- Sort Score
- Result 10 results
- Languages All
Results 1 - 8 of 8 for task (0.27 sec)
-
architecture/ambient/ztunnel.md
## Redirection As ztunnel aims to transparently encrypt and route users traffic, we need a mechanism to capture all traffic entering and leaving "mesh" pods. This is a security critical task: if the ztunnel can be bypassed, authorization policies can be bypassed. Redirection must meet these requirements: * All traffic *egressing* a pod in the mesh should be redirected to the node-local ztunnel on port 15001.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
# Redirect only selected ports: --includeInboundPorts="80,8080" excludeInboundPorts: "" includeInboundPorts: "*" # istio egress capture allowlist # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" # would only capture egress traffic on those two IP Ranges, all other outbound traffic would
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.3K bytes - Viewed (0) -
cni/pkg/nodeagent/net.go
// 2. Adding the pod's IPs to the hostnetns ipsets for node probe checks // 3. Creating iptables rules inside the pod's netns // 4. Notifying ztunnel via GRPC to create a proxy for the pod // // You may ask why we pass the pod IPs separately from the pod manifest itself (which contains the pod IPs as a field) // - this is because during add specifically, if CNI plugins have not finished executing,
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
common/scripts/kind_provisioner.sh
# KinD cluster like its name, pod and service subnets and network_id. If two cluster # have the same network_id then they belong to the same network and their pods can # talk to each other directly. # # [{ "cluster_name": "cluster1","pod_subnet": "10.10.0.0/16","svc_subnet": "10.255.10.0/24","network_id": "0" },
Shell Script - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 08 19:12:55 GMT 2024 - 17.3K bytes - Viewed (1) -
Makefile.core.mk
.PHONY: test # This target sets JUNIT_REPORT to the location of the go-junit-report binary. # This binary is provided in the build container. If it is not found, the build # container is not being used, so ask the user to install go-junit-report. JUNIT_REPORT := $(shell which go-junit-report 2> /dev/null || echo "${ISTIO_BIN}/go-junit-report") ${ISTIO_BIN}/go-junit-report:
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 20:25:15 GMT 2024 - 22.5K bytes - Viewed (0) -
manifests/charts/istiod-remote/values.yaml
# Redirect only selected ports: --includeInboundPorts="80,8080" excludeInboundPorts: "" includeInboundPorts: "*" # istio egress capture allowlist # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" # would only capture egress traffic on those two IP Ranges, all other outbound traffic would
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.2K bytes - Viewed (0) -
istioctl/pkg/precheck/precheck.go
messages.Add(msg.NewUpdateIncompatibility(res, "meshConfig.defaultConfig.tracer", "1.21", "tracing is no longer by default enabled to send to 'zipkin.istio-system.svc'; "+ "follow https://istio.io/latest/docs/tasks/observability/distributed-tracing/telemetry-api/", "1.21")) return nil } func checkPassthroughTargetPorts(cli kube.CLIClient, messages *diag.Messages) error {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri Apr 12 02:57:30 GMT 2024 - 19.3K bytes - Viewed (0) -
common-protos/k8s.io/api/policy/v1beta1/generated.proto
// rule is the strategy that will dictate the allowable labels that may be set. optional string rule = 1; // seLinuxOptions required to run as; required for MustRunAs // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ // +optional optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2; }
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 19.6K bytes - Viewed (0)