- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 31 for mtls (0.2 sec)
-
tests/integration/security/ca_custom_root/trust_domain_validation_test.go
) const ( httpPlaintext = "http-plaintext" httpMTLS = "http-mtls" tcpPlaintext = "tcp-plaintext" tcpMTLS = "tcp-mtls" tcpWL = "tcp-wl" passThrough = "tcp-mtls-pass-through" // policy to enable mTLS in client and server: // ports with plaintext: 8090 (http) and 8092 (tcp) // ports with mTLS: 8091 (http), 8093 (tcp) and 9000 (tcp passthrough). policy = `
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 5.9K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
kind: PeerAuthentication metadata: name: "mtls" spec: mtls: mode: STRICT --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: "server-naked" spec: host: "*.local" trafficPolicy: tls: mode: ISTIO_MUTUAL ` ) // TestTrustDomainAliasSecureNaming scope:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/ep_filters.go
} } // EndpointsWithMTLSFilter removes all endpoints that do not handle mTLS. This is determined by looking at // auto-mTLS, DestinationRule, and PeerAuthentication to determine if we would send mTLS to these endpoints. // Note there is no guarantee these destinations *actually* handle mTLS; just that we are configured to send mTLS to them.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 01:17:58 UTC 2024 - 9.1K bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
// It may return nil, if no authentication is needed. AuthNFilter(forSidecar bool) *hcm.HttpFilter // PortLevelSetting returns port level mTLS settings. PortLevelSetting() map[uint32]model.MutualTLSMode MtlsPolicy } type MtlsPolicy interface { // GetMutualTLSModeForPort gets the mTLS mode for the given port. If there is no port level setting, it // returns the inherited namespace/mesh level setting.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
tests/integration/security/sds_ingress/quic/ingress_test.go
ingressutil.RunTestMultiQUICGateways(t, inst, ingressutil.TLS, namespace.Future(&echo1NS)) }) }) } // TestMtlsGatewaysWithQUIC deploys multiple mTLS gateways with SDS enabled, and creates kubernetes that store // private key, server certificate and CA certificate for each mTLS gateway. Verifies that client can communicate // by using both QUIC and TCP/mTLS func TestMtlsGatewaysWithQUIC(t *testing.T) { // nolint: staticcheck
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.6K bytes - Viewed (0) -
tests/integration/pilot/grpc_probe_test.go
} ns := namespace.NewOrFail(t, t, namespace.Config{Prefix: "grpc-probe", Inject: true}) // apply strict mtls t.ConfigKube(t.Clusters().Configs()...).YAML(ns.Name(), ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: grpc-probe-mtls spec: mtls: mode: STRICT`).ApplyOrFail(t) for _, testCase := range []struct { name string rewrite bool
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.8K bytes - Viewed (0) -
tests/integration/security/mtls_healthcheck_test.go
) { ctx.Helper() wantSuccess := rewrite policyYAML := fmt.Sprintf(`apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "mtls-strict-for-%v" spec: selector: matchLabels: app: "%v" mtls: mode: STRICT `, name, name) ctx.ConfigIstio().YAML(ns.Name(), policyYAML).ApplyOrFail(ctx) var healthcheck echo.Instance cfg := echo.Config{ Namespace: ns,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.9K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/secure_naming_test.go
// - The certificate issued by CA to the sidecar is as expected and that strict mTLS works as expected. // - The plugin CA certs are correctly used in workload mTLS. // - The CA certificate in the configmap of each namespace is as expected, which // // is used for data plane to control plane TLS authentication. // // - Secure naming information is respected in the mTLS handshake. func TestSecureNaming(t *testing.T) { framework.NewTest(t).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 7.5K bytes - Viewed (0) -
releasenotes/notes/push-cds-on-auto-passthrough-gateway-change.yaml
apiVersion: release-notes/v2 kind: bug-fix area: traffic-management releaseNotes: - |
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 16:52:59 UTC 2024 - 181 bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/templates/NOTES.txt
"pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" "global.mtls.enabled" "the PeerAuthentication resource" "global.mtls.auto" "meshConfig.enableAutoMtls" "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 20:02:28 UTC 2024 - 4.6K bytes - Viewed (0)