- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 14 for task (8.93 sec)
-
architecture/ambient/ztunnel.md
## Redirection As ztunnel aims to transparently encrypt and route users traffic, we need a mechanism to capture all traffic entering and leaving "mesh" pods. This is a security critical task: if the ztunnel can be bypassed, authorization policies can be bypassed. Redirection must meet these requirements: * All traffic *egressing* a pod in the mesh should be redirected to the node-local ztunnel on port 15001.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
# Redirect only selected ports: --includeInboundPorts="80,8080" excludeInboundPorts: "" includeInboundPorts: "*" # istio egress capture allowlist # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" # would only capture egress traffic on those two IP Ranges, all other outbound traffic would
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.3K bytes - Viewed (0) -
operator/README.md
- [readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) - [replica count](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) - [HorizontalPodAutoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sun Sep 17 08:27:52 GMT 2023 - 17.5K bytes - Viewed (0) -
cni/pkg/nodeagent/net.go
// 2. Adding the pod's IPs to the hostnetns ipsets for node probe checks // 3. Creating iptables rules inside the pod's netns // 4. Notifying ztunnel via GRPC to create a proxy for the pod // // You may ask why we pass the pod IPs separately from the pod manifest itself (which contains the pod IPs as a field) // - this is because during add specifically, if CNI plugins have not finished executing,
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
istioctl/pkg/validate/validate.go
if err := checkFields(un); err != nil { return nil, err } // IstioOperator isn't part of pkg/config/schema/collections, // usual conversion not available. Convert unstructured to string // and ask operator code to check. un.SetCreationTimestamp(metav1.Time{}) // UnmarshalIstioOperator chokes on these by := util.ToYAML(un) iop, err := operatoristio.UnmarshalIstioOperator(by, false) if err != nil {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Jan 22 17:58:52 GMT 2024 - 15K bytes - Viewed (0) -
common/scripts/kind_provisioner.sh
# KinD cluster like its name, pod and service subnets and network_id. If two cluster # have the same network_id then they belong to the same network and their pods can # talk to each other directly. # # [{ "cluster_name": "cluster1","pod_subnet": "10.10.0.0/16","svc_subnet": "10.255.10.0/24","network_id": "0" },
Shell Script - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 08 19:12:55 GMT 2024 - 17.3K bytes - Viewed (1) -
Makefile.core.mk
.PHONY: test # This target sets JUNIT_REPORT to the location of the go-junit-report binary. # This binary is provided in the build container. If it is not found, the build # container is not being used, so ask the user to install go-junit-report. JUNIT_REPORT := $(shell which go-junit-report 2> /dev/null || echo "${ISTIO_BIN}/go-junit-report") ${ISTIO_BIN}/go-junit-report:
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed May 08 20:25:15 GMT 2024 - 22.5K bytes - Viewed (0) -
manifests/charts/istiod-remote/values.yaml
# Redirect only selected ports: --includeInboundPorts="80,8080" excludeInboundPorts: "" includeInboundPorts: "*" # istio egress capture allowlist # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" # would only capture egress traffic on those two IP Ranges, all other outbound traffic would
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 22:00:40 GMT 2024 - 20.2K bytes - Viewed (0) -
architecture/environments/operator.md
readinessProbe | [readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) replicaCount | [replica count](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) hpaSpec | [HorizontalPodAutoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Aug 09 22:09:18 GMT 2023 - 13.4K bytes - Viewed (0) -
manifests/charts/gateways/istio-egress/values.yaml
# rules should be exported to. Currently only one value can be provided in this list. This value # should be one of the following two options: # * implies these objects are visible to all namespaces, enabling any sidecar to talk to any other sidecar. # . implies these objects are visible to only to sidecars in the same namespace, or if imported as a Sidecar.egress.host defaultConfigVisibilitySettings: []
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Feb 27 16:55:16 GMT 2024 - 12.4K bytes - Viewed (0)