没有入口的 Linkerd 授权策略
[英]Linkerd authorization policy without ingress
问题描述
I am newbie to service mesh and k8 in general.
一般来说,我是服务网格和 k8 的新手。
From my understanding Linkerd does not provide it's own ingress controller.据我了解,Linkerd 不提供它自己的入口控制器。 In that case, in my understanding Linkerd does not have reverse-proxy in itself.在这种情况下,据我了解,Linkerd 本身并没有反向代理。 However, it can still do authorization of the request.但是,它仍然可以对请求进行授权。 How is this possible?这怎么可能? Is it the control plane responsible for authorization (eg mTLS) of inbound traffic (to pod)?它是负责入站流量(到 pod)的授权(例如 mTLS)的控制平面吗?
1 个解决方案
解决方案1
2 已采纳 2022-06-30 14:50:42
You are correct that Linkerd does not provide its own ingress controller, instead pairing with whichever existing ingress controller you want.您是正确的,Linkerd 没有提供自己的入口控制器,而是与您想要的任何现有入口控制器配对。 Linkerd's mTLS, authn, authz features are used for internal service-to-service / pod-to-pod communication in the cluster. Linkerd 的 mTLS、authn、authz 特性用于集群内部的 service-to-service / pod-to-pod 通信。 So the ingress handles the first contact with out-of-cluster traffic and hands it off to Linkerd for everything internal.因此,入口处理与集群外流量的第一次联系,并将其交给 Linkerd 处理内部的一切。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.