mirror of https://github.com/linkerd/linkerd2.git
78ebd5e340
The control plane is proxied through the Conduit proxy. The Conduit proxy is based on the base image, and the control plane containers and the proxy share a networking namespace. This means we don't need the extra base utilities in the controller images since we can use the utilties in the proxy image. This is a step towards building the initial no-networking Conduit CA pod. Since the Conduit CA will not do any networking of its own, we networking debugging utilties are not helpful for it. They are actually an unnecessary risk because they could facilitate the exfiltration of the private key of the CA. (The Conduit CA pod won't have the Conduit Proxy injected into it either.) This also simplifies & slightly speeds up the building of the controller images. This is a stepping stone towards being able to build the controller images without `docker build` to improve build times. Signed-off-by: Brian Smith <brian@briansmith.org> |
||
|---|---|---|
| .. | ||
| api | ||
| cmd | ||
| destination | ||
| gen | ||
| k8s | ||
| script | ||
| tap | ||
| telemetry | ||
| util | ||
| Dockerfile | ||