Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 64 for ztunnel (0.04 sec)

  1. manifests/addons/dashboards/ztunnel.libsonnet

    local queries = (import './queries.libsonnet').queries({
      container: "istio-proxy",
      pod: "ztunnel-.*",
      component: "ztunnel",
      app: "ztunnel",
    });
    
    dashboard.new('Istio Ztunnel Dashboard')
    + g.dashboard.withPanels(
      grid.makeGrid([
        row.new('Process')
        + row.withPanels([
          panels.timeSeries.base('Ztunnel Versions', queries.istioBuild, 'Version number of each running instance'),
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Fri Jul 26 23:54:32 UTC 2024
    - 1.9K bytes
    - Viewed (0)
  2. architecture/ambient/ztunnel.md

    This means Ztunnel will have multiple distinct certificates at a time, one for each unique identity (service account) running on its node.
    
    When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload.
    Critically, the CA must enforce that the ztunnel has permission to request that identity.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 16.8K bytes
    - Viewed (0)
  3. architecture/ambient/ztunnel-cni-lifecycle.md

    1. Immediately upon starting a drain, `ztunnel-old` will close its listeners. Now only `ztunnel-new` is listening. Critically, at all times there was at least one ztunnel listening.
    1. While `ztunnel-old` will not accept *new* connections, it will continue processing existing connections.
    1. After `drain period` seconds, `ztunnel-old` will forcefully terminate any outstanding connections.
    
    > [!NOTE]
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 9.4K bytes
    - Viewed (0)
  4. manifests/addons/dashboards/ztunnel-dashboard.gen.json

                      "type": "prometheus",
                      "uid": "$datasource"
                   },
                   "expr": "sum by (tag) (istio_build{component=\"ztunnel\"})",
                   "legendFormat": "Version ({{tag}})"
                }
             ],
             "title": "Ztunnel Versions",
             "type": "timeseries"
          },
          {
             "datasource": {
                "type": "datasource",
                "uid": "-- Mixed --"
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Fri Jul 26 23:54:32 UTC 2024
    - 17.3K bytes
    - Viewed (0)
  5. architecture/ambient/peer-authentication.md

    ```mermaid
    graph TD;
    src[src pod]-->|plaintext port|ztunnel{"ztunnel (L4 policy applied here)"}
    ztunnel{ztunnel}-->|TLS|wp{waypoint}
    wp-->|mTLS|ztunnel
    ztunnel-->|plaintext|dst[dst pod]
    ```
    
    And here's an example of an authenticated request to a captured destination:
    
    ```mermaid
    graph TD;
    src[src pod]-->|15008|ztunnel{ztunnel}
    ztunnel-->|HBONE|dwp{"destination waypoint (all policy applied here)"}
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Aug 01 20:04:20 UTC 2024
    - 3.9K bytes
    - Viewed (0)
  6. bin/build_ztunnel.sh

      echo "Copying $(pwd)/${ZTUNNEL_BIN_PATH} to ${TARGET_OUT_LINUX}/ztunnel"
      mkdir -p "${TARGET_OUT_LINUX}"
      cp "${ZTUNNEL_BIN_PATH}" "${TARGET_OUT_LINUX}/ztunnel"
      popd
    }
    
    # ztunnel binary vars (TODO handle debug builds, arm, darwin etc.)
    ISTIO_ZTUNNEL_BASE_URL="${ISTIO_ZTUNNEL_BASE_URL:-https://storage.googleapis.com/istio-build/ztunnel}"
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Tue Apr 02 21:46:06 UTC 2024
    - 5K bytes
    - Viewed (0)
  7. cni/pkg/nodeagent/ztunnelserver.go

    			switch {
    			case !errors.Is(err, os.ErrDeadlineExceeded):
    				log.Debugf("ztunnel keepalive failed: %v", err)
    				if errors.Is(err, io.EOF) {
    					log.Debug("ztunnel EOF")
    					return nil
    				}
    				return err
    			case err == nil:
    				log.Warn("ztunnel protocol error, unexpected message")
    				return fmt.Errorf("ztunnel protocol error, unexpected message")
    			default:
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Jul 29 16:08:35 UTC 2024
    - 13.2K bytes
    - Viewed (0)
  8. istioctl/pkg/ztunnelconfig/ztunnelconfig_test.go

    			execClientConfig: loggingConfig,
    			args:             strings.Split("log ztunnel-9v7nw --level ztunnel::pool:debug", " "),
    			expectedString:   "",
    			wantException:    false,
    		},
    		{ // set ztunnel logging level
    			execClientConfig: loggingConfig,
    			args:             strings.Split("log ztunnel-9v7nw --level debug", " "),
    			expectedString:   "current log level is debug",
    			wantException:    false,
    		},
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Apr 10 21:51:29 UTC 2024
    - 3.8K bytes
    - Viewed (0)
  9. architecture/tests/integration.md

    - **Purpose**: Tests related to the Ambient mode, including components like `ztunnel`.
    - **Focus**:
      1. Configuration and communication of Ambient components.
      1. Interaction between `ztunnel` and Ambient components.
      1. Validation of zero-trust security policies.
      1. Testing of ambient traffic management.
      1. Specific `istioctl ztunnel-config` commands being tested: `all`, `services`, `workloads`, `policies`, `certificates`.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Oct 09 00:57:44 UTC 2024
    - 5.9K bytes
    - Viewed (0)
  10. istioctl/pkg/ztunnelconfig/ztunnelconfig.go

      istioctl ztunnel-config workload <ztunnel-name[.namespace]> --address 0.0.0.0 -o json
    
      # Retrieve Ztunnel config dump separately and inspect from file.
      kubectl exec -it $ZTUNNEL -n istio-system -- curl localhost:15000/config_dump > ztunnel-config.json
      istioctl ztunnel-config workloads --file ztunnel-config.json
    
      # Retrieve workload summary for a specific namespace
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Oct 09 19:17:45 UTC 2024
    - 22.2K bytes
    - Viewed (0)
Back to top