Documentation
¶
Index ¶
- func ConvertService(svc corev1.Service, domainSuffix string, clusterID cluster.ID, ...) *model.Service
- func GatewaySA(gw *v1beta1.Gateway) string
- func IsAutoPassthrough(gwLabels map[string]string, l v1beta1.Listener) bool
- func PodTLSMode(pod *corev1.Pod) string
- func SecureNamingSAN(pod *corev1.Pod, mesh *meshconfig.MeshConfig) string
- func ServiceHostname(name, namespace, domainSuffix string) host.Name
- func ServiceHostnameForKR(obj metav1.Object, domainSuffix string) host.Name
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertService ¶
func ConvertService(svc corev1.Service, domainSuffix string, clusterID cluster.ID, mesh *meshconfig.MeshConfig) *model.Service
func IsAutoPassthrough ¶
IsAutoPassthrough determines if a listener should use auto passthrough mode. This is used for multi-network. In the Istio API, this is an explicit tls.Mode. However, this mode is not part of the gateway-api, and leaks implementation details. We already have an API to declare a Gateway as a multi-network gateway, so we will use this as a signal. A user who wishes to expose multi-network connectivity should create a listener named "tls-passthrough" with TLS.Mode Passthrough. For some backwards compatibility, we assume any listener with TLS specified and a port matching 15443 (or the label-override for gateway port) is auto-passthrough as well.
func PodTLSMode ¶
PodTLSMode returns the tls mode associated with the pod if pod has been injected with sidecar
func SecureNamingSAN ¶
func SecureNamingSAN(pod *corev1.Pod, mesh *meshconfig.MeshConfig) string
SecureNamingSAN creates the secure naming used for SAN verification from pod metadata
func ServiceHostname ¶
ServiceHostname produces FQDN for a k8s service
Types ¶
This section is empty.
Source Files
Directories