Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 16 for ca (3.46 sec)

  2. github.com/istio/istio

    docker/Dockerfile.base 

    # hadolint ignore=DL3005,DL3008
RUN apt-get update && \
  apt-get install --no-install-recommends -y \
  ca-certificates \
  curl \
  iptables \
  iproute2 \
  iputils-ping \
  knot-dnsutils \
  netcat-openbsd \
  tcpdump \
  conntrack \
  bsdmainutils \
  net-tools \
  lsof \
  sudo \
  && update-ca-certificates \
  && apt-get upgrade -y \
  && apt-get clean \
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Wed May 08 18:50:51 GMT 2024
    - 1000 bytes
    - Viewed (0)
  3. github.com/istio/istio

    architecture/ambient/ztunnel.md 

    When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload.
Critically, the CA must enforce that the ztunnel has permission to request that identity.
Requests for identities not running on the node are rejected.
This is critical to ensure that a compromised node does not compromise the entire mesh.
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Thu Apr 25 22:35:16 GMT 2024
    - 16.6K bytes
    - Viewed (0)
  4. github.com/istio/istio

    istioctl/pkg/writer/envoy/configdump/testdata/secret/output 

    default           Cert Chain     ACTIVE     false          6fbee254c22900615cb1f74e3d2f1713     2023-05-16T01:32:52Z     2023-05-15T01:30:52Z
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Tue Jun 06 15:14:48 GMT 2023
    - 416 bytes
    - Viewed (0)
  5. github.com/istio/istio

    istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/root-cert.pem.golden 

    fake-CA-cert...
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Thu Jun 15 15:02:17 GMT 2023
    - 12 bytes
    - Viewed (0)
  6. github.com/istio/istio

    istioctl/pkg/workload/testdata/vmconfig/ipv6/cluster.env.golden 

    CANONICAL_REVISION='latest'
CANONICAL_SERVICE='foo'
CA_ADDR='istiod-rev-1.istio-system.svc:15012'
CLUSTER_MESH_CONFIG_VALUE='foo'
ISTIO_INBOUND_PORTS='*'
ISTIO_LOCAL_EXCLUDE_PORTS='22,15090,15021,15020'
ISTIO_METAJSON_LABELS='{"service.istio.io/canonical-name":"foo","service.istio.io/canonical-revision":"latest"}'
ISTIO_META_CLUSTER_ID='Kubernetes'
ISTIO_META_DNS_CAPTURE='true'
ISTIO_META_MESH_ID=''
ISTIO_META_NETWORK=''
ISTIO_META_WORKLOAD_NAME='foo'
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Thu Jun 15 15:02:17 GMT 2023
    - 657 bytes
    - Viewed (0)
  7. github.com/istio/istio

    manifests/charts/README.md 

    - Better security: separate Istio components reside in different namespaces, allowing different teams or
roles to manage different parts of Istio. For example, a security team would maintain the
root CA and policy, a telemetry team may only have access to Prometheus,
and a different team may maintain the control plane components (which are highly security sensitive).
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Wed Feb 07 17:53:24 GMT 2024
    - 6.7K bytes
    - Viewed (0)
  8. github.com/istio/istio

    architecture/security/istio-agent.md 

    ![SDS decision flow](docs/sds-flow.svg)

### Default CA Flow through istio-agent

![CA Flow](docs/ca.svg)

A single SDS request from Envoy goes through a few different layers in istio-agent.
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Tue Aug 22 16:45:50 GMT 2023
    - 7.2K bytes
    - Viewed (1)
  9. github.com/istio/istio

    istioctl/pkg/workload/testdata/vmconfig/ipv4/root-cert.pem.golden 

    fake-CA-cert...
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Thu Jun 15 15:02:17 GMT 2023
    - 12 bytes
    - Viewed (0)
  10. github.com/istio/istio

    istioctl/pkg/workload/testdata/vmconfig/ipv6/root-cert.pem.golden 

    fake-CA-cert...
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Thu Jun 15 15:02:17 GMT 2023
    - 12 bytes
    - Viewed (0)
  11. github.com/istio/istio

    common-protos/k8s.io/api/certificates/v1alpha1/generated.proto 

      //
  // The data must consist only of PEM certificate blocks that parse as valid
  // X.509 certificates.  Each certificate must include a basic constraints
  // extension with the CA bit set.  The API server will reject objects that
  // contain duplicate certificates, or that use PEM block headers.
  //
  // Users of ClusterTrustBundles, including Kubelet, are free to reorder and
    Plain Text
    - Registered: Wed May 08 22:53:08 GMT 2024
    - Last Modified: Mon Mar 11 18:43:24 GMT 2024
    - 4.2K bytes
    - Viewed (0)
Back to top