mirror of https://github.com/linkerd/linkerd2.git
ab90263461
As described in #2217, the controller returns TLS identities for results even when the destination pod may not be able to participate in identity requester: specifically, the other pod may not have the same controller namespace or it may not be injected with identity. This change introduces a new annotation, linkerd.io/identity-mode that is set when injecting pods (via both CLI and webhook). This annotation is always added. The destination service now only returns TLS identities when this annotation is set to optional on a pod and the destination pod uses the same controller. These semantics are expected to change before the 2.3 release. Fixes #2217 |
||
|---|---|---|
| .. | ||
| api | ||
| ca | ||
| cmd | ||
| gen | ||
| k8s | ||
| proxy-injector | ||
| script | ||
| tap | ||
| Dockerfile | ||