- Sort Score
- Result 10 results
- Languages All
Results 91 - 100 of 196 for mtls (0.05 sec)
-
manifests/charts/istio-control/istio-discovery/templates/service.yaml
app: istiod istio: pilot release: {{ .Release.Name }} spec: ports: - port: 15010 name: grpc-xds # plaintext protocol: TCP - port: 15012 name: https-dns # mTLS with k8s-signed cert protocol: TCP - port: 443 name: https-webhook # validation and injection targetPort: 15017 protocol: TCP - port: 15014 name: http-monitoring # prometheus stats
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 1.5K bytes - Viewed (0) -
releasenotes/notes/ssh-iptables.yaml
apiVersion: release-notes/v2 kind: bug-fix area: traffic-management issue: - 35733 releaseNotes: - | **Fixed** an issue causing mTLS errors for traffic on port 22, by including port 22 in iptables by default. upgradeNotes: - title: Port 22 iptables capture changes content: | In previous versions, port 22 was excluded from iptables capture. This mitigates risk of getting locked out of a VM
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Dec 06 15:15:39 UTC 2021 - 1K bytes - Viewed (0) -
releasenotes/notes/fips.yaml
curves to `P-256`. These restrictions apply on the following data paths: * mTLS communication between Envoy proxies; * regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway); * Google gRPC side requests from Envoy proxies (e.g. Stackdriver extensions); * Istiod xDS server; * Istiod injection and validation webhook servers.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 1.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go
CacheTTL time.Duration // CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If this is nil, then mTLS will not be used. ClientCertificateCAContentProvider dynamiccertificates.CAContentProvider APIAudiences authenticator.Audiences
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 29 07:49:14 UTC 2021 - 5.1K bytes - Viewed (0) -
tests/testdata/networking/envoyfilter-without-service/configs.yaml
# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-config spec: mtls: mode: STRICT --- # Corresponding destination rule to configure client side to use mutual TLS when talking to # any service (host) in the mesh. apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jul 13 16:44:49 UTC 2023 - 1.8K bytes - Viewed (0) -
releasenotes/notes/peer-authn-port-level-pass-through-filter.yaml
supported even if the port number is not defined in a service, a special pass through filter chain will be added to respect the corresponidng per-port-level mTLS specification. Pleae check your PeerAuthentication to make sure you are not using the per-port-level configuration on pass through
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Nov 13 22:43:51 UTC 2020 - 1.2K bytes - Viewed (0) -
pkg/features/security.go
var ( CompliancePolicy = env.Register("COMPLIANCE_POLICY", "", `If set, applies policy-specific restrictions over all existing TLS settings, including in-mesh mTLS and external TLS. Valid values are: * '' or unset places no additional restrictions. * 'fips-140-2' which enforces a version of the TLS protocol and a subset of cipher suites overriding any user preferences or defaults for all runtime
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 1.6K bytes - Viewed (0) -
tests/testdata/networking/sidecar-without-service/configs.yaml
- hosts: - "./*" --- # Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-config spec: mtls: mode: STRICT --- # Corresponding destination rule to configure client side to use mutual TLS when talking to # any service (host) in the mesh.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jan 04 17:16:38 UTC 2021 - 1.9K bytes - Viewed (0) -
releasenotes/notes/protocol-detection-timeout.yaml
releaseNotes: - | **Removed** the protocol detection timeout by default, reducing traffic failures during slow connections. upgradeNotes: - title: Protocol Detection Timeout Changes content: | In order to support permissive mTLS traffic as well as [automatic protocol detection](istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#automatic-protocol-selection),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Oct 21 00:53:45 UTC 2020 - 1.6K bytes - Viewed (0) -
tests/integration/security/external_ca/reachability_test.go
WithDefaultFilters(1, 1). FromMatch(match.ServiceName(from.NamespacedName())). ToMatch(match.ServiceName(to.NamespacedName())). Run(func(t framework.TestContext, from echo.Instance, to echo.Target) { // Verify mTLS works between a and b opts := echo.CallOptions{ To: to, Port: echo.Port{ Name: "http", }, } opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2K bytes - Viewed (0)