dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioConstant.java - dubbo-spi-extensions - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.dubbo.registry.xds.istio;

 public class IstioConstant {
     /**
      * Address of the spiffe certificate provider. Defaults to discoveryAddress
      */
     public static final String CA_ADDR_KEY = "CA_ADDR";

     /**
      * CA and xDS services
      */
     public static final String DEFAULT_CA_ADDR = "istiod.istio-system.svc:15012";

     /**
      * The trust domain for spiffe certificates
      */
     public static final String TRUST_DOMAIN_KEY = "TRUST_DOMAIN";

     /**
      * The trust domain for spiffe certificates default value
      */
     public static final String DEFAULT_TRUST_DOMAIN = "cluster.local";

     public static final String WORKLOAD_NAMESPACE_KEY = "WORKLOAD_NAMESPACE";

     public static final String DEFAULT_WORKLOAD_NAMESPACE = "default";

     /**
      * k8s jwt token
      */
     public static final String KUBERNETES_SA_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";

     public static final String KUBERNETES_CA_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";

     public static final String ISTIO_SA_PATH = "/var/run/secrets/tokens/istio-token";

     public static final String ISTIO_CA_PATH = "/var/run/secrets/istio/root-cert.pem";

     public static final String KUBERNETES_NAMESPACE_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/namespace";

     public static final String RSA_KEY_SIZE_KEY = "RSA_KEY_SIZE";

     public static final String DEFAULT_RSA_KEY_SIZE = "2048";

     /**
      * The type of ECC signature algorithm to use when generating private keys
      */
     public static final String ECC_SIG_ALG_KEY = "ECC_SIGNATURE_ALGORITHM";

     public static final String DEFAULT_ECC_SIG_ALG = "ECDSA";

     /**
      * The cert lifetime requested by istio agent
      */
     public static final String SECRET_TTL_KEY = "SECRET_TTL";

     /**
      * The cert lifetime default value 24h0m0s
      */
     public static final String DEFAULT_SECRET_TTL = "86400"; // 24 * 60 * 60

     /**
      * The grace period ratio for the cert rotation
      */
     public static final String SECRET_GRACE_PERIOD_RATIO_KEY = "SECRET_GRACE_PERIOD_RATIO";

     /**
      * The grace period ratio for the cert rotation, by default 0.5
      */
     public static final String DEFAULT_SECRET_GRACE_PERIOD_RATIO = "0.5";

     public static final String ISTIO_META_CLUSTER_ID_KEY = "ISTIO_META_CLUSTER_ID";

     public static final String PILOT_CERT_PROVIDER_KEY = "PILOT_CERT_PROVIDER";

     public static final String ISTIO_PILOT_CERT_PROVIDER = "istiod";

     public static final String DEFAULT_ISTIO_META_CLUSTER_ID = "Kubernetes";

     public static final String SPIFFE = "spiffe://";

     public static final String NS = "/ns/";

     public static final String SA = "/sa/";

     public static final String JWT_POLICY = "JWT_POLICY";

     public static final String DEFAULT_JWT_POLICY = "first-party-jwt";

     public static final String FIRST_PARTY_JWT = "first-party-jwt";

     public static final String THIRD_PARTY_JWT = "third-party-jwt";
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.dubbo.registry.xds.istio;

	public class IstioConstant {
	/**
	* Address of the spiffe certificate provider. Defaults to discoveryAddress
	*/
	public static final String CA_ADDR_KEY = "CA_ADDR";

	/**
	* CA and xDS services
	*/
	public static final String DEFAULT_CA_ADDR = "istiod.istio-system.svc:15012";

	/**
	* The trust domain for spiffe certificates
	*/
	public static final String TRUST_DOMAIN_KEY = "TRUST_DOMAIN";

	/**
	* The trust domain for spiffe certificates default value
	*/
	public static final String DEFAULT_TRUST_DOMAIN = "cluster.local";

	public static final String WORKLOAD_NAMESPACE_KEY = "WORKLOAD_NAMESPACE";

	public static final String DEFAULT_WORKLOAD_NAMESPACE = "default";

	/**
	* k8s jwt token
	*/
	public static final String KUBERNETES_SA_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";

	public static final String KUBERNETES_CA_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";

	public static final String ISTIO_SA_PATH = "/var/run/secrets/tokens/istio-token";

	public static final String ISTIO_CA_PATH = "/var/run/secrets/istio/root-cert.pem";

	public static final String KUBERNETES_NAMESPACE_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/namespace";

	public static final String RSA_KEY_SIZE_KEY = "RSA_KEY_SIZE";

	public static final String DEFAULT_RSA_KEY_SIZE = "2048";

	/**
	* The type of ECC signature algorithm to use when generating private keys
	*/
	public static final String ECC_SIG_ALG_KEY = "ECC_SIGNATURE_ALGORITHM";

	public static final String DEFAULT_ECC_SIG_ALG = "ECDSA";

	/**
	* The cert lifetime requested by istio agent
	*/
	public static final String SECRET_TTL_KEY = "SECRET_TTL";

	/**
	* The cert lifetime default value 24h0m0s
	*/
	public static final String DEFAULT_SECRET_TTL = "86400"; // 24 * 60 * 60

	/**
	* The grace period ratio for the cert rotation
	*/
	public static final String SECRET_GRACE_PERIOD_RATIO_KEY = "SECRET_GRACE_PERIOD_RATIO";

	/**
	* The grace period ratio for the cert rotation, by default 0.5
	*/
	public static final String DEFAULT_SECRET_GRACE_PERIOD_RATIO = "0.5";

	public static final String ISTIO_META_CLUSTER_ID_KEY = "ISTIO_META_CLUSTER_ID";

	public static final String PILOT_CERT_PROVIDER_KEY = "PILOT_CERT_PROVIDER";

	public static final String ISTIO_PILOT_CERT_PROVIDER = "istiod";

	public static final String DEFAULT_ISTIO_META_CLUSTER_ID = "Kubernetes";

	public static final String SPIFFE = "spiffe://";

	public static final String NS = "/ns/";

	public static final String SA = "/sa/";

	public static final String JWT_POLICY = "JWT_POLICY";

	public static final String DEFAULT_JWT_POLICY = "first-party-jwt";

	public static final String FIRST_PARTY_JWT = "first-party-jwt";

	public static final String THIRD_PARTY_JWT = "third-party-jwt";
	}