- Sort Score
- Result 10 results
- Languages All
Results 1 - 2 of 2 for czas (0.12 sec)
-
architecture/ambient/ztunnel.md
Requests for identities not running on the node are rejected. This is critical to ensure that a compromised node does not compromise the entire mesh. This CA enforcement is done by Istio's CA, and is a requirement for any alternative CAs integrating with Ztunnel. Note: Ztunnel authenticates to the CA with a Kubernetes Service Account JWT token, which encodes the pod information, which is what enables this.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
architecture/security/istio-agent.md
For discovery, the JWT token will be read directly from a file and sent as is. For CA, this logic is a bit more complex, as the support for external CAs is more mature than external discovery servers. This supports some additional configuration, a `CredentialFetcher` which allows fetching a token from places other than a file (for example, a local
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Aug 22 16:45:50 GMT 2023 - 7.2K bytes - Viewed (1)