proto: Add TLS identity to WeightedAddr message (#1041)

Required for #1008. This PR adds the `TlsIdentity` message to the Destination service proto, to describe what strategy the proxy should use for verifying an endpoint's TLS certificates. It also adds a `TlsIdentity` field to the `WeightedAddr` message. Currently, there is one possible variant for `TlsIdentity`, `KubernetesPodName`, which consists of the Kubernetes pod name of the endpoint, the namespace of the endpoint, and the namespace of that pod's Conduit control plane. The proxy should attempt to connect over TLS if the control plane namespace matches its own control plane namespace. The pod name and namespace are used to verify the endpoint's TLS certificate. See https://github.com/runconduit/conduit/issues/386#issuecomment-392948046. This change was initially part of #1008, but I factored it out to make the diff smaller. Signed-off-by: Eliza Weisman <eliza@buoyant.io>
2018-05-31 11:48:25 -07:00 · 2018-05-31 11:48:25 -07:00 · be9486c239
parent 30ae471dda
commit be9486c239
1 changed files with 1 additions and 0 deletions
--- a/proxy/tests/support/controller.rs
+++ b/proxy/tests/support/controller.rs
@ -181,6 +181,7 @@ pub fn destination_add_labeled(
                        }),
                        weight: 0,
                        metric_labels: addr_labels,
+                        ..Default::default()
                    },
                ],
                metric_labels: set_labels,