Oliver Gould ab90263461 destination: Only return TLS identities when appropriate (#2371) ... As described in #2217, the controller returns TLS identities for results even when the destination pod may not be able to participate in identity requester: specifically, the other pod may not have the same controller namespace or it may not be injected with identity. This change introduces a new annotation, linkerd.io/identity-mode that is set when injecting pods (via both CLI and webhook). This annotation is always added. The destination service now only returns TLS identities when this annotation is set to optional on a pod and the destination pod uses the same controller. These semantics are expected to change before the 2.3 release. Fixes #2217		2019-02-27 12:18:39 -08:00
..
testdata	Fix handling of kubeconfig server urls that include paths (#2305)	2019-02-18 17:57:27 -08:00
api.go	lint: Enable goimports (#2366)	2019-02-25 15:51:10 -08:00
api_test.go	Fix handling of kubeconfig server urls that include paths (#2305)	2019-02-18 17:57:27 -08:00
authz.go	Authorization-aware control-plane components (#2349)	2019-02-26 11:54:52 -08:00
authz_test.go	Authorization-aware control-plane components (#2349)	2019-02-26 11:54:52 -08:00
k8s.go	Authorization-aware control-plane components (#2349)	2019-02-26 11:54:52 -08:00
k8s_test.go	Fix handling of kubeconfig server urls that include paths (#2305)	2019-02-18 17:57:27 -08:00
labels.go	destination: Only return TLS identities when appropriate (#2371)	2019-02-27 12:18:39 -08:00
labels_test.go	lint: Enable goimports (#2366)	2019-02-25 15:51:10 -08:00
portforward.go	lint: Enable goimports (#2366)	2019-02-25 15:51:10 -08:00
test_helper.go	Authorization-aware control-plane components (#2349)	2019-02-26 11:54:52 -08:00
version.go	Remove kubectl dependency, validate k8s server version via api (#396)	2018-02-20 12:14:11 -08:00
version_test.go	Remove kubectl dependency, validate k8s server version via api (#396)	2018-02-20 12:14:11 -08:00