- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 166 for mtls (0.05 sec)
-
architecture/security/istio-agent.md
1. The `caClient` will be configured to use either JWT or mTLS authentication. For JWT authentication, gRPC's `PerRPCCredentials` is configured with a `TokenProvider` which handles the logic of adding the proper JWT to each request. mTLS is configured by a tls.Config that points to files on disk. It should be noted there is a circular dependency with mTLS authentication; in order to fetch a certificate we need
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 22 16:45:50 UTC 2023 - 7.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: strict-mtls spec: mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 125 bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
// It may return nil, if no authentication is needed. AuthNFilter(forSidecar bool) *hcm.HttpFilter // PortLevelSetting returns port level mTLS settings. PortLevelSetting() map[uint32]model.MutualTLSMode MtlsPolicy } type MtlsPolicy interface { // GetMutualTLSModeForPort gets the mTLS mode for the given port. If there is no port level setting, it // returns the inherited namespace/mesh level setting.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-workload-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: strict-mtls spec: selector: matchLabels: app: a mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 166 bytes - Viewed (0) -
tests/integration/security/sds_ingress/quic/ingress_test.go
ingressutil.RunTestMultiQUICGateways(t, inst, ingressutil.TLS, namespace.Future(&echo1NS)) }) }) } // TestMtlsGatewaysWithQUIC deploys multiple mTLS gateways with SDS enabled, and creates kubernetes that store // private key, server certificate and CA certificate for each mTLS gateway. Verifies that client can communicate // by using both QUIC and TCP/mTLS func TestMtlsGatewaysWithQUIC(t *testing.T) { // nolint: staticcheck
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.6K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
// Compliance for downstream mesh mTLS. authn_model.EnforceCompliance(ctx.CommonTlsContext) return ctx } // GetMinTLSVersion returns the minimum TLS version for workloads based on the mesh config. func GetMinTLSVersion(ver meshconfig.MeshConfig_TLSConfig_TLSProtocol) tls.TlsParameters_TlsProtocol { switch ver { case meshconfig.MeshConfig_TLSConfig_TLSV1_3: return tls.TlsParameters_TLSv1_3 default:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
releasenotes/notes/35111.yaml
apiVersion: release-notes/v2 kind: feature area: security issue: - https://github.com/istio/istio/issues/35111 releaseNotes: - | **Added** TLS settings to the sidecar API in order to enable TLS/mTLS termination on the sidecar proxy for requests coming from outside the mesh. docs: - https://docs.google.com/document/d/15Qhr7errbylXEzxxCK7ij_oUpn4E5SFU2uDdl_n2GIc/edit#heading=h.h3lxcxfhqndp securityNotes: - |
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jan 14 00:19:57 UTC 2022 - 580 bytes - Viewed (0) -
tests/integration/pilot/grpc_probe_test.go
} ns := namespace.NewOrFail(t, t, namespace.Config{Prefix: "grpc-probe", Inject: true}) // apply strict mtls t.ConfigKube(t.Clusters().Configs()...).YAML(ns.Name(), ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: grpc-probe-mtls spec: mtls: mode: STRICT`).ApplyOrFail(t) for _, testCase := range []struct { name string rewrite bool
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.8K bytes - Viewed (0) -
tests/integration/security/mtls_healthcheck_test.go
) { ctx.Helper() wantSuccess := rewrite policyYAML := fmt.Sprintf(`apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "mtls-strict-for-%v" spec: selector: matchLabels: app: "%v" mtls: mode: STRICT `, name, name) ctx.ConfigIstio().YAML(ns.Name(), policyYAML).ApplyOrFail(ctx) var healthcheck echo.Instance cfg := echo.Config{ Namespace: ns,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.9K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/secure_naming_test.go
// - The certificate issued by CA to the sidecar is as expected and that strict mTLS works as expected. // - The plugin CA certs are correctly used in workload mTLS. // - The CA certificate in the configmap of each namespace is as expected, which // // is used for data plane to control plane TLS authentication. // // - Secure naming information is respected in the mTLS handshake. func TestSecureNaming(t *testing.T) { framework.NewTest(t).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 7.5K bytes - Viewed (0)