- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 35 for signed (0.17 sec)
-
istioctl/pkg/xds/client.go
// TODO: https://github.com/istio/istio/issues/41937 grpc.WithTransportCredentials(credentials.NewTLS( &tls.Config{ // Always skip verifying, because without it we always get "certificate signed by unknown authority". // We don't set the XDSSAN for the same reason. InsecureSkipVerify: true, })), grpc.WithPerRPCCredentials(k8sCreds), }, nil
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Dec 19 22:42:42 GMT 2023 - 3.7K bytes - Viewed (0) -
architecture/security/istio-agent.md
It should be noted there is a circular dependency with mTLS authentication; in order to fetch a certificate we need a certificate. This can be handled in various ways: * `GenerateSecret` may additionally write any signed certificates to disk, with `OUTPUT_CERTS` configured. * Users may have external CA setups that pre-configure certificates. * The CaClient can use JWT token for the initial setup, then switch to mTLS certificates.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Aug 22 16:45:50 GMT 2023 - 7.2K bytes - Viewed (1) -
common-protos/k8s.io/api/certificates/v1beta1/generated.proto
// +listType=atomic optional bytes request = 1; // Requested signer for the request. It is a qualified name in the form: // `scope-hostname.io/name`. // If empty, it will be defaulted: // 1. If it's a kubelet client certificate, it is assigned // "kubernetes.io/kube-apiserver-client-kubelet". // 2. If it's a kubelet serving certificate, it is assigned // "kubernetes.io/kubelet-serving".
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 6.7K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/templates/service.yaml
app: istiod istio: pilot release: {{ .Release.Name }} spec: ports: - port: 15010 name: grpc-xds # plaintext protocol: TCP - port: 15012 name: https-dns # mTLS with k8s-signed cert protocol: TCP - port: 443 name: https-webhook # validation and injection targetPort: 15017 protocol: TCP - port: 15014 name: http-monitoring # prometheus stats
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 18:16:49 GMT 2024 - 1.5K bytes - Viewed (0) -
manifests/charts/istiod-remote/templates/crd-all.gen.yaml
type: object type: object name: description: The name assigned to the filter chain. type: string sni: description: The SNI value used by a filter chain's
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 20:20:47 GMT 2024 - 606.1K bytes - Viewed (0) -
cni/README.md
| HOST_PROBE_SNAT_IPV6 | "fd16:9254:7127:1337:ffff:ffff:ffff:ffff" | IPv6 link local ranges are designed to be collision-resistant by default, and so this probably never needs to be overridden | ## Sidecar Mode Implementation Details
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 12.3K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.3K bytes - Viewed (0) -
operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz
{{ .Values.ownerName | default "unknown" }} operator.istio.io/component: "Pilot" app: istiod istio: pilot release: {{ .Release.Name }} spec: ports: - port: 15010 name: grpc-xds # plaintext protocol: TCP - port: 15012 name: https-dns # mTLS with k8s-signed cert protocol: TCP - port: 443 name: https-webhook # validation and injection targetPort: 15017 protocol: TCP - port: 15014 name: http-monitoring # prometheus stats protocol: TCP selector: app: istiod {{- if ne .Values.revision "" }} istio.io/rev:...
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Jan 10 05:10:03 GMT 2024 - 198.1K bytes - Viewed (1) -
cni/pkg/nodeagent/server.go
if err != nil { return nil, fmt.Errorf("failed creating kube client: %v", err) } return client, nil } // createHostsideProbeIpset creates an ipset. This is designed to be called from the host netns. // Note that if the ipset already exist by name, Create will not return an error. // // We will unconditionally flush our set before use here, so it shouldn't matter.
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 7.2K bytes - Viewed (0) -
cni/pkg/nodeagent/informers.go
// it's not routable at this point and something is wrong/we should discard this event. podIPs := util.GetPodIPsIfPresent(pod) if len(podIPs) == 0 { log.Warnf("pod %s does not appear to have any assigned IPs, not capturing", pod.Name) return nil } err := s.dataplane.AddPodToMesh(s.ctx, pod, podIPs, "") log.Debugf("AddPodToMesh(%s) returned %v", newPod.Name, err) } case controllers.EventDelete:
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Fri May 03 19:29:42 GMT 2024 - 9.6K bytes - Viewed (0)