- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 22 for mTLS (0.23 sec)
-
pilot/pkg/networking/core/peer_authentication_simulation_test.go
{ Name: "mtls on port 8000", Call: mkCall(8000, simulation.MTLS), Result: simulation.Result{ClusterMatched: "inbound|8000||"}, }, { Name: "plaintext port 9000", Call: mkCall(9000, simulation.Plaintext), Result: simulation.Result{ClusterMatched: "InboundPassthroughCluster"}, }, { Name: "mtls port 9000", Call: mkCall(9000, simulation.MTLS),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/networking/core/sidecar_simulation_test.go
ClusterMatched: "inbound|70||", }, Strict: simulation.Result{ // TLS, but not mTLS Error: simulation.ErrMTLSError, }, }, { Name: "mtls tcp to tcp", Call: simulation.Call{ Port: 70, Protocol: simulation.TCP, TLS: simulation.MTLS, CallMode: simulation.CallModeInbound, }, Disabled: simulation.Result{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
opts = getTLSFilterChainMatchOptions(lp) mtls.TCP = BuildListenerTLSContext(cc.tlsSettings, lb.node, lb.push.Mesh, istionetworking.TransportProtocolTCP, false) mtls.HTTP = mtls.TCP } else { lp := istionetworking.ModelProtocolToListenerProtocol(cc.port.Protocol) opts = getFilterChainMatchOptions(mtls, lp) } // Build the actual chain chains := lb.inboundChainForOpts(cc, mtls, opts) if cc.bindToPort {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/simulation/traffic.go
} mTLSSecretConfigName := "default" if input.MtlsSecretConfigName != "" { mTLSSecretConfigName = input.MtlsSecretConfigName } // mTLS listener will only accept mTLS traffic if fc.TransportSocket != nil && sim.requiresMTLS(fc, mTLSSecretConfigName) != (input.TLS == MTLS) { // If there is no tls inspector, then result.Error = ErrMTLSError return } if len(input.CustomListenerValidations) > 0 {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
pkg/config/constants/constants.go
DefaultPilotTLSCaCertAlternatePath = PilotWellKnownDNSCertPath + "ca.crt" // CertChainFilename is mTLS chain file CertChainFilename = "cert-chain.pem" // KeyFilename is mTLS private key KeyFilename = "key.pem" // RootCertFilename is mTLS root cert RootCertFilename = "root-cert.pem" // ConfigPathDir config directory for storing envoy json config files.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 10K bytes - Viewed (0) -
tests/integration/telemetry/api/dashboard_test.go
"$service", ".*", "$srcns", ".*", "$srcwl", ".*", "$namespace", ".*", "$workload", ".*", "$dstsvc", ".*", "$adapter", ".*", "$qrep", "destination", // Just allow all mTLS settings rather than trying to send mtls and plaintext `connection_security_policy="unknown"`, `connection_security_policy=~".*"`, `connection_security_policy="mutual_tls"`, `connection_security_policy=~".*"`,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 20:46:28 UTC 2024 - 11.4K bytes - Viewed (0) -
pilot/pkg/networking/core/listenertest/match.go
type FilterChainType string const ( PlainTCP FilterChainType = "plaintext TCP" PlainHTTP FilterChainType = "plaintext HTTP" StandardTLS FilterChainType = "TLS" MTLSTCP FilterChainType = "mTLS TCP" MTLSHTTP FilterChainType = "mTLS HTTP" Unknown FilterChainType = "unknown" ) func classifyFilterChain(have *listener.FilterChain) FilterChainType { fcm := have.GetFilterChainMatch()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 6.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
kind: PeerAuthentication metadata: name: global-strict spec: mtls: mode: STRICT `).ApplyOrFail(t) opt = opt.DeepCopy() if !src.Config().HasProxyCapabilities() && dst.Config().HasProxyCapabilities() { // Expect deny if the dest is in the mesh (enforcing mTLS) but src is not (not sending mTLS) opt.Check = CheckDeny } src.CallOrFail(t, opt) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pkg/config/analysis/analyzers/analyzers_test.go
expected: []message{ {msg.NoServerCertificateVerificationDestinationLevel, "DestinationRule db-mtls"}, {msg.NoServerCertificateVerificationPortLevel, "DestinationRule db-mtls"}, }, }, { name: "destinationrule with no cacert, simple at destinationlevel and mutual at port level", inputFiles: []string{ "testdata/destinationrule-compound-mutual-simple.yaml", },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 07:22:31 UTC 2024 - 42.6K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
else echo "ERROR: Some of ETCD_APISERVER_CA_KEY, ETCD_APISERVER_CA_CERT, ETCD_APISERVER_SERVER_KEY, ETCD_APISERVER_SERVER_CERT, ETCD_APISERVER_CLIENT_KEY and ETCD_APISERVER_CLIENT_CERT are missing, mTLS between etcd server and kube-apiserver cannot be enabled. Please provide all mTLS credential." exit 1 fi
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0)