mirror of https://github.com/linkerd/linkerd2.git
4cd2604a45
This changes updates the policy controller's indexer to add default, unauthenticated routes for endpoints referenced in a Pod's readiness/liveness/startup probe configuration. These default routes are included when: 1. the policy controller is configured with a list of networks from which probes may originate; and 2. no other routes are configured for the server. If a user defines routes for a Server, then they must also explicitly account for probe endpoints. An e2e test has been added which asserts the following: 1. When no Server is configured for a Pod:port, the probe routes are authorized. 2. When a Server is configured, but there are no routes, the probe routes are still authorized. 3. When a route is configured for the Server, the probe routes are no longer authorized by default. Related to #8961 #8945 Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com> Co-authored-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Eliza Weisman <eliza@buoyant.io> |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||