grpc-go icon indicating copy to clipboard operation
grpc-go copied to clipboard
Published 2 weeks ago verified publisher icon grpc

xds: security configuration needs to be per cluster, not from the top level cluster

Open zasweq opened this issue 2 years ago • 2 comments

Right now, https://github.com/grpc/grpc-go/blob/master/xds/internal/balancer/cdsbalancer/cdsbalancer.go#L155 security configuration for the xDS tree is determined by the top level cluster in the cluster tree in the cds_balancer. This security configuration needs to be per cluster_impl (per priority). The initial idea is to persist a map from cluster name to security configuration in cds_balancer, set a resolver attribute in cluster_impl, and use that name from the attribute to read from the map here: https://github.com/grpc/grpc-go/blob/master/xds/internal/balancer/cdsbalancer/cdsbalancer.go#L674, rather than reading the entire handshake info directly.

zasweq avatar Nov 13 '23 23:11 zasweq

Blocked on https://github.com/grpc/proposal/pull/404

easwars avatar Dec 13 '23 18:12 easwars

https://github.com/grpc/proposal/pull/404 is merged. This is unblocked now.

arvindbr8 avatar May 24 '24 23:05 arvindbr8