(dubbo-kubernetes) branch master updated: fix ci error (#817)

Sun, 09 Nov 2025 00:40:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhongxjian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-kubernetes.git


The following commit(s) were added to refs/heads/master by this push:
     new 89b76d4f fix ci error (#817)
89b76d4f is described below

commit 89b76d4f8c3205b81086cd7da9fe43b25b03cfd1
Author: Jian Zhong <[email protected]>
AuthorDate: Sun Nov 9 16:40:27 2025 +0800

    fix ci error (#817)
---
 dubbod/planet/pkg/bootstrap/webhook.go    |  9 ++++-----
 dubbod/planet/pkg/model/authentication.go |  1 +
 dubbod/security/pkg/pki/ca/ca.go          |  5 +++++
 pkg/security/security.go                  | 21 ++++++++++++---------
 4 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/dubbod/planet/pkg/bootstrap/webhook.go 
b/dubbod/planet/pkg/bootstrap/webhook.go
index 6df72381..19b030ba 100644
--- a/dubbod/planet/pkg/bootstrap/webhook.go
+++ b/dubbod/planet/pkg/bootstrap/webhook.go
@@ -22,7 +22,6 @@ import (
        "log"
        "net/http"
        "strings"
-       "time"
 
        dubbolog "github.com/apache/dubbo-kubernetes/pkg/log"
        sec_model "github.com/apache/dubbo-kubernetes/pkg/model"
@@ -59,10 +58,10 @@ func (s *Server) initSecureWebhookServer(args *PlanetArgs) {
        // create the https server for hosting the k8s injectionWebhook 
handlers.
        s.httpsMux = http.NewServeMux()
        s.httpsServer = &http.Server{
-               Addr:              args.ServerOptions.HTTPSAddr,
-               ErrorLog:          log.New(&httpServerErrorLogWriter{}, "", 0),
-               Handler:           s.httpsMux,
-               TLSConfig:         tlsConfig,
+               Addr:      args.ServerOptions.HTTPSAddr,
+               ErrorLog:  log.New(&httpServerErrorLogWriter{}, "", 0),
+               Handler:   s.httpsMux,
+               TLSConfig: tlsConfig,
        }
 
        // register istiodReadyHandler on the httpsMux so that readiness can 
also be checked remotely
diff --git a/dubbod/planet/pkg/model/authentication.go 
b/dubbod/planet/pkg/model/authentication.go
index 1252686c..8a84e1f3 100644
--- a/dubbod/planet/pkg/model/authentication.go
+++ b/dubbod/planet/pkg/model/authentication.go
@@ -18,6 +18,7 @@
 package model
 
 import (
+       "crypto/md5"
        "fmt"
        "strings"
        "time"
diff --git a/dubbod/security/pkg/pki/ca/ca.go b/dubbod/security/pkg/pki/ca/ca.go
index 0b83bdcd..354a08af 100644
--- a/dubbod/security/pkg/pki/ca/ca.go
+++ b/dubbod/security/pkg/pki/ca/ca.go
@@ -52,9 +52,14 @@ const (
        TLSSecretRootCertFile     = "ca.crt"
        rsaKeySize                = 2048
        CACertsSecret             = "cacerts"
+       CASecret                  = "dubbo-ca-secret"
        DubboGenerated            = "dubbo-generated"
 )
 
+var (
+       dubboCASecretType = v1.SecretTypeOpaque
+)
+
 const (
        // selfSignedCA means the Dubbo CA uses a self signed certificate.
        selfSignedCA caTypes = iota
diff --git a/pkg/security/security.go b/pkg/security/security.go
index 30b6ae18..a5ca5027 100644
--- a/pkg/security/security.go
+++ b/pkg/security/security.go
@@ -38,19 +38,22 @@ const (
        RootCertReqResourceName           = "ROOTCA"
        WorkloadKeyCertResourceName       = "default"
        WorkloadIdentityPath              = 
"./var/run/secrets/workload-spiffe-uds"
+       WorkloadIdentityCredentialsPath   = 
"./var/run/secrets/workload-spiffe-uds/credentials"
        DefaultWorkloadIdentitySocketFile = "socket"
        DefaultCertChainFilePath          = "./etc/certs/cert-chain.pem"
        DefaultKeyFilePath                = "./etc/certs/key.pem"
 
-       SystemRootCerts                 = "SYSTEM"
-       DefaultRootCertFilePath         = "./etc/certs/root-cert.pem"
-       WorkloadIdentityCertChainPath   = WorkloadIdentityCredentialsPath + 
"/cert-chain.pem"
-       WorkloadIdentityRootCertPath    = WorkloadIdentityCredentialsPath + 
"/root-cert.pem"
-       WorkloadIdentityKeyPath         = WorkloadIdentityCredentialsPath + 
"/key.pem"
-       JWT                             = "JWT"
-
-       CredentialMetaDataName = "credential"
-       FileRootSystemCACert   = "file-root:system"
+       SystemRootCerts               = "SYSTEM"
+       DefaultRootCertFilePath       = "./etc/certs/root-cert.pem"
+       WorkloadIdentityCertChainPath = WorkloadIdentityCredentialsPath + 
"/cert-chain.pem"
+       WorkloadIdentityRootCertPath  = WorkloadIdentityCredentialsPath + 
"/root-cert.pem"
+       WorkloadIdentityKeyPath       = WorkloadIdentityCredentialsPath + 
"/key.pem"
+       JWT                           = "JWT"
+
+       CredentialMetaDataName       = "credential"
+       FileRootSystemCACert         = "file-root:system"
+       FileCredentialNameSocketPath = 
"./var/run/secrets/workload-spiffe-uds/file-credential-socket"
+       CredentialNameSocketPath     = 
"./var/run/secrets/workload-spiffe-uds/credential-socket"
 )
 
 const (

Reply via email to