- Sort Score
- Result 10 results
- Languages All
Results 81 - 90 of 166 for mtls (0.08 sec)
-
manifests/charts/istio-control/istio-discovery/templates/service.yaml
app: istiod istio: pilot release: {{ .Release.Name }} spec: ports: - port: 15010 name: grpc-xds # plaintext protocol: TCP - port: 15012 name: https-dns # mTLS with k8s-signed cert protocol: TCP - port: 443 name: https-webhook # validation and injection targetPort: 15017 protocol: TCP - port: 15014 name: http-monitoring # prometheus stats
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 1.5K bytes - Viewed (0) -
releasenotes/notes/ssh-iptables.yaml
apiVersion: release-notes/v2 kind: bug-fix area: traffic-management issue: - 35733 releaseNotes: - | **Fixed** an issue causing mTLS errors for traffic on port 22, by including port 22 in iptables by default. upgradeNotes: - title: Port 22 iptables capture changes content: | In previous versions, port 22 was excluded from iptables capture. This mitigates risk of getting locked out of a VM
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Dec 06 15:15:39 UTC 2021 - 1K bytes - Viewed (0) -
releasenotes/notes/fips.yaml
curves to `P-256`. These restrictions apply on the following data paths: * mTLS communication between Envoy proxies; * regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway); * Google gRPC side requests from Envoy proxies (e.g. Stackdriver extensions); * Istiod xDS server; * Istiod injection and validation webhook servers.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 1.2K bytes - Viewed (0) -
tests/testdata/networking/envoyfilter-without-service/configs.yaml
# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-config spec: mtls: mode: STRICT --- # Corresponding destination rule to configure client side to use mutual TLS when talking to # any service (host) in the mesh. apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jul 13 16:44:49 UTC 2023 - 1.8K bytes - Viewed (0) -
pkg/features/security.go
var ( CompliancePolicy = env.Register("COMPLIANCE_POLICY", "", `If set, applies policy-specific restrictions over all existing TLS settings, including in-mesh mTLS and external TLS. Valid values are: * '' or unset places no additional restrictions. * 'fips-140-2' which enforces a version of the TLS protocol and a subset of cipher suites overriding any user preferences or defaults for all runtime
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 1.6K bytes - Viewed (0) -
tests/integration/security/external_ca/reachability_test.go
WithDefaultFilters(1, 1). FromMatch(match.ServiceName(from.NamespacedName())). ToMatch(match.ServiceName(to.NamespacedName())). Run(func(t framework.TestContext, from echo.Instance, to echo.Target) { // Verify mTLS works between a and b opts := echo.CallOptions{ To: to, Port: echo.Port{ Name: "http", }, } opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2K bytes - Viewed (0) -
tests/integration/security/filebased_tls_origination/destination_rule_tls_test.go
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: db-mtls spec: exportTo: ["."] host: server trafficPolicy: tls: mode: MUTUAL clientCertificate: /etc/certs/custom/cert-chain.pem privateKey: /etc/certs/custom/key.pem caCertificates: /etc/certs/custom/root-cert.pem sni: server `).ApplyOrFail(t)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2.1K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/gateway-injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod volumes: - emptyDir: {}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 8.7K bytes - Viewed (0) -
pkg/hbone/README.md
}, TLS: nil, // TLS is strongly recommended in real world }) client, _ := d.Dial("tcp", testAddr) client.Write([]byte("hello world")) ``` ### Server #### Server CLI A CLI client is available using the `server` binary. Usage examples: ```shell go install ./pkg/test/echo/cmd/server # Serve on port 15008 (default) with TLS
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jul 11 16:27:16 UTC 2022 - 1.6K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/gateway-injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod volumes: - emptyDir: {}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 8.7K bytes - Viewed (0)