- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 128 for ztunnel (0.38 sec)
-
architecture/ambient/ztunnel.md
This means Ztunnel will have multiple distinct certificates at a time, one for each unique identity (service account) running on its node. When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload. Critically, the CA must enforce that the ztunnel has permission to request that identity.
Plain Text - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Wed Sep 13 02:17:30 GMT 2023 - 16.6K bytes - Viewed (0) -
bin/build_ztunnel.sh
fi ZTUNNEL_REPO_SHA="${ZTUNNEL_REPO_SHA:-$(grep ZTUNNEL_REPO_SHA istio.deps -A 4 | grep lastStableSHA | cut -f 4 -d '"')}" ISTIO_ZTUNNEL_VERSION="${ISTIO_ZTUNNEL_VERSION:-${ZTUNNEL_REPO_SHA}}" ISTIO_ZTUNNEL_RELEASE_URL="${ISTIO_ZTUNNEL_RELEASE_URL:-${ISTIO_ZTUNNEL_BASE_URL}/ztunnel-${ISTIO_ZTUNNEL_VERSION}-${TARGET_ARCH}}" ISTIO_ZTUNNEL_LINUX_RELEASE_NAME="${ISTIO_ZTUNNEL_LINUX_RELEASE_NAME:-ztunnel-${ISTIO_ZTUNNEL_VERSION}}"
Shell Script - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Tue Apr 02 21:46:06 GMT 2024 - 5K bytes - Viewed (0) -
bin/update_ztunnel.sh
result="$(cd "${dir}" && git rev-parse HEAD)" rm -rf "${dir}" echo "${result}" }
Shell Script - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Tue Apr 11 17:50:01 GMT 2023 - 1.1K bytes - Viewed (0) -
architecture/ambient/peer-authentication.md
```mermaid graph TD; src[src pod]-->|plaintext port|ztunnel{"ztunnel (L4 policy applied here)"} ztunnel{ztunnel}-->|TLS|wp{waypoint} wp-->|mTLS|ztunnel ztunnel-->|plaintext|dst[dst pod] ``` And here's an example of an authenticated request to a captured destination: ```mermaid graph TD; src[src pod]-->|15008|ztunnel{ztunnel} ztunnel-->|HBONE|dwp{"destination waypoint (all policy applied here)"}
Plain Text - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Wed Aug 09 22:09:18 GMT 2023 - 3.9K bytes - Viewed (0) -
manifests/charts/gateways/istio-egress/files/profile-ambient.yaml
# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true
Others - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
istioctl/pkg/ztunnelconfig/ztunnelconfig.go
istioctl ztunnel-config workload <ztunnel-name[.namespace]> --address 0.0.0.0 -o json # Retrieve Ztunnel config dump separately and inspect from file. kubectl exec -it $ZTUNNEL -n istio-system -- curl localhost:15000/config_dump > ztunnel-config.json istioctl ztunnel-config workloads --file ztunnel-config.json # Retrieve workload summary for a specific namespace
Go - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Mon Apr 22 15:39:28 GMT 2024 - 22.2K bytes - Viewed (0) -
manifests/charts/istio-operator/files/profile-ambient.yaml
PILOT_ENABLE_AMBIENT_CONTROLLERS: "true" cni: logLevel: info ambient: enabled: true # Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni excludeNamespaces:
Others - Registered: Wed Mar 20 22:53:08 GMT 2024 - Last Modified: Wed Feb 28 17:29:38 GMT 2024 - 758 bytes - Viewed (0) -
manifests/charts/ztunnel/README.md
# Istio Ztunnel Helm Chart This chart installs an Istio ztunnel. ## Setup Repo Info ```console helm repo add istio https://istio-release.storage.googleapis.com/charts helm repo update ``` _See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ ## Installing the Chart To install the chart: ```console helm install ztunnel istio/ztunnel ``` ## Uninstalling the Chart
Plain Text - Registered: Wed Mar 20 22:53:08 GMT 2024 - Last Modified: Wed Jan 10 05:10:03 GMT 2024 - 1.3K bytes - Viewed (0) -
manifests/charts/ztunnel/templates/daemonset.yaml
audience: istio-ca - name: istiod-ca-cert configMap: name: istio-ca-root-cert - name: cni-ztunnel-sock-dir hostPath: path: /var/run/ztunnel type: DirectoryOrCreate # ideally this would be a socket, but ztunnel may not have started yet. {{- with .Values.volumes }} {{- toYaml . | nindent 6}}
Others - Registered: Wed Mar 20 22:53:08 GMT 2024 - Last Modified: Fri Jan 26 20:34:28 GMT 2024 - 5K bytes - Viewed (0) -
cni/README.md
Broadly, `istio-cni` accomplishes ambient redirection by instructing ztunnel to set up sockets within the application pod network namespace, where: - one end of the socket is in the application pod - and the other end is in ztunnel's pod and setting up iptables rules to funnel traffic thru that socket "tube" to ztunnel and back.
Plain Text - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Wed Feb 28 17:29:38 GMT 2024 - 12.1K bytes - Viewed (0)