- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 546 for tproxy (0.39 sec)
-
cni/pkg/iptables/iptables.go
"-p", iptablesconstants.TCP, "-i", "lo", "-j", "ACCEPT") // CLI: -A ISTIO_PRERT -p tcp -m tcp --dport <INPORT> -m mark ! --mark 0x539/0xfff -j TPROXY --on-port <INPORT> --on-ip 127.0.0.1 --tproxy-mark 0x111/0xfff // // DESC: Anything heading to <INPORT> that does not have the mark, TPROXY to ztunnel inbound port <INPORT> iptablesBuilder.AppendRule( iptableslog.UndefinedCommand, ChainInpodPrerouting, iptablesconstants.MANGLE,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 21:45:18 UTC 2024 - 19.9K bytes - Viewed (0) -
tools/istio-iptables/pkg/capture/run.go
// to the local service. If not set, no inbound port will be intercepted by istio iptablesOrFail. var table string if cfg.cfg.InboundPortsInclude != "" { if cfg.cfg.InboundInterceptionMode == constants.TPROXY { // When using TPROXY, create a new chain for routing all inbound traffic to // Envoy. Any packet entering this chain gets marked with the ${INBOUND_TPROXY_MARK} mark,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 06 03:53:23 UTC 2024 - 35.4K bytes - Viewed (0) -
pkg/kube/inject/webhook.go
return } // Overriding RunAsUser is now allowed in TPROXY mode, it must always run with uid=0 tproxy := false if proxyConfig.InterceptionMode == meshconfig.ProxyConfig_TPROXY { tproxy = true } else if mode, found := finalPod.Annotations[annotation.SidecarInterceptionMode.Name]; found && mode == iptablesconstants.TPROXY { tproxy = true }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 14 17:59:39 UTC 2024 - 42.2K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/injection-template.yaml
readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} runAsGroup: {{ .ProxyGID | default "1337" }} {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/injection-template.yaml
readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} runAsGroup: {{ .ProxyGID | default "1337" }} {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
pkg/test/framework/components/echo/common/deployment/echos.go
constants.DataplaneModeLabel: constants.DataplaneModeNone, }, }, }, } tProxy := echo.Config{ Service: TproxySvc, ServiceAccount: true, Ports: ports.All(), Subsets: []echo.SubsetConfig{{ Annotations: map[string]string{annotation.SidecarInterceptionMode.Name: "TPROXY"}, Labels: map[string]string{ constants.DataplaneModeLabel: constants.DataplaneModeNone, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 20 16:01:31 UTC 2024 - 16K bytes - Viewed (0) -
pkg/test/framework/components/echo/config.go
} func (c Config) IsTProxy() bool { // TODO this could be HasCustomInjectionMode return len(c.Subsets) > 0 && c.Subsets[0].Annotations != nil && c.Subsets[0].Annotations[annotation.SidecarInterceptionMode.Name] == "TPROXY" } func (c Config) HasAnyWaypointProxy() bool { return c.ServiceWaypointProxy != "" || c.WorkloadWaypointProxy != ""
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 12:26:52 UTC 2024 - 18.2K bytes - Viewed (0) -
pkg/test/framework/resource/flags.go
// NOTE: not using echo.VM, etc. here to avoid circular dependency. if s.SkipVM { s.SkipWorkloadClasses = append(s.SkipWorkloadClasses, "vm") } if s.SkipTProxy { s.SkipWorkloadClasses = append(s.SkipWorkloadClasses, "tproxy") } // Allow passing a single CSV flag as well normalized := make(ArrayFlags, 0) for _, sk := range s.SkipWorkloadClasses { normalized = append(normalized, strings.Split(sk, ",")...) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 19:04:51 UTC 2024 - 14K bytes - Viewed (0) -
pilot/pkg/model/context.go
// GetProxyConfigNamespace extracts the namespace associated with the proxy // from the proxy metadata or the proxy ID func GetProxyConfigNamespace(proxy *Proxy) string { if proxy == nil { return "" } // First look for ISTIO_META_CONFIG_NAMESPACE // All newer proxies (from Istio 1.1 onwards) are supposed to supply this if len(proxy.Metadata.Namespace) > 0 { return proxy.Metadata.Namespace }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 08:29:05 UTC 2024 - 33.6K bytes - Viewed (1) -
cni/pkg/plugin/sidecar_redirect.go
"strings" "istio.io/api/annotation" "istio.io/istio/pkg/log" "istio.io/istio/tools/istio-iptables/pkg/cmd" ) const ( redirectModeREDIRECT = "REDIRECT" redirectModeTPROXY = "TPROXY" defaultProxyStatusPort = "15020" defaultRedirectToPort = "15001" defaultNoRedirectUID = "1337" defaultNoRedirectGID = "1337" defaultRedirectMode = redirectModeREDIRECT
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jan 26 20:34:28 UTC 2024 - 10.6K bytes - Viewed (0)