model

package
v0.0.0-...-c7481ac Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SDSClusterName is the name of the cluster for SDS connections
	SDSClusterName = pm.SDSClusterName

	// SDSDefaultResourceName is the default name in sdsconfig, used for fetching normal key/cert.
	SDSDefaultResourceName = pm.SDSDefaultResourceName

	// SDSRootResourceName is the sdsconfig name for root CA, used for fetching root cert.
	SDSRootResourceName = pm.SDSRootResourceName

	// ThirdPartyJwtPath is the token volume mount file name for k8s trustworthy jwt token.
	ThirdPartyJwtPath = "/var/run/secrets/tokens/istio-token"

	// SdsCaSuffix is the suffix of the sds resource name for root CA.
	SdsCaSuffix = credentials.SdsCaSuffix

	// EnvoyJwtFilterName is the name of the Envoy JWT filter. This should be the same as the name defined
	// in https://github.com/envoyproxy/envoy/blob/v1.9.1/source/extensions/filters/http/well_known_names.h#L48
	EnvoyJwtFilterName = "envoy.filters.http.jwt_authn"
)

Variables

View Source
var SDSAdsConfig = &core.ConfigSource{
	ConfigSourceSpecifier: &core.ConfigSource_Ads{
		Ads: &core.AggregatedConfigSource{},
	},

	ResourceApiVersion: core.ApiVersion_V3,
}

Functions

func AppendURIPrefixToTrustDomain

func AppendURIPrefixToTrustDomain(trustDomainAliases []string) []string

func ApplyCredentialSDSToServerCommonTLSContext

func ApplyCredentialSDSToServerCommonTLSContext(tlsContext *tls.CommonTlsContext,
	tlsOpts *networking.ServerTLSSettings, credentialSocketExist bool,
)

ApplyCredentialSDSToServerCommonTLSContext applies the credentialName sds (Gateway/DestinationRule) to CommonTlsContext Used for building both gateway/sidecar TLS context

func ApplyCustomSDSToClientCommonTLSContext

func ApplyCustomSDSToClientCommonTLSContext(tlsContext *tls.CommonTlsContext,
	tlsOpts *networking.ClientTLSSettings, credentialSocketExist bool,
)

ApplyCustomSDSToClientCommonTLSContext applies the customized sds to CommonTlsContext Used for building upstream TLS context for egress gateway's TLS/mTLS origination

func ApplyToCommonTLSContext

func ApplyToCommonTLSContext(tlsContext *tls.CommonTlsContext, proxy *model.Proxy,
	subjectAltNames []string, crl string, trustDomainAliases []string, validateClient bool,
)

ApplyToCommonTLSContext completes the commonTlsContext

func ConstructSdsSecretConfig

func ConstructSdsSecretConfig(name string) *tls.SdsSecretConfig

ConstructSdsSecretConfig constructs SDS Secret Configuration for workload proxy.

func ConstructSdsSecretConfigForCredential

func ConstructSdsSecretConfigForCredential(name string, credentialSocketExist bool) *tls.SdsSecretConfig

ConstructSdsSecretConfigForCredential constructs SDS secret configuration used from certificates referenced by credentialName in DestinationRule or Gateway. Currently this is served by a local SDS server, but in the future replaced by Istiod SDS server.

func ConstructSdsSecretConfigForCredentialSocket

func ConstructSdsSecretConfigForCredentialSocket(name string) *tls.SdsSecretConfig

ConstructSdsSecretConfigForCredentialSocket constructs SDS Secret Configuration based on CredentialNameSocketPath if CredentialNameSocketPath exists, use a static cluster 'sds-external'

func EnforceCompliance

func EnforceCompliance(ctx *tls.CommonTlsContext)

func EnforceGoCompliance

func EnforceGoCompliance(ctx *gotls.Config)

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL