- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 64 for ztunnel (0.04 sec)
-
manifests/addons/dashboards/ztunnel.libsonnet
local queries = (import './queries.libsonnet').queries({ container: "istio-proxy", pod: "ztunnel-.*", component: "ztunnel", app: "ztunnel", }); dashboard.new('Istio Ztunnel Dashboard') + g.dashboard.withPanels( grid.makeGrid([ row.new('Process') + row.withPanels([ panels.timeSeries.base('Ztunnel Versions', queries.istioBuild, 'Version number of each running instance'),
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Fri Jul 26 23:54:32 UTC 2024 - 1.9K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
This means Ztunnel will have multiple distinct certificates at a time, one for each unique identity (service account) running on its node. When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload. Critically, the CA must enforce that the ztunnel has permission to request that identity.
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Jul 17 23:10:17 UTC 2024 - 16.8K bytes - Viewed (0) -
architecture/ambient/ztunnel-cni-lifecycle.md
1. Immediately upon starting a drain, `ztunnel-old` will close its listeners. Now only `ztunnel-new` is listening. Critically, at all times there was at least one ztunnel listening. 1. While `ztunnel-old` will not accept *new* connections, it will continue processing existing connections. 1. After `drain period` seconds, `ztunnel-old` will forcefully terminate any outstanding connections. > [!NOTE]
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Jul 17 23:10:17 UTC 2024 - 9.4K bytes - Viewed (0) -
manifests/addons/dashboards/ztunnel-dashboard.gen.json
"type": "prometheus", "uid": "$datasource" }, "expr": "sum by (tag) (istio_build{component=\"ztunnel\"})", "legendFormat": "Version ({{tag}})" } ], "title": "Ztunnel Versions", "type": "timeseries" }, { "datasource": { "type": "datasource", "uid": "-- Mixed --"
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Fri Jul 26 23:54:32 UTC 2024 - 17.3K bytes - Viewed (0) -
architecture/ambient/peer-authentication.md
```mermaid graph TD; src[src pod]-->|plaintext port|ztunnel{"ztunnel (L4 policy applied here)"} ztunnel{ztunnel}-->|TLS|wp{waypoint} wp-->|mTLS|ztunnel ztunnel-->|plaintext|dst[dst pod] ``` And here's an example of an authenticated request to a captured destination: ```mermaid graph TD; src[src pod]-->|15008|ztunnel{ztunnel} ztunnel-->|HBONE|dwp{"destination waypoint (all policy applied here)"}
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Aug 01 20:04:20 UTC 2024 - 3.9K bytes - Viewed (0) -
bin/build_ztunnel.sh
echo "Copying $(pwd)/${ZTUNNEL_BIN_PATH} to ${TARGET_OUT_LINUX}/ztunnel" mkdir -p "${TARGET_OUT_LINUX}" cp "${ZTUNNEL_BIN_PATH}" "${TARGET_OUT_LINUX}/ztunnel" popd } # ztunnel binary vars (TODO handle debug builds, arm, darwin etc.) ISTIO_ZTUNNEL_BASE_URL="${ISTIO_ZTUNNEL_BASE_URL:-https://storage.googleapis.com/istio-build/ztunnel}"
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Tue Apr 02 21:46:06 UTC 2024 - 5K bytes - Viewed (0) -
cni/pkg/nodeagent/ztunnelserver.go
switch { case !errors.Is(err, os.ErrDeadlineExceeded): log.Debugf("ztunnel keepalive failed: %v", err) if errors.Is(err, io.EOF) { log.Debug("ztunnel EOF") return nil } return err case err == nil: log.Warn("ztunnel protocol error, unexpected message") return fmt.Errorf("ztunnel protocol error, unexpected message") default:
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Mon Jul 29 16:08:35 UTC 2024 - 13.2K bytes - Viewed (0) -
istioctl/pkg/ztunnelconfig/ztunnelconfig_test.go
execClientConfig: loggingConfig, args: strings.Split("log ztunnel-9v7nw --level ztunnel::pool:debug", " "), expectedString: "", wantException: false, }, { // set ztunnel logging level execClientConfig: loggingConfig, args: strings.Split("log ztunnel-9v7nw --level debug", " "), expectedString: "current log level is debug", wantException: false, },
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Apr 10 21:51:29 UTC 2024 - 3.8K bytes - Viewed (0) -
architecture/tests/integration.md
- **Purpose**: Tests related to the Ambient mode, including components like `ztunnel`. - **Focus**: 1. Configuration and communication of Ambient components. 1. Interaction between `ztunnel` and Ambient components. 1. Validation of zero-trust security policies. 1. Testing of ambient traffic management. 1. Specific `istioctl ztunnel-config` commands being tested: `all`, `services`, `workloads`, `policies`, `certificates`.
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Oct 09 00:57:44 UTC 2024 - 5.9K bytes - Viewed (0) -
istioctl/pkg/ztunnelconfig/ztunnelconfig.go
istioctl ztunnel-config workload <ztunnel-name[.namespace]> --address 0.0.0.0 -o json # Retrieve Ztunnel config dump separately and inspect from file. kubectl exec -it $ZTUNNEL -n istio-system -- curl localhost:15000/config_dump > ztunnel-config.json istioctl ztunnel-config workloads --file ztunnel-config.json # Retrieve workload summary for a specific namespace
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Oct 09 19:17:45 UTC 2024 - 22.2K bytes - Viewed (0)