- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 53 for peerAuthentication (0.22 sec)
-
pkg/test/datasets/validation/dataset/security-v1-PeerAuthentication.yaml
apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: valid-peer-authentication spec: selector: matchLabels: app: httpbin version: v1 mtls: mode: PERMISSIVE portLevelMtls: 8080:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 01 14:30:12 UTC 2024 - 249 bytes - Viewed (0) -
pilot/pkg/model/authentication.go
MTLSPermissive // MTLSStrict if authentication policy enable mTLS in strict mode. MTLSStrict ) // In Ambient, we convert k8s PeerAuthentication resources to the same type as AuthorizationPolicies // To prevent conflicts in xDS, we add this prefix to the converted PeerAuthentication resources. const convertedPeerAuthenticationPrefix = "converted_peer_authentication_" // use '_' character since those are illegal in k8s names
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 10.1K bytes - Viewed (0) -
pilot/pkg/model/authentication_test.go
}, }, wantPeerAuthn: []*config.Config{ { Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication, CreationTimestamp: baseTimestamp, Name: "default", Namespace: "foo", }, Spec: &securityBeta.PeerAuthentication{ Mtls: &securityBeta.PeerAuthentication_MutualTLS{ Mode: securityBeta.PeerAuthentication_MutualTLS_STRICT, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 45.1K bytes - Viewed (0) -
tests/integration/security/pass_through_filter_chain_test.go
// the workload ports are working correctly. { name: "DISABLE", config: `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls spec: mtls: mode: DISABLE`, expected: []expect{ { port: ports.TCPWorkloadOnly, plaintextSucceeds: true,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
pkg/config/schema/collections/collections.agent.gen.go
ValidateProto: validation.EmptyValidate, }.MustBuild() PeerAuthentication = resource.Builder{ Identifier: "PeerAuthentication", Group: "security.istio.io", Kind: "PeerAuthentication", Plural: "peerauthentications", Version: "v1beta1", VersionAliases: []string{ "v1", }, Proto: "istio.security.v1beta1.PeerAuthentication", StatusProto: "istio.meta.v1alpha1.IstioStatus",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 14:44:17 UTC 2024 - 12.9K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex_test.go
Kind: kind.PeerAuthentication, Name: selectorPolicyName, Namespace: "ns1", }))}) // Add global selector policy; nothing should happen since PeerAuthentication doesn't support global mesh wide selectors s.addPolicy(t, "global-selector", systemNS, map[string]string{"app": "a"}, gvk.PeerAuthentication, func(c controllers.Object) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 01:04:50 UTC 2024 - 70.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
// [static STRICT policy, port-level STRICT policy] based on the effective PeerAuthentication policy func convertedSelectorPeerAuthentications(rootNamespace string, configs []*securityclient.PeerAuthentication) []string { var meshCfg, namespaceCfg, workloadCfg *securityclient.PeerAuthentication for _, cfg := range configs { spec := &cfg.Spec if spec.Selector == nil || len(spec.Selector.MatchLabels) == 0 {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0) -
pkg/config/schema/kubetypes/resources.gen.go
case *k8sioapicorev1.Namespace: return gvk.Namespace, true case *k8sioapicorev1.Node: return gvk.Node, true case *istioioapisecurityv1beta1.PeerAuthentication: return gvk.PeerAuthentication, true case *apiistioioapisecurityv1beta1.PeerAuthentication: return gvk.PeerAuthentication, true case *k8sioapicorev1.Pod: return gvk.Pod, true case *istioioapinetworkingv1beta1.ProxyConfig: return gvk.ProxyConfig, true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 16:38:40 UTC 2024 - 6.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/workloads.go
func fetchPeerAuthentications( ctx krt.HandlerContext, PeerAuths krt.Collection[*securityclient.PeerAuthentication], meshCfg *MeshConfig, ns string, matchLabels map[string]string, ) []*securityclient.PeerAuthentication { return krt.Fetch(ctx, PeerAuths, krt.FilterGeneric(func(a any) bool { pol := a.(*securityclient.PeerAuthentication) if pol.Namespace == meshCfg.GetRootNamespace() && pol.Spec.Selector == nil { return true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.9K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/ep_filters_test.go
IsMtlsDisabled bool SubsetName string }{ gvk.PeerAuthentication.String(): { "mtls-off-ineffective": { Config: config.Config{ Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication, Name: "mtls-partial", Namespace: "istio-system", }, Spec: &security.PeerAuthentication{ Selector: &v1beta1.WorkloadSelector{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 01:17:58 UTC 2024 - 26.8K bytes - Viewed (0)