Comments (1)
zolug
commented on June 20, 2024
- Extend Gateway in NSP API and in configmap model with BGP Authentication consisting of a key name and key source fields.
Source would refer to a Secret that contains the key by name.
Store newly introduced BGP auth information along with the rest of the Gateway config in Frontend. - Modify Frontend to watch referenced Secret(s) and lookup the key value i.e. password by name. Then write BGP config accordingly.
NSP used to be the single source of configuration from Gateways' point of view. Which shall change with the introduction of Secrets acting as source of authentication data. Thus, change in Secrets of interest shall trigger re-configuration (the intention is to keep the password separated from related Gateway config and avoid storing too much state information). - The implementation must support update of key values in Secret(s).
Also, if a key or a Secret referenced by a Gateway is removed, the affected Gateway shall be removed from the active BIRD configuration. - Update Operator (Gateway CRD, validation, configmap writer, service account/role/role-binding to watch Secrets)
- Check if the owner/group and privileges of the BIRD config file should be changed (currently root:fsGroup and 644)
Update: we should not care about that
from meridio.
Related Issues (20)
- NSMgr restart can lead to faulty TAPA connections
- Install Meridio on kind cluster: proxy-load-balancer-a1-xxx stuck failed Readiness probe HOT 7
- Increased NSE expiration time might cause traffic disturbance
- FE-LB PMTU discovery support
- FE should accept non-default routes from BGP peers
- missing k8s default route leads to egress PMTUD problem
- Add MTU configuration option to Conduit Custom Resource
- Operator based resource annotation not working
- After proxy restart the target pod still uses the old proxy MAC. HOT 3
- Meridio Frontend starts attracting traffic before cluster internal connections are ready. HOT 2
- The MAC-address for the IP-address of the Proxy is changed sometimes. HOT 2
- Replace 3rd party grpc-healh-probe binary in probes invoked internally
- Rework liveness probes to recover containers in case of local server failures
- TAPA Target advertisement not updated during NSM connection issue
- TAPA mem leak during periodic Stream Close-Open HOT 2
- proxy: Invalid nexthop IPs HOT 1
- Proxy releases NSM connection IPs too early HOT 1
- IPAM improvements
- NSM v1.13.0 sdk update
- router ID generation must be addressed in case of IPv6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meridio.