sds: add back flag for disabling sds server

This CL adds back the flag for disabling sds server which is removed in https://github.com/istio/istio/pull/28672/files#diff-91e0a18a58ea36d2c656d7b2706c52917a74103820c07fc843f48a110c847678L434 SDS server requires access to remote cluster secrets which we don't want. When this issue is resolved we can remove the patch: istio#32364 Change-Id: I75ed380a227f0f9518aa440d707850041a23e712 Reviewed-on: https://gerrit.musta.ch/c/public/istio/+/1301 Reviewed-by: Weibo He <[email protected]> Reviewed-by: Stephen Chan <[email protected]>
airbnb · May 12, 2021 · 73e1ad7 · 73e1ad7
1 parent 6736275
commit 73e1ad7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pilot/pkg/bootstrap/server.go b/pilot/pkg/bootstrap/server.go
@@ -441,7 +441,7 @@ func (s *Server) WaitUntilCompletion() {
 
 // initSDSServer starts the SDS server
 func (s *Server) initSDSServer(args *PilotArgs) {
-	if s.kubeClient != nil {
+	if features.EnableSDSServer && s.kubeClient != nil {
 		if !features.EnableXDSIdentityCheck {
 			// Make sure we have security
 			log.Warnf("skipping Kubernetes credential reader; PILOT_ENABLE_XDS_IDENTITY_CHECK must be set to true for this feature.")