Documentation ¶
Index ¶
Constants ¶
View Source
const DestinationRulesCheckerType = "destinationrule"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DisabledMeshWideMTLSChecker ¶ added in v1.19.0
type DisabledMeshWideMTLSChecker struct { DestinationRule *networking_v1.DestinationRule MeshPeerAuthns []*security_v1.PeerAuthentication }
func (DisabledMeshWideMTLSChecker) Check ¶ added in v1.19.0
func (c DisabledMeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool)
type DisabledNamespaceWideMTLSChecker ¶ added in v0.17.0
type DisabledNamespaceWideMTLSChecker struct { DestinationRule *networking_v1.DestinationRule MTLSDetails kubernetes.MTLSDetails }
func (DisabledNamespaceWideMTLSChecker) Check ¶ added in v0.17.0
func (m DisabledNamespaceWideMTLSChecker) Check() ([]*models.IstioCheck, bool)
Check if a the PeerAuthn is allows non-mtls traffic when DestinationRule explicitly disables mTLS ns-wide
type MeshWideMTLSChecker ¶ added in v0.16.0
type MeshWideMTLSChecker struct { DestinationRule *networking_v1.DestinationRule MTLSDetails kubernetes.MTLSDetails }
func (MeshWideMTLSChecker) Check ¶ added in v0.16.0
func (m MeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool)
type MultiMatchChecker ¶
type MultiMatchChecker struct { Cluster string DestinationRules []*networking_v1.DestinationRule ServiceEntries map[string][]string Namespaces models.Namespaces }
func (MultiMatchChecker) Check ¶
func (m MultiMatchChecker) Check() models.IstioValidations
Check validates that no two destinationRules target the same host+subset combination
type NamespaceWideMTLSChecker ¶ added in v0.17.0
type NamespaceWideMTLSChecker struct { DestinationRule *networking_v1.DestinationRule MTLSDetails kubernetes.MTLSDetails }
func (NamespaceWideMTLSChecker) Check ¶ added in v0.17.0
func (m NamespaceWideMTLSChecker) Check() ([]*models.IstioCheck, bool)
type NoDestinationChecker ¶
type NoDestinationChecker struct { Namespaces models.Namespaces WorkloadsPerNamespace map[string]models.WorkloadList DestinationRule *networking_v1.DestinationRule VirtualServices []*networking_v1.VirtualService ServiceEntries []*networking_v1.ServiceEntry RegistryServices []*kubernetes.RegistryService PolicyAllowAny bool }
func (NoDestinationChecker) Check ¶
func (n NoDestinationChecker) Check() ([]*models.IstioCheck, bool)
Check parses the DestinationRule definitions and verifies that they point to an existing service, including any subset definitions
type TrafficPolicyChecker ¶ added in v0.15.0
type TrafficPolicyChecker struct { Cluster string DestinationRules []*networking_v1.DestinationRule MTLSDetails kubernetes.MTLSDetails }
func (TrafficPolicyChecker) Check ¶ added in v0.15.0
func (t TrafficPolicyChecker) Check() models.IstioValidations
Click to show internal directories.
Click to hide internal directories.