From 09a809549e107051f6803de281b9393e73b963fb Mon Sep 17 00:00:00 2001
From: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Date: Tue, 29 Aug 2023 13:47:30 +0900
Subject: [PATCH] Use dataplane-trust instead of internal-encryption (#14301)

---
 cmd/activator/main.go                       | 2 +-
 pkg/reconciler/revision/resources/deploy.go | 2 +-
 pkg/reconciler/revision/revision.go         | 2 +-
 test/e2e-common.sh                          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/activator/main.go b/cmd/activator/main.go
index 86ecba021f53..e048387aa02d 100644
--- a/cmd/activator/main.go
+++ b/cmd/activator/main.go
@@ -159,7 +159,7 @@ func main() {
 	}
 
 	// Enable TLS against queue-proxy when internal-encryption is enabled.
-	tlsEnabled := networkConfig.InternalEncryption
+	tlsEnabled := networkConfig.InternalTLSEnabled()
 
 	var certCache *certificate.CertCache
 
diff --git a/pkg/reconciler/revision/resources/deploy.go b/pkg/reconciler/revision/resources/deploy.go
index 8ba95784dc12..a86e58f788a7 100644
--- a/pkg/reconciler/revision/resources/deploy.go
+++ b/pkg/reconciler/revision/resources/deploy.go
@@ -193,7 +193,7 @@ func makePodSpec(rev *v1.Revision, cfg *config.Config) (*corev1.PodSpec, error)
 		extraVolumes = append(extraVolumes, *tokenVolume)
 	}
 
-	if cfg.Network.InternalEncryption {
+	if cfg.Network.InternalTLSEnabled() {
 		queueContainer.VolumeMounts = append(queueContainer.VolumeMounts, varCertVolumeMount)
 		extraVolumes = append(extraVolumes, certVolume(networking.ServingCertName))
 	}
diff --git a/pkg/reconciler/revision/revision.go b/pkg/reconciler/revision/revision.go
index 69fa9275807f..69c11c094a47 100644
--- a/pkg/reconciler/revision/revision.go
+++ b/pkg/reconciler/revision/revision.go
@@ -139,7 +139,7 @@ func (c *Reconciler) ReconcileKind(ctx context.Context, rev *v1.Revision) pkgrec
 	}
 
 	// Deploy certificate when internal-encryption is enabled.
-	if config.FromContext(ctx).Network.InternalEncryption {
+	if config.FromContext(ctx).Network.InternalTLSEnabled() {
 		if err := c.reconcileSecret(ctx, rev); err != nil {
 			return err
 		}
diff --git a/test/e2e-common.sh b/test/e2e-common.sh
index a45802665043..4054ff6a6422 100644
--- a/test/e2e-common.sh
+++ b/test/e2e-common.sh
@@ -385,7 +385,7 @@ function install() {
 
   if (( ENABLE_TLS )); then
     echo "Patch to config-network to enable internal encryption"
-    toggle_feature internal-encryption true config-network
+    toggle_feature dataplane-trust minimal config-network
     if [[ "$INGRESS_CLASS" == "kourier.ingress.networking.knative.dev" ]]; then
       echo "Point Kourier local gateway to custom server certificates"
       toggle_feature cluster-cert-secret server-certs config-kourier