bd8d47226d
* DNS rebinding protection for the dashboard Fixes #3083 and replacement for #3629 This adds a new parameter to the `linkerd-web` container `enforcedHost` that establishes the regexp that the Host header must enforce, otherwise it returns an error. This parameter will be hard-coded for now, in `linkerd-web`'s deployment yaml. Note this also protects the dashboard because that's proxied from `linkerd-web`. Also note this means the usage of `linkerd dashboard --address` will require the user to change that parameter in the deployment yaml (or have Kustomize do it). How to test: - Run `linkerd dashboard` - Go to http://rebind.it:8080/manager.html and change the target port to 50750 - Click on “Start Attack” and wait for a minute. - The response from the dashboard will be returned, showing an 'Invalid Host header' message returned by the dashboard. If the attack would have succeeded then the dashboard's html would be shown instead. Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io> |
||
|---|---|---|
| .github | ||
| bin | ||
| charts | ||
| cli | ||
| cni-plugin | ||
| controller | ||
| grafana | ||
| pkg | ||
| proto | ||
| proxy-identity | ||
| test | ||
| testutil | ||
| web | ||
| .dockerignore | ||
| .editorconfig | ||
| .gcp.json.enc | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .proxy-version | ||
| ADOPTERS.md | ||
| BUILD.md | ||
| CHANGES.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| DCO | ||
| Dockerfile-base | ||
| Dockerfile-debug | ||
| Dockerfile-go-deps | ||
| Dockerfile-proxy | ||
| GOVERNANCE.md | ||
| LICENSE | ||
| MAINTAINERS.md | ||
| README.md | ||
| SECURITY_AUDIT.pdf | ||
| TEST.md | ||
| go.mod | ||
| go.sum | ||
| tools.go | ||
README.md
🎈 Welcome to Linkerd! 👋
Linkerd is a service mesh, designed to give platform-wide observability, reliability, and security without requiring configuration or code changes.
Linkerd is a Cloud Native Computing Foundation (CNCF) project.
Repo layout
This is the primary repo for the Linkerd 2.x line of development.
The complete list of Linkerd repos is:
- linkerd2: Main Linkerd 2.x repo, including control plane and CLI
- linkerd2-proxy: Linkerd 2.x data plane proxy
- linkerd2-proxy-api: Linkerd 2.x gRPC API bindings
- linkerd: Linkerd 1.x
- website: linkerd.io website (including docs for 1.x and 2.x)
Quickstart and documentation
You can run Linkerd on any Kubernetes 1.12+ cluster in a matter of seconds. See the Linkerd Getting Started Guide for how.
For more comprehensive documentation, start with the Linkerd docs. (The doc source code is available in the website repo.)
Working in this repo
BUILD.md includes general information on how to work in this repo.
We ❤️ pull requests! See CONTRIBUTING.md for info on
contributing changes.
Get involved
- Join Linkerd's user mailing list, developer mailing list, and announcements mailing list.
- Follow @linkerd on Twitter.
- Join the Linkerd Slack.
- Join us in the regular online community meetings!
Community meetings
We host regular online meetings for contributors, adopters, maintainers, and anyone else interested to connect in a synchronous fashion. These meetings take place the last Wednesday of the month at 9am Pacific / 4pm UTC.
We're a friendly group, so please feel free to join us!
Code of conduct
This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.
Security
Security Audit
A third party security audit was performed by Cure53. You can see the full report here.
License
Copyright 2019, Linkerd Authors. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.