- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 45 for note (0.13 sec)
-
architecture/ambient/ztunnel.md
Requests for identities not running on the node are rejected. This is critical to ensure that a compromised node does not compromise the entire mesh. This CA enforcement is done by Istio's CA, and is a requirement for any alternative CAs integrating with Ztunnel.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
cni/pkg/nodeagent/server.go
} return client, nil } // createHostsideProbeIpset creates an ipset. This is designed to be called from the host netns. // Note that if the ipset already exist by name, Create will not return an error. // // We will unconditionally flush our set before use here, so it shouldn't matter. func createHostsideProbeIpset(isV6 bool) (ipset.IPSet, error) { linDeps := ipset.RealNlDeps()
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 7.2K bytes - Viewed (0) -
cni/pkg/iptables/iptables.go
// Setup iptables rules for HOST netnamespace. Ideally this should be an idempotent function. // NOTE that this expects to be run from within the HOST network namespace! // // We need to do this specifically to be able to distinguish between traffic coming from different node-level processes // via the nodeIP // - kubelet (node-local healthchecks, which we do not capture)
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue May 07 19:54:50 GMT 2024 - 19.7K bytes - Viewed (0) -
cni/pkg/nodeagent/informers.go
// // If we get to this point and have a pod that really and truly has no IP in either of those, // it's not routable at this point and something is wrong/we should discard this event. podIPs := util.GetPodIPsIfPresent(pod) if len(podIPs) == 0 { log.Warnf("pod %s does not appear to have any assigned IPs, not capturing", pod.Name) return nil } err := s.dataplane.AddPodToMesh(s.ctx, pod, podIPs, "")
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 9.6K bytes - Viewed (0) -
istioctl/pkg/waypoint/waypoint.go
// If they don't, the user will be warned and be presented with the command to label their namespace as ambient if they // choose to do so. // // NOTE: This is a warning and not an error because the user may not intend to label their namespace as ambient. // // e.g. Users are handling ambient redirection per workload rather than at the namespace level. if enrollNamespace {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 19:45:58 GMT 2024 - 15.5K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
# This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes taint: # Controls whether or not the untaint controller is active enabled: false
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.3K bytes - Viewed (0) -
manifests/charts/istio-cni/values.yaml
# deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. deletePods: false # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started.
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 5.2K bytes - Viewed (1) -
cni/pkg/nodeagent/net.go
// 2. Adding the pod's IPs to the hostnetns ipsets for node probe checks // 3. Creating iptables rules inside the pod's netns // 4. Notifying ztunnel via GRPC to create a proxy for the pod // // You may ask why we pass the pod IPs separately from the pod manifest itself (which contains the pod IPs as a field) // - this is because during add specifically, if CNI plugins have not finished executing,
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
cni/pkg/util/podutil.go
// // If 'PodIPs' exists, it is preferred (and should be guaranteed to contain the address in 'PodIP'), // otherwise fallback to 'PodIP'. // // Note that very early in the pod's lifecycle (before all the node CNI plugin invocations finish) // K8S may not have received the pod IPs yet, and may not report the pod as having any. func GetPodIPsIfPresent(pod *corev1.Pod) []netip.Addr { var podIPs []netip.Addr if len(pod.Status.PodIPs) != 0 {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 3.9K bytes - Viewed (0) -
Makefile.core.mk
# disable_pgv: disables protoc-gen-validation. This is not used buts adds many MB to Envoy protos # not set vtprotobuf: this adds some performance improvement, but at a binary cost increase that is not worth it for the agent AGENT_TAGS=agent,disable_pgv # disable_pgv: disables protoc-gen-validation. This is not used buts adds many MB to Envoy protos # vtprotobuf: enables optimized protobuf marshalling.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 20:25:15 GMT 2024 - 22.5K bytes - Viewed (0)