Hi there,
is there a way to browse the Pilot map for the secure naming[1]?
I would like to see how this check is working.
btw, is this secure naming check performed in layer 4 as the TLS handshake?
1 Like
is there a way to browse the Pilot map for the secure naming[1]?
I would like to see how this check is working.
I believe we don’t store the secure naming in any place in pilot, it’s calculated and used in runtime during every config push, so I’m afraid you cannot easily browse it in Pilot. It’s set here: https://github.com/istio/istio/blob/ac7ca2b1baacffd24bae315c3de5ab8c10590014/pilot/pkg/networking/core/v1alpha3/cluster.go#L905
btw, is this secure naming check performed in layer 4 as the TLS handshake?
It’s performed in the client side Envoy during the TLS handshake step.
I think you can check the secure naming map by inspecting the Envoy’s core dump at 15000 port. You can view it through a port-forwarding.