forked from cilium/cilium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Until now, auth map entries were garbage collected based on the following criterias: * related identity has been deleted * related node has been deleted * entry has been expired The initial goal was that expiration will cover the case where no longer a policy is enforcing authentication. But the introduction of re-authentication (cilium#25927) changed this, because the entries would have re-authenticated "forever" (until identity or node would have been deleted). Therefore, this commit introduces some rudimentary garbage collection based on policies by periodically checking whether a policy is still enforcing authentication between two identities. If not, the auth map entry gets deleted. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
- Loading branch information
1 parent
073270e
commit f0cb281
Showing
3 changed files
with
102 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters