Documentation
¶
Index ¶
Constants ¶
View Source
const ( // FIPS_140_2 compliance policy. // nolint: revive, stylecheck FIPS_140_2 = "fips-140-2" )
Variables ¶
View Source
var (
CompliancePolicy = env.Register("COMPLIANCE_POLICY", "",
`If set, applies policy-specific restrictions over all existing TLS
settings, including in-mesh mTLS and external TLS. Valid values are:
* '' or unset places no additional restrictions.
* 'fips-140-2' which enforces a version of the TLS protocol and a subset
of cipher suites overriding any user preferences or defaults for all runtime
components, including Envoy, gRPC Go SDK, and gRPC C++ SDK.
WARNING: Setting compliance policy in the control plane is a necessary but
not a sufficient requirement to achieve compliance. There are additional
steps necessary to claim compliance, including using the validated
cryptograhic modules (please consult
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fips-140-2).`).Get()
)
Define common security feature flags shared among the Istio components.
View Source
var (
MetricsLocalhostAccessOnly = env.Register("METRICS_LOCALHOST_ACCESS_ONLY", false,
"This will disable metrics endpoint from outside of the pod, allowing only localhost access.").Get()
)
Define common telemetry feature flags shared among the Istio components.
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.