Conversation
…rity use Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Member
|
could you merge the main branch? |
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
aabchoo
force-pushed
the
aaron/apikey-auth
branch
from
70800d3 to
a8eb88d
Compare
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
aabchoo
force-pushed
the
aaron/apikey-auth
branch
from
d05b0b1 to
4f3a343
Compare
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Applies the same fix as in #120 to test_e2e Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: Aaron Choo <[email protected]>
aabchoo
force-pushed
the
aaron/apikey-auth
branch
from
7d3094f to
9e1297e
Compare
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
Signed-off-by: Aaron Choo <[email protected]>
aabchoo
commented
Jan 17, 2025
| } | ||
|
|
||
| // mountBackendSecurityPolicySecrets will mount secrets based on backendSecurityPolicies attached to AIServiceBackend. | ||
| func (c *ConfigSink) mountBackendSecurityPolicySecrets(spec *corev1.PodSpec, aiGatewayRoute *aigv1a1.AIGatewayRoute) (*corev1.PodSpec, error) { |
Contributor
Author
There was a problem hiding this comment.
This part feels slightly messy. I am hoping to find a way to cleanly get all related backendSecurityPolicies without looping+our map, but this is what I've come up with for so far.
Signed-off-by: Aaron Choo <[email protected]>
Contributor
Author
|
cc @envoyproxy/assignable |
Member
|
aaron that is a different assignable team (for the entire envoyproxy/envoy repo)... @envoyproxy/ai-gateway-assignable is the correct one :) |
wengyao04
reviewed
Jan 17, 2025
| client client.Client | ||
| kube kubernetes.Interface | ||
| logger logr.Logger | ||
| defaultExtProcImage string |
Contributor
There was a problem hiding this comment.
Could we also add defaultExtProcImagePullPolicy corev1.PullPolicy and value corev1.PullPolicy(IfNotPresent)
This was referenced Jan 27, 2025
mathetake
added a commit
that referenced
this pull request
Jan 29, 2025
**Commit Message**: This adds a secret watcher controller that enables the hot reload of any secret referenced by backendTrafficPolicy. **Related Issues/PRs (if applicable)**: Follow up on #43 #106 #161 Supersede #185 --------- Signed-off-by: Takeshi Yoneda <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements APIKey Auth for backendSecurityPolicy. The api key stored in a secret will be mounted to the extproc's pod, and later extracted by the appropriate AuthHandler.
Moved extprocDeployment into the
sinkas we need to tinker with the deployment if backend/backendSecurityPolicy is updated.Removed the envoy config yaml's field
add_request_headerand replaced it with new API Key Auth implementation. CI passes which means that API Key mounted to extproc + specified on backend auth works.Will work on adding AWS Credential file after this.