ca/provided/manager_test.go | 300 ++++ .../app.go => pkg/plugins/ca/provided/plugin.go | 24 +- .../plugins/ca/provided/provided_suite_test.go | 14 +- pkg/plugins/ca/provided/testdata/ca.key | 27 + pkg/plugins/ca/provided/testdata/ca.pem | 19 + .../k8s/controllers/pod_status_controller.go | 150 ++ pkg/plugins/runtime/k8s/util/names.go | 2 +- pkg/plugins/secrets/k8s/mapper.go | 74 + pkg/plugins/secrets/k8s/plugin.go | 46 + pkg/plugins/secrets/k8s/secret.go | 110 ++ pkg/plugins/secrets/k8s/store.go | 335 +++++ .../plugins/secrets/universal/plugin.go | 25 +- .../app.go => pkg/tokens/builtin/access/access.go | 17 +- .../builtin/access/noop.go} | 19 +- pkg/tokens/builtin/access/static.go | 54 + .../tokens/builtin/zone/access/access.go | 14 +- .../tokens/builtin/zone/access/noop.go | 19 +- pkg/tokens/builtin/zone/access/static.go | 52 + .../service.go => pkg/tokens/builtin/zone/token.go | 37 +- pkg/tokens/client.go | 73 + pkg/xds/context/context.go | 17 +- pkg/xds/context/resources.go | 10 +- pkg/xds/envoy/clusters/configurers.go | 47 +- .../envoy/clusters/v3/alt_stat_name_configurer.go | 2 - .../clusters/v3/client_side_mtls_configurer.go | 123 ++ .../clusters/v3/client_side_tls_configurer.go | 116 ++ pkg/xds/envoy/clusters/v3/configurer.go | 6 + pkg/xds/envoy/clusters/v3/server_static_mtls.go | 72 + pkg/xds/envoy/clusters/v3/timeout_configurer.go | 73 + .../envoy/listeners/filter_chain_configurers.go | 36 +- pkg/xds/envoy/listeners/listener_configurers.go | 4 +- .../envoy/listeners/v3/server_mtls_configurer.go | 61 + pkg/xds/envoy/listeners/v3/server_static_mtls.go | 72 + pkg/xds/envoy/listeners/v3/server_static_tls.go | 49 + pkg/xds/envoy/secrets.go | 105 ++ .../xds/envoy/secrets/v3/ca_secret.go | 31 +- .../xds/envoy/secrets/v3/identity_secret.go | 36 +- pkg/xds/envoy/secrets/v3/server_certificate.go | 64 + pkg/xds/envoy/tls/sni.go | 98 ++ pkg/xds/envoy/tls/sni_test.go | 195 +++ .../util/env.go => pkg/xds/envoy/tls/tls.go | 27 +- .../xds/envoy/tls/tls_suite_test.go | 10 +- pkg/xds/envoy/tls/v3/tls.go | 294 ++++ .../xds/envoy/tls/v3/tls_suite_test.go | 10 +- pkg/xds/envoy/tls/v3/tls_test.go | 170 +++ pkg/xds/generator/admin_proxy_generator.go | 164 +++ .../xds/generator/generator_suite_test.go | 14 +- pkg/xds/generator/inbound_proxy_generator.go | 28 +- pkg/xds/generator/outbound_proxy_generator.go | 30 +- pkg/xds/generator/proxy_template.go | 4 +- pkg/xds/generator/secrets/generator.go | 160 +++ pkg/xds/generator/zoneproxy/generator.go | 13 + pkg/xds/secrets/ca_provider.go | 82 ++ pkg/xds/secrets/identity_provider.go | 91 ++ .../k8s/util/names.go => xds/secrets/kind.go} | 28 +- pkg/xds/secrets/secrets.go | 415 ++++++ pkg/xds/server/components.go | 19 +- pkg/xds/sync/dataplane_watchdog.go | 82 +- 408 files changed, 18387 insertions(+), 1599 deletions(-)
