- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 12 for peerAuthentication (0.18 sec)
-
pilot/pkg/serviceregistry/kube/controller/ambient/workloads.go
func fetchPeerAuthentications( ctx krt.HandlerContext, PeerAuths krt.Collection[*securityclient.PeerAuthentication], meshCfg *MeshConfig, ns string, matchLabels map[string]string, ) []*securityclient.PeerAuthentication { return krt.Fetch(ctx, PeerAuths, krt.FilterGeneric(func(a any) bool { pol := a.(*securityclient.PeerAuthentication) if pol.Namespace == meshCfg.GetRootNamespace() && pol.Spec.Selector == nil { return true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.9K bytes - Viewed (0) -
pilot/pkg/networking/core/peer_authentication_simulation_test.go
"istio.io/istio/pilot/test/xds" ) // TestPeerAuthenticationPassthrough tests the PeerAuthentication policy applies correctly on the passthrough filter chain, // including both global configuration and port level configuration. func TestPeerAuthenticationPassthrough(t *testing.T) { paStrict := ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default spec: selector: matchLabels: app: foo
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
"istio.io/istio/pkg/spiffe" "istio.io/istio/pkg/workloadapi/security" ) func PolicyCollections( AuthzPolicies krt.Collection[*securityclient.AuthorizationPolicy], PeerAuths krt.Collection[*securityclient.PeerAuthentication], MeshConfig krt.Singleton[MeshConfig], Waypoints krt.Collection[Waypoint], Pods krt.Collection[*v1.Pod], ) (krt.Collection[model.WorkloadAuthorization], krt.Collection[model.WorkloadAuthorization]) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/workloads_test.go
builder := a.podWorkloadBuilder( GetMeshConfig(mock), krttest.GetMockCollection[model.WorkloadAuthorization](mock), krttest.GetMockCollection[*securityclient.PeerAuthentication](mock), krttest.GetMockCollection[Waypoint](mock), WorkloadServices, WorkloadServicesNamespaceIndex, krttest.GetMockCollection[*v1.Namespace](mock), krttest.GetMockCollection[*v1.Node](mock),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.3K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder_test.go
}) } return res } const strictMode = ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-system spec: mtls: mode: STRICT ` const disableMode = ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-system spec: mtls: mode: DISABLE `
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 24.7K bytes - Viewed (0) -
pilot/test/xds/fake.go
MeshWatcher: mesh.NewFixedWatcher(m), CRDs: []schema.GroupVersionResource{ // Install all CRDs used (mostly in Ambient) gvr.AuthorizationPolicy, gvr.PeerAuthentication, gvr.KubernetesGateway, gvr.KubernetesGateway, gvr.WorkloadEntry, gvr.ServiceEntry, }, }) stop := test.NewStop(t)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 10 16:08:52 UTC 2024 - 18.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
"Destination": dst.Config().Service, "Source": src.Config().Service, "Namespace": apps.Namespace.Name(), }, ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: global-permissive spec: mtls: mode: PERMISSIVE `).ApplyOrFail(t) opt = opt.DeepCopy() src.CallOrFail(t, opt) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_test.go
nodeType model.NodeType locality *core.Locality mesh *meshconfig.MeshConfig destRule proto.Message sidecar *networking.Sidecar peerAuthn *authn_beta.PeerAuthentication externalService bool meta *model.NodeMetadata istioVersion *model.IstioVersion proxyIps []string } func (c clusterTest) fillDefaults() clusterTest { if c.proxyIps == nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 108.8K bytes - Viewed (0) -
pilot/pkg/networking/core/sidecar_simulation_test.go
for _, m := range meta.Services { res = append(res, m.Host) } return res } func mtlsMode(m string) string { return fmt.Sprintf(`apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-system spec: mtls: mode: %s `, m) } func TestInbound(t *testing.T) { svc := ` apiVersion: networking.istio.io/v1alpha3
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
// First, construct our set of filter chain matchers. For a given port, we will have multiple matches // to handle mTLS vs plaintext and HTTP vs TCP (depending on protocol and PeerAuthentication). var opts []FilterChainMatchOptions mtls := lb.authnBuilder.ForPort(cc.port.TargetPort) // Chain has explicit user TLS config. This can only apply when the TLS mode is DISABLE to avoid conflicts.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0)