Revision 1eb12e071ff3ee95bf209a6e9eaf25caa7c0c006 authored by Marco Iorio on 26 February 2024, 11:10:47 UTC, committed by Louis DeLosSantos on 27 February 2024, 14:34:29 UTC
Currently, we add the remote NodeInternalIPs to the list of allowed IPs associated with a given WireGuard peer only in certain circumstances, and more specifically when either tunneling or node to node encryption are enabled. However, this logic doesn't practically buy us anything in terms of additional security, but causes potential traffic disruption in case users want to enable/disable node2node encryption in a running cluster. Hence, let's just get rid of it, and unconditionally add NodeInternalIPs to the list of allowed IPs. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
1 parent ee6b688
| File | Mode | Size |
|---|---|---|
| .devcontainer | ||
| .github | ||
| .nvim | ||
| .travis | ||
| .vscode | ||
| Documentation | ||
| api | ||
| bpf | ||
| bugtool | ||
| cilium-dbg | ||
| cilium-health | ||
| clustermesh-apiserver | ||
| contrib | ||
| daemon | ||
| examples | ||
| hack | ||
| hubble-relay | ||
| images | ||
| install | ||
| operator | ||
| pkg | ||
| plugins | ||
| test | ||
| tools | ||
| vendor | ||
| .authors.aux | -rw-r--r-- | 416 bytes |
| .clang-format | -rw-r--r-- | 7.6 KB |
| .clomonitor.yml | -rw-r--r-- | 984 bytes |
| .gitattributes | -rw-r--r-- | 887 bytes |
| .gitignore | -rw-r--r-- | 1.8 KB |
| .golangci.yaml | -rw-r--r-- | 4.1 KB |
| .mailmap | -rw-r--r-- | 6.5 KB |
| .openvex.json | -rw-r--r-- | 4.6 KB |
| .travis.yml | -rw-r--r-- | 506 bytes |
| AUTHORS | -rw-r--r-- | 46.9 KB |
| CODEOWNERS | -rw-r--r-- | 27.6 KB |
| CODE_OF_CONDUCT.md | -rw-r--r-- | 2.2 KB |
| CONTRIBUTING.md | -rw-r--r-- | 691 bytes |
| FURTHER_READINGS.rst | -rw-r--r-- | 6.4 KB |
| LICENSE | -rw-r--r-- | 11.1 KB |
| MAINTAINERS.md | -rw-r--r-- | 4.6 KB |
| Makefile | -rw-r--r-- | 26.6 KB |
| Makefile.defs | -rw-r--r-- | 7.3 KB |
| Makefile.docker | -rw-r--r-- | 7.1 KB |
| Makefile.kind | -rw-r--r-- | 16.7 KB |
| Makefile.quiet | -rw-r--r-- | 818 bytes |
| README.rst | -rw-r--r-- | 19.6 KB |
| SECURITY-INSIGHTS.yml | -rw-r--r-- | 2.1 KB |
| SECURITY.md | -rw-r--r-- | 1.0 KB |
| USERS.md | -rw-r--r-- | 33.4 KB |
| VERSION | -rw-r--r-- | 11 bytes |
| Vagrantfile | -rw-r--r-- | 14.9 KB |
| go.mod | -rw-r--r-- | 12.6 KB |
| go.sum | -rw-r--r-- | 95.0 KB |
| netlify.toml | -rw-r--r-- | 92 bytes |
| stable.txt | -rw-r--r-- | 8 bytes |
| vagrant_box_defaults.rb | -rw-r--r-- | 334 bytes |
Computing file changes ...
