apache
diff --git a/‎go.mod‎
Lines changed: 2 additions & 1 deletion b/‎go.mod‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 0 deletions b/‎go.sum‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎manifests/charts/dubbo-control/dubbo-discovery/files/grpc-agent.yaml‎
Lines changed: 1 addition & 0 deletions b/‎manifests/charts/dubbo-control/dubbo-discovery/files/grpc-agent.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/bootstrap/config.go‎
Lines changed: 45 additions & 0 deletions b/‎pkg/bootstrap/config.go‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎pkg/cmd/cmd.go‎
Lines changed: 11 additions & 0 deletions b/‎pkg/cmd/cmd.go‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎pkg/config/constants/constants.go‎
Lines changed: 8 additions & 0 deletions b/‎pkg/config/constants/constants.go‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎pkg/config/mesh/mesh.go‎
Lines changed: 14 additions & 3 deletions b/‎pkg/config/mesh/mesh.go‎
Lines changed: 14 additions & 3 deletions
@@ -40,6 +40,7 @@ require (
 	github.com/golang/protobuf v1.5.4
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-containerregistry v0.20.6
+	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/heroku/color v0.0.6
 	github.com/moby/term v0.5.2
@@ -53,6 +54,7 @@ require (
 	golang.org/x/crypto v0.41.0
 	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
 	golang.org/x/net v0.43.0
+	golang.org/x/sys v0.35.0
 	golang.org/x/term v0.34.0
 	google.golang.org/grpc v1.74.2
 	google.golang.org/protobuf v1.36.7
@@ -230,7 +232,6 @@ require (
 	golang.org/x/mod v0.27.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250811230008-5f3141c8851a // indirect
 
@@ -373,6 +373,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2 h1:sGm2vDRFUrQJO/Veii4h4zG2vvqG6uWNkBHSTqXOZk0=
+github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2/go.mod h1:wd1YpapPLivG6nQgbf7ZkG1hhSOXDhhn4MLTknx2aAc=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 
@@ -0,0 +1 @@
+# inject grpc template
@@ -0,0 +1,45 @@
+package bootstrap
+
+import (
+	"fmt"
+	"github.com/apache/dubbo-kubernetes/pkg/config/constants"
+	"os"
+	"strconv"
+	"strings"
+)
+
+type MetadataOptions struct {
+}
+
+func ReadPodAnnotations(path string) (map[string]string, error) {
+	if path == "" {
+		path = constants.PodInfoAnnotationsPath
+	}
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	return ParseDownwardAPI(string(b))
+}
+
+func ParseDownwardAPI(i string) (map[string]string, error) {
+	res := map[string]string{}
+	for _, line := range strings.Split(i, "\n") {
+		sl := strings.SplitN(line, "=", 2)
+		if len(sl) != 2 {
+			continue
+		}
+		key := sl[0]
+		// Strip the leading/trailing quotes
+		val, err := strconv.Unquote(sl[1])
+		if err != nil {
+			return nil, fmt.Errorf("failed to unquote %v: %v", sl[1], err)
+		}
+		res[key] = val
+	}
+	return res, nil
+}
+
+func GetNodeMetaData(options MetadataOptions) error {
+	return nil
+}
@@ -18,10 +18,14 @@
 package cmd
 
 import (
+	"context"
 	"flag"
 	"fmt"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
+	"os"
+	"os/signal"
+	"syscall"
 )
 
 func AddFlags(rootCmd *cobra.Command) {
@@ -33,3 +37,10 @@ func PrintFlags(flags *pflag.FlagSet) {
 		fmt.Printf("FLAG: --%s=%q\n", flag.Name, flag.Value)
 	})
 }
+
+func WaitSignalFunc(cancel context.CancelCauseFunc) {
+	sigs := make(chan os.Signal, 1)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	sig := <-sigs
+	cancel(fmt.Errorf("received signal: %v", sig.String()))
+}
@@ -20,6 +20,8 @@ package constants
 const (
 	DubboSystemNamespace      = "dubbo-system"
 	DefaultClusterLocalDomain = "cluster.local"
+	KeyFilename               = "key.pem"
+	CertChainFilename         = "cert-chain.pem"
 	DefaultClusterName        = "Kubernetes"
 	ServiceClusterName        = "dubbo-proxy"
 	ConfigPathDir             = "./etc/dubbo/proxy"
@@ -28,4 +30,10 @@ const (
 	CertProviderKubernetesSignerPrefix = "k8s.io/"
 
 	CACertNamespaceConfigMapDataName = "root-cert.pem"
+
+	PodInfoAnnotationsPath = "./etc/dubbo/pod/annotations"
+	CertProviderNone       = "none"
+	CertProviderCustom     = "custom"
+
+	ThirdPartyJwtPath = "./var/run/secrets/tokens/dubbo-token"
 )
@@ -48,9 +48,10 @@ func DefaultProxyConfig() *meshconfig.ProxyConfig {
 		TerminationDrainDuration: durationpb.New(5 * time.Second),
 		ProxyAdminPort:           15000,
 		// TODO authpolicy
-		DiscoveryAddress: "dubbod.dubbo-system.svc:15012",
-		StatNameLength:   189,
-		StatusPort:       15020,
+		DiscoveryAddress:       "dubbod.dubbo-system.svc:15012",
+		ControlPlaneAuthPolicy: meshconfig.AuthenticationPolicy_MUTUAL_TLS,
+		StatNameLength:         189,
+		StatusPort:             15020,
 	}
 }
 
@@ -125,6 +126,16 @@ func ApplyMeshConfig(yaml string, defaultConfig *meshconfig.MeshConfig) (*meshco
 	return defaultConfig, nil
 }
 
+func ApplyProxyConfig(yaml string, meshConfig *meshconfig.MeshConfig) (*meshconfig.MeshConfig, error) {
+	mc := protomarshal.Clone(meshConfig)
+	pc, err := MergeProxyConfig(yaml, mc.DefaultConfig)
+	if err != nil {
+		return nil, err
+	}
+	mc.DefaultConfig = pc
+	return mc, nil
+}
+
 // EmptyMeshNetworks configuration with no networks
 func EmptyMeshNetworks() meshconfig.MeshNetworks {
 	return meshconfig.MeshNetworks{