- Sort Score
- Result 10 results
- Languages All
Results 101 - 110 of 166 for mtls (0.05 sec)
-
tests/integration/security/util/reachability/context.go
// Allows filtering the destinations we expect to reach (optional). ExpectDestinations func(from echo.Instance, to echo.Target) echo.Instances // Indicates whether the test should expect a MTLS response. ExpectMTLS func(from echo.Instance, opts echo.CallOptions) bool // Indicates whether a test should be run in the multicluster environment.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 23 21:20:43 UTC 2022 - 8.6K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authn/authentication.go
return []authn.MTLSSettings{{ Port: 0, Mode: model.MTLSDisable, }} } // We need to create configuration for the passthrough, // but also any ports that are not explicitly declared in the Service but are in the mTLS port level settings. resp := []authn.MTLSSettings{ // Full passthrough - no port match b.applier.InboundMTLSSettings(0, b.proxy, b.trustDomains, authn.NoOverride), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 4.4K bytes - Viewed (0) -
pilot/pkg/model/credentials/resource.go
KubernetesGatewaySecretType = "kubernetes-gateway" kubernetesGatewaySecretTypeURI = KubernetesGatewaySecretType + "://" // BuiltinGatewaySecretType is the name of a SDS secret that uses the workloads own mTLS certificate BuiltinGatewaySecretType = "builtin" BuiltinGatewaySecretTypeURI = BuiltinGatewaySecretType + "://" // SdsCaSuffix is the suffix of the sds resource name for root CA. SdsCaSuffix = "-cacert" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 28 20:33:15 UTC 2023 - 5.1K bytes - Viewed (0) -
tools/packaging/common/sidecar.env
# ISTIO_NAMESPACE=default # Specify the IP address used in endpoints. If not set, 'hostname --ip-address' will be used. # Needed if the host has multiple IP. # ISTIO_SVC_IP= # If istio-pilot is configured with mTLS authentication (--controlPlaneAuthPolicy MUTUAL_TLS ) you must # also configure the mesh expansion machines: # ISTIO_PILOT_PORT=15005 # ISTIO_CP_AUTH=MUTUAL_TLS
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 31 18:02:42 UTC 2022 - 4.7K bytes - Viewed (0) -
security/tools/generate_cert/main.go
keySize = flag.Int("key-size", 2048, "Size of the generated private key") mode = flag.String("mode", selfSignedMode, "Supported mode: self-signed, signer, citadel") // Enable this flag if istio mTLS is enabled and the service is running as server side isServer = flag.Bool("server", false, "Whether this certificate is for a server.")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Apr 28 16:21:30 UTC 2023 - 5.7K bytes - Viewed (0) -
pkg/istio-agent/grpcxds/grpc_bootstrap.go
xdsMeta, err := extractMeta(opts.Node) if err != nil { return nil, fmt.Errorf("failed extracting xds metadata: %v", err) } // TODO direct to CP should use secure channel (most likely JWT + TLS, but possibly allow mTLS) serverURI := opts.DiscoveryAddress if opts.XdsUdsPath != "" { serverURI = fmt.Sprintf("unix:///%s", opts.XdsUdsPath) } bootstrap := Bootstrap{ XDSServers: []XdsServer{{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Mar 30 00:31:03 UTC 2024 - 7.1K bytes - Viewed (0) -
pilot/pkg/trustbundle/trustbundle.go
endpoints []string endpointUpdateChan chan struct{} remoteCaCertPool *x509.CertPool meshConfig mesh.Watcher } var ( trustBundleLog = log.RegisterScope("trustBundle", "Workload mTLS trust bundle logs") remoteTimeout = 10 * time.Second ) // NewTrustBundle returns a new trustbundle func NewTrustBundle(remoteCaCertPool *x509.CertPool, meshConfig mesh.Watcher) *TrustBundle { var err error
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 7.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/egressselector/config.go
allErrs = append(allErrs, field.Invalid( fldPath.Child("tlsConfig", "caBundle"), tlsConfig.CABundle, "TLS config ca bundle does not exist")) } } if tlsConfig.ClientCert == "" { allErrs = append(allErrs, field.Invalid( fldPath.Child("tlsConfig", "clientCert"), "nil", "Using TLS requires clientCert"))
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Jun 29 15:48:39 UTC 2023 - 8.6K bytes - Viewed (0) -
tests/integration/pilot/multiplecontrolplanes/main_test.go
"Namespace": ns, }, `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "usergroup-peerauth" namespace: {{ .Namespace }} spec: mtls: mode: STRICT `).ApplyOrFail(t, apply.NoCleanup) } } func allowExternalService(t framework.TestContext, ns string, externalNs string, revision string) { t.ConfigIstio().Eval(ns, map[string]any{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 16:52:52 UTC 2024 - 9.1K bytes - Viewed (0) -
pkg/test/echo/server/endpoint/grpc.go
grpc.KeepaliveParams(keepalive.ServerParameters{ MaxConnectionIdle: idleTimeout, }), } if s.Port.TLS { epLog.Infof("Listening GRPC (over TLS) on %v", p) // Create the TLS credentials creds, errCreds := credentials.NewServerTLSFromFile(s.TLSCert, s.TLSKey) if errCreds != nil { epLog.Errorf("could not load TLS keys: %s", errCreds) } opts = append(opts, grpc.Creds(creds)) } else if s.Port.XDSServer {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 25 17:30:37 UTC 2023 - 8.7K bytes - Viewed (0)