- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 17 for mesh (0.12 sec)
-
architecture/ambient/ztunnel.md
As ztunnel aims to transparently encrypt and route users traffic, we need a mechanism to capture all traffic entering and leaving "mesh" pods. This is a security critical task: if the ztunnel can be bypassed, authorization policies can be bypassed. Redirection must meet these requirements: * All traffic *egressing* a pod in the mesh should be redirected to the node-local ztunnel on port 15001.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
cni/pkg/nodeagent/informers.go
if matchAmbient { log.Infof("Namespace %s is enabled in ambient mesh", namespace) } else { log.Infof("Namespace %s is disabled from ambient mesh", namespace) } for _, pod := range s.pods.List(namespace, klabels.Everything()) { // ztunnel pods are never "added to/removed from the mesh", so do not fire // spurious events for them to avoid triggering extra
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 9.6K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/waypoint.yaml
{{- if .Values.global.meshID }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.meshID }}" {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - name: ISTIO_META_MESH_ID value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" {{- end }} resources:
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 10.1K bytes - Viewed (0) -
cni/pkg/nodeagent/net.go
CNIMode: false, // we are in cni, but as we do the netns ourselves, we should keep this as false. NetworkNamespace: "", } } // Remove pod from mesh: pod is not deleted, we just want to remove it from the mesh. func (s *NetServer) RemovePodFromMesh(ctx context.Context, pod *corev1.Pod) error { log := log.WithLabels("ns", pod.Namespace, "name", pod.Name) log.Debugf("Pod is now opt out... cleaning up.")
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
cni/pkg/plugin/plugin_test.go
testDoAddRun(t, cniConf, testNSName, pod, ns) wasCalled := serverClose() // Pod in namespace with enabled ambient label, should be added to mesh assert.Equal(t, wasCalled, true) } func TestCmdAddAmbientEnabledOnNSServerFails(t *testing.T) { url, serverClose := setupCNIEventClientWithMockServer(true) cniConf := buildMockConf(true, url)
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 15:58:51 GMT 2024 - 17.5K bytes - Viewed (0) -
cni/pkg/nodeagent/server.go
if err != nil { log.Errorf("failed to remove pod from mesh: %v", err) return err } log.Debug("removing annotation from pod") err = util.AnnotateUnenrollPod(s.kubeClient, &pod.ObjectMeta) if err != nil { log.Errorf("failed to annotate pod unenrollment: %v", err) } return err } // Delete pod from mesh: pod is deleted. iptables rules will die with it, we just need to update ztunnel
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 7.2K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml
{{- end}} {{- if .Values.global.meshID }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.meshID }}" {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - name: ISTIO_META_MESH_ID value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" {{- end }}
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri Apr 26 16:51:17 GMT 2024 - 12.1K bytes - Viewed (0) -
cni/README.md
- watches k8s resource for existing pods, so that pods that have already been started can be moved in or out of the ambient mesh. - sends UDS events to ztunnel via a socket whenever a pod is enabled for ambient mesh (whether from CNI plugin or node watcher), instructing ztunnel to create the "tube" socket.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 12.3K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/injection-template.yaml
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" {{- end }} {{- if .Values.global.meshID }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.meshID }}" {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - name: ISTIO_META_MESH_ID value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" {{- end }}
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri Apr 26 16:51:17 GMT 2024 - 23.7K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/injection-template.yaml
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" {{- end }} {{- if .Values.global.meshID }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.meshID }}" {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - name: ISTIO_META_MESH_ID value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" {{- end }}
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri Apr 26 16:51:17 GMT 2024 - 23.7K bytes - Viewed (1)