- Sort Score
- Result 10 results
- Languages All
Results 1 - 9 of 9 for ca (0.17 sec)
-
docker/Dockerfile.base
# hadolint ignore=DL3005,DL3008 RUN apt-get update && \ apt-get install --no-install-recommends -y \ ca-certificates \ curl \ iptables \ iproute2 \ iputils-ping \ knot-dnsutils \ netcat-openbsd \ tcpdump \ conntrack \ bsdmainutils \ net-tools \ lsof \ sudo \ && update-ca-certificates \ && apt-get upgrade -y \ && apt-get clean \
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 18:50:51 GMT 2024 - 1000 bytes - Viewed (0) -
architecture/ambient/ztunnel.md
When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload. Critically, the CA must enforce that the ztunnel has permission to request that identity. Requests for identities not running on the node are rejected. This is critical to ensure that a compromised node does not compromise the entire mesh.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
manifests/charts/README.md
- Better security: separate Istio components reside in different namespaces, allowing different teams or roles to manage different parts of Istio. For example, a security team would maintain the root CA and policy, a telemetry team may only have access to Prometheus, and a different team may maintain the control plane components (which are highly security sensitive).
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Feb 07 17:53:24 GMT 2024 - 6.7K bytes - Viewed (0) -
common-protos/k8s.io/api/certificates/v1alpha1/generated.proto
// // The data must consist only of PEM certificate blocks that parse as valid // X.509 certificates. Each certificate must include a basic constraints // extension with the CA bit set. The API server will reject objects that // contain duplicate certificates, or that use PEM block headers. // // Users of ClusterTrustBundles, including Kubelet, are free to reorder and
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 4.2K bytes - Viewed (0) -
istioctl/pkg/proxyconfig/testdata/config_dump_summary.txt
secret/default Cert Chain ACTIVE false 6fbee254c22900615cb1f74e3d2f1713 2023-05-16T01:32:52Z 2023-05-15T01:30:52Z secret/ROOTCA CA ACTIVE true 193a543fe2b0d9cd4847675394dfc54 2033-05-02T03:41:33Z 2023-05-05T03:41:33Z NAME STATUS LOCALITY CLUSTER
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Jan 03 23:08:06 GMT 2024 - 2.2K bytes - Viewed (0) -
common-protos/k8s.io/api/certificates/v1/generated.proto
// // Custom signerNames can also be specified. The signer defines: // 1. Trust distribution: how trust (CA bundles) are distributed. // 2. Permitted subjects: and behavior when a disallowed subject is requested.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 11.6K bytes - Viewed (0) -
common-protos/k8s.io/api/admissionregistration/v1/generated.proto
// // If the webhook is running within the cluster, then you should use `service`. // // +optional optional ServiceReference service = 1; // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. // If unspecified, system trust roots on the apiserver are used. // +optional optional bytes caBundle = 2;
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 24.4K bytes - Viewed (0) -
common-protos/k8s.io/api/admissionregistration/v1beta1/generated.proto
// // If the webhook is running within the cluster, then you should use `service`. // // +optional optional ServiceReference service = 1; // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. // If unspecified, system trust roots on the apiserver are used. // +optional optional bytes caBundle = 2;
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 22.6K bytes - Viewed (0) -
architecture/networking/pilot.md
#### Webhooks Istio contains both Validation and Mutating webhook configurations. These need a `caBundle` specified in order to provision the TLS trust. Because Istiod's CA certificate is somewhat dynamic, this is patched at runtime (rather than part of the install). The webhook controllers handle this patching.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Feb 07 17:53:24 GMT 2024 - 19.1K bytes - Viewed (0)