You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We'd like applications to be able to verify what other applications are contacting them, knowing that linkerd has verified them. This allows the application of access control and a stronger debugging story.
How should the problem be solved?
Ideally, headers would be added to HTTP requests that indicate what service sent this request, for the application of access restrictions.
This could in principle be multi-valued (so would show that the request went to service A, then service B, before arriving at service C). This would help debugging, though I suspect it would be rather too easy to spoof headers for this to add much security.
There are security implications to this, so this would have to be configurable, and probably disabled by default.
Any alternatives you've considered?
Much of the access control logic could be done via SMI features (i.e. Traffic Access Control).
However, it would still be valuable to be able to apply more fine grained control in the application and to log the remote service for debug purposes.
How would users interact with this feature?
The primary use cases I can think of are the following.
Implementing basic access restrictions in the application, pending full SMI access control.
Implementing more subtle and detailed access control (e.g. requests from service A are trusted, while requests from service B are not).
Logging of where remote traffic arrived from for debugging purposes.
The text was updated successfully, but these errors were encountered:
I'd be very happy with this as an opt-in feature with an injection flag. Am I right in saying that injection flags could be at any level, i.e. at pod level or at namespace level?
Feature Request
What problem are you trying to solve?
We'd like applications to be able to verify what other applications are contacting them, knowing that linkerd has verified them. This allows the application of access control and a stronger debugging story.
How should the problem be solved?
Ideally, headers would be added to HTTP requests that indicate what service sent this request, for the application of access restrictions.
This could in principle be multi-valued (so would show that the request went to service A, then service B, before arriving at service C). This would help debugging, though I suspect it would be rather too easy to spoof headers for this to add much security.
There are security implications to this, so this would have to be configurable, and probably disabled by default.
Any alternatives you've considered?
Much of the access control logic could be done via SMI features (i.e. Traffic Access Control).
However, it would still be valuable to be able to apply more fine grained control in the application and to log the remote service for debug purposes.
How would users interact with this feature?
The primary use cases I can think of are the following.
Implementing basic access restrictions in the application, pending full SMI access control.
Implementing more subtle and detailed access control (e.g. requests from service A are trusted, while requests from service B are not).
Logging of where remote traffic arrived from for debugging purposes.
The text was updated successfully, but these errors were encountered: