New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xds: channel_creds other than insecure and google_default #4515
Comments
I'm assuming you are talking about the creds configuration in xds bootstrap file, right? @dfawley do you know if there's something planned? |
I'm not sure. @easwars, do you know about this? |
@menghanl yep Ideally I'd like to have something like: {
"type": "tls",
"cert": "PEM-ENCODED-CERT",
"key": "PEM-ENCODED-KEY",
"ca_cert": "PEM-ENCODED-CERT",
"server_name": "override-server-name",
"insecure": false
} that would result in |
Something like this would need to be designed as a cross-language feature, if it's not already in the works. Should we move this to grpc/grpc for follow-up? |
This was mentioned in the first xDS gRFC where the bootstrap format is defined: https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md#xdsclient-and-bootstrap-file
I don't think I've heard anything afterwards. |
Yes, this is absolutely something that we plan to do; we already have a design it. We'll be tackling this in Q3. |
IIUC this was implemented in #5136 |
I suspect this feature request was not just for the plugin system (which probably isn't a public API) but rather specifically for adding a way to configure TlsCreds with some arbitrary configuration instead of GoogleDefaultCreds. We have a design for that but have not yet implemented it. |
Is there a plan to add new types of channel creds, especially I'm interested in tls creds for control planes that use self-sined certificates or clients without system ca certificates bundle?
The text was updated successfully, but these errors were encountered: