- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 69 for tunnels (0.17 sec)
-
architecture/ambient/ztunnel.md
This means Ztunnel will have multiple distinct certificates at a time, one for each unique identity (service account) running on its node. When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload. Critically, the CA must enforce that the ztunnel has permission to request that identity.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
bin/build_ztunnel.sh
fi ZTUNNEL_REPO_SHA="${ZTUNNEL_REPO_SHA:-$(grep ZTUNNEL_REPO_SHA istio.deps -A 4 | grep lastStableSHA | cut -f 4 -d '"')}" ISTIO_ZTUNNEL_VERSION="${ISTIO_ZTUNNEL_VERSION:-${ZTUNNEL_REPO_SHA}}" ISTIO_ZTUNNEL_RELEASE_URL="${ISTIO_ZTUNNEL_RELEASE_URL:-${ISTIO_ZTUNNEL_BASE_URL}/ztunnel-${ISTIO_ZTUNNEL_VERSION}-${TARGET_ARCH}}" ISTIO_ZTUNNEL_LINUX_RELEASE_NAME="${ISTIO_ZTUNNEL_LINUX_RELEASE_NAME:-ztunnel-${ISTIO_ZTUNNEL_VERSION}}"
Shell Script - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 02 21:46:06 GMT 2024 - 5K bytes - Viewed (0) -
cni/README.md
Broadly, `istio-cni` accomplishes ambient redirection by instructing ztunnel to set up sockets within the application pod network namespace, where: - one end of the socket is in the application pod - and the other end is in ztunnel's pod and setting up iptables rules to funnel traffic thru that socket "tube" to ztunnel and back.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 12.3K bytes - Viewed (0) -
manifests/charts/gateways/istio-egress/files/profile-ambient.yaml
# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/istio-operator/files/profile-ambient.yaml
# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/istiod-remote/files/profile-openshift-ambient.yaml
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat May 04 01:17:57 GMT 2024 - 955 bytes - Viewed (0) -
manifests/profiles/ambient.yaml
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: components: cni: enabled: true ztunnel: enabled: true ingressGateways: - name: istio-ingressgateway enabled: false values:
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Jan 10 05:10:03 GMT 2024 - 246 bytes - Viewed (0) -
cni/pkg/config/config.go
// The UDS server address that CNI plugin will send log to. LogUDSAddress string // The watch server socket address that CNI plugin will forward CNI events to. CNIEventAddress string // The ztunnel server socket address that the ztunnel will connect to. ZtunnelUDSAddress string // Whether ambient is enabled AmbientEnabled bool // Whether ambient DNS capture is enabled AmbientDNSCapture bool
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 5.5K bytes - Viewed (0) -
manifests/charts/istiod-remote/templates/crd-all.gen.yaml
connection is tunneled. type: string targetPort: description: Specifies a port to which the downstream connection is tunneled. maximum: 4294967295 minimum: 0
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 20:20:47 GMT 2024 - 606.1K bytes - Viewed (0) -
common-protos/k8s.io/api/certificates/v1beta1/generated.proto
// "decipher only", // "any", // "server auth", // "client auth", // "code signing", // "email protection", // "s/mime", // "ipsec end system", // "ipsec tunnel", // "ipsec user", // "timestamping", // "ocsp signing", // "microsoft sgc", // "netscape sgc" // +listType=atomic repeated string usages = 5;
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 6.7K bytes - Viewed (0)