Kevin Leimkuhler c9c41e2e8a Remove gRPC tap server listener from controller (#3276) ... ### Summary As an initial attempt to secure the connection from clients to the gRPC tap server on the tap Pod, the tap `addr` only listened on localhost. As @adleong pointed out #3257, this was not actually secure because the inbound proxy would establish a connection to localhost anyways. This change removes the gRPC tap server listener and changes `TapByResource` requests to interface with the server object directly. From this, we know that all `TapByResourceRequests` have gone through the tap APIServer and thus authorized by RBAC. ### Details [NewAPIServer](ef90e0184f/controller/tap/apiserver.go (L25-L26)) now takes a [GRPCTapServer](f6362dfa80/controller/tap/server.go (L33-L34)) instead of a `pb.TapClient` so that `TapByResource` requests can interact directly with the [TapByResource](f6362dfa80/controller/tap/server.go (L49-L50)) method. `GRPCTapServer.TapByResource` now makes a private [grpcTapServer](ef90e0184f/controller/tap/handlers.go (L373-L374)) that satisfies the [tap.TapServer](https://godoc.org/github.com/linkerd/linkerd2/controller/gen/controller/tap#TapServer) interface. Because this interface is satisfied, we can interact with the tap server methods without spawning an additional listener. Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>		2019-08-16 16:38:50 -04:00
..
destination	Add support for stateful sets (#3113)	2019-07-24 14:09:46 -07:00
heartbeat	Add container cpu and mem to heartbeat requests (#3238)	2019-08-14 12:04:08 -07:00
identity	Introduce `linkerd --as` flag for impersonation (#3173)	2019-07-31 16:05:33 -07:00
proxy-injector	Install MWC and VWC During Installation (#2806)	2019-05-20 12:43:50 -07:00
public-api	Remove tap from public API and associated test infrastructure (#3240)	2019-08-14 17:27:37 -04:00
sp-validator	Install MWC and VWC During Installation (#2806)	2019-05-20 12:43:50 -07:00
tap	Remove gRPC tap server listener from controller (#3276)	2019-08-16 16:38:50 -04:00