Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: add SDS file secret name #15166

Merged
merged 1 commit into from
Feb 24, 2021
Merged

Docs: add SDS file secret name #15166

merged 1 commit into from
Feb 24, 2021

Conversation

caleblloyd
Copy link
Contributor

@caleblloyd caleblloyd commented Feb 24, 2021
edited
Loading

I tried to run Example three: certificate rotation for xDS gRPC connection and got the following error:

[2021-02-24 03:37:06.883][1][warning][config] [source/common/config/filesystem_subscription_impl.cc:43] Filesystem config update rejected: Unexpected SDS secret (expecting tls_sds):

Additionally, Envoy did not serve a TLS Certificate on my Listener Transport Socket

Upon further inspection, it appears that Envoy is looking for a matching secret name in the SDS response. When I added name: tls_sds to the SDS Response in the file, the error went away and the proper TLS Certificate was served on my Listener Transport Socket

Version Information:

envoy  version: f155eaac66fc23cd3e1a7bf5c4ec2309d308dbb1/1.18.0-dev/Clean/RELEASE/BoringSSL

@repokitteh-read-only
Copy link

Hi @caleblloyd, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #15166 was opened by caleblloyd.

see: more, trace.

@caleblloyd
add SDS file secret name
79c98b1 
Signed-off-by: Caleb Lloyd <[email protected]>
@caleblloyd
Copy link
Contributor Author

@tsaarni I see that you wrote the original example in #9359 which used v2 config

Can you review this PR? Is name now required in SDS Response as a part of v3 config?

tsaarni
tsaarni approved these changes Feb 24, 2021
View reviewed changes
Copy link
Member

@tsaarni tsaarni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks ok to me , but of course the maintainers need to approve instead of me.

@zuercher zuercher merged commit 87e0b5c into envoyproxy:main Feb 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsaarni tsaarni tsaarni approved these changes

@zuercher zuercher zuercher approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@caleblloyd @zuercher @tsaarni