destinationrules

package
v1.89.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 5, 2024 License: Apache-2.0 Imports: 8 Imported by: 10

Documentation

Index

Constants

View Source
const DestinationRulesCheckerType = "destinationrule"

Variables

This section is empty.

Functions

This section is empty.

Types

type DisabledMeshWideMTLSChecker added in v1.19.0

type DisabledMeshWideMTLSChecker struct {
	DestinationRule *networking_v1.DestinationRule
	MeshPeerAuthns  []*security_v1.PeerAuthentication
}

func (DisabledMeshWideMTLSChecker) Check added in v1.19.0

type DisabledNamespaceWideMTLSChecker added in v0.17.0

type DisabledNamespaceWideMTLSChecker struct {
	DestinationRule *networking_v1.DestinationRule
	MTLSDetails     kubernetes.MTLSDetails
}

func (DisabledNamespaceWideMTLSChecker) Check added in v0.17.0

Check if a the PeerAuthn is allows non-mtls traffic when DestinationRule explicitly disables mTLS ns-wide

type MeshWideMTLSChecker added in v0.16.0

type MeshWideMTLSChecker struct {
	DestinationRule *networking_v1.DestinationRule
	MTLSDetails     kubernetes.MTLSDetails
}

func (MeshWideMTLSChecker) Check added in v0.16.0

func (m MeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool)

type MultiMatchChecker

type MultiMatchChecker struct {
	Cluster          string
	DestinationRules []*networking_v1.DestinationRule
	ServiceEntries   map[string][]string
	Namespaces       models.Namespaces
}

func (MultiMatchChecker) Check

Check validates that no two destinationRules target the same host+subset combination

type NamespaceWideMTLSChecker added in v0.17.0

type NamespaceWideMTLSChecker struct {
	DestinationRule *networking_v1.DestinationRule
	MTLSDetails     kubernetes.MTLSDetails
}

func (NamespaceWideMTLSChecker) Check added in v0.17.0

type NoDestinationChecker

type NoDestinationChecker struct {
	Namespaces            models.Namespaces
	WorkloadsPerNamespace map[string]models.WorkloadList
	DestinationRule       *networking_v1.DestinationRule
	VirtualServices       []*networking_v1.VirtualService
	ServiceEntries        []*networking_v1.ServiceEntry
	RegistryServices      []*kubernetes.RegistryService
	PolicyAllowAny        bool
}

func (NoDestinationChecker) Check

func (n NoDestinationChecker) Check() ([]*models.IstioCheck, bool)

Check parses the DestinationRule definitions and verifies that they point to an existing service, including any subset definitions

type TrafficPolicyChecker added in v0.15.0

type TrafficPolicyChecker struct {
	Cluster          string
	DestinationRules []*networking_v1.DestinationRule
	MTLSDetails      kubernetes.MTLSDetails
}

func (TrafficPolicyChecker) Check added in v0.15.0

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL