- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 19 for leaving (0.2 sec)
-
architecture/ambient/ztunnel.md
## Redirection As ztunnel aims to transparently encrypt and route users traffic, we need a mechanism to capture all traffic entering and leaving "mesh" pods. This is a security critical task: if the ztunnel can be bypassed, authorization policies can be bypassed. Redirection must meet these requirements:
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
cni/pkg/ipset/nldeps_linux.go
} return nil } // Alpine and some distros struggles with this - ipset CLI utilities support this, but // the kernel can be out of sync with the CLI utility, leading to errors like: // // ipset v7.10: Argument `comment' is supported in the kernel module of the set type hash:ip // starting from the revision 3 and you have installed revision 1 only. // Your kernel is behind your ipset utility.
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 3.9K bytes - Viewed (0) -
cni/pkg/nodeagent/informers.go
// test flakes with the fake kube client in `pkg/kube/client.go` - // because we are using `List()` in the handler, without this requeue, // the fake client will sometimes drop pod events leading to test flakes. // // WaitForCacheSync *helps*, but does not entirely fix this problem s.namespaces = kclient.New[*corev1.Namespace](kubeClient)
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 9.6K bytes - Viewed (0) -
architecture/ambient/peer-authentication.md
## PeerAuthentication and the Waypoint Proxy (Note: this section is not yet implemented and is dependent upon discussion in the [ztunnel hairpinning doc](https://docs.google.com/document/d/1uM1c3zzoehiijh1ZpZuJ1-SzuVVupenv8r5yuCaFshs/edit#heading=h.dwbqvwmg6ud3))
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Aug 09 22:09:18 GMT 2023 - 3.9K bytes - Viewed (0) -
cni/pkg/nodeagent/net.go
func (s *NetServer) RemovePodFromMesh(ctx context.Context, pod *corev1.Pod) error { log := log.WithLabels("ns", pod.Namespace, "name", pod.Name) log.Debugf("Pod is now opt out... cleaning up.") openNetns := s.currentPodSnapshot.Take(string(pod.UID)) if openNetns == nil { log.Warn("failed to find pod netns") return fmt.Errorf("failed to find pod netns") }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
cni/pkg/nodeagent/server.go
} log.Info("CNI ambient server marking ready") s.Ready() s.dataplane.Start(s.ctx) s.handlers.Start() } func (s *Server) Stop() { log.Info("CNI ambient server terminating, cleaning up node net rules") s.cniServerStopFunc() s.dataplane.Stop() } type meshDataplane struct { kubeClient kubernetes.Interface netServer MeshDataplane }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 7.2K bytes - Viewed (0) -
istioctl/pkg/kubeinject/kubeinject.go
if err != nil { return nil, nil, err } injectConfig, err := readInjectConfigFile(injectionConfig) if err != nil { return nil, nil, multierror.Append(err, fmt.Errorf("loading --injectConfigFile")) } *sidecarTemplate = injectConfig } else { injector, err = setUpExternalInjector(cliContext, revision, injectorAddress) if err != nil || injector.clientConfig == nil {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri Mar 29 02:29:02 GMT 2024 - 21.6K bytes - Viewed (0) -
common-protos/k8s.io/api/resource/v1alpha2/generated.proto
// DeallocationRequested indicates that a ResourceClaim is to be // deallocated. // // The driver then must deallocate this claim and reset the field // together with clearing the Allocation field. // // While DeallocationRequested is set, no new consumers may be added to // ReservedFor. // +optional optional bool deallocationRequested = 4; }
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 14.4K bytes - Viewed (0) -
common/scripts/kind_provisioner.sh
function cleanup_kind_cluster() { echo "Test exited with exit code $?." NAME="${1}" kind export logs --name "${NAME}" "${ARTIFACTS}/kind" -v9 || true if [[ -z "${SKIP_CLEANUP:-}" ]]; then echo "Cleaning up kind cluster" kind delete cluster --name "${NAME}" -v9 || true fi } # check_default_cluster_yaml checks the presence of default cluster YAML # It returns 1 if it is not present
Shell Script - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 08 19:12:55 GMT 2024 - 17.3K bytes - Viewed (1) -
operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz
`Deployment.spec.selector` labels must match. If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: ```yaml app: istio-gateway istio: gateway # the release name with leading istio- prefix stripped ``` If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels `foo=bar,istio=ingressgateway`: ```yaml name: my-custom-gateway...
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Jan 10 05:10:03 GMT 2024 - 198.1K bytes - Viewed (1)