Affected by GO-2024-3072 and 5 other vulnerabilities

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

auth

package

v1.14.13 Latest Latest Go to latest Published: Jul 11, 2024 License: Apache-2.0 Imports: 9 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Overview ¶

Package auth provides routines to manage mutual authentication identities in Cilium. If enabled, the operator will watch for CiliumIdentity resources and provision corresponding external identities such as SPIFFE identities.

Index ¶

Variables
type Config
- func (cfg Config) Flags(flags *pflag.FlagSet)
type IdentityWatcher

Constants ¶

This section is empty.

Variables ¶

View Source

var Cell = cell.Module(
	"auth-identity",
	"Cilium Mutual Authentication Identity management",
	spire.Cell,
	cell.Config(Config{}),
	cell.Invoke(registerIdentityWatcher),
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Enabled bool `mapstructure:"mesh-auth-mutual-enabled"`
}

Config contains the configuration for the identity-gc.

func (Config) Flags ¶

func (cfg Config) Flags(flags *pflag.FlagSet)

Flags implements cell.Flagger interface.

type IdentityWatcher ¶

type IdentityWatcher struct {
	// contains filtered or unexported fields
}

IdentityWatcher represents the Cilium identities watcher. It watches for Cilium identities and upserts or deletes them in Spire.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
identity
spire

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL