- Sort Score
- Result 10 results
- Languages All
Results 111 - 120 of 196 for mtls (0.04 sec)
-
tests/integration/security/file_mounted_certs/p2p_mtls_test.go
` PeerAuthenticationConfig = ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: "istio-system" spec: mtls: mode: STRICT ` ) func createObject(ctx framework.TestContext, serviceNamespace string, yamlManifest string) { args := map[string]string{"AppNamespace": serviceNamespace} ctx.ConfigIstio().Eval(serviceNamespace, args, yamlManifest).ApplyOrFail(ctx)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2.8K bytes - Viewed (0) -
releasenotes/notes/external-name.yaml
* Because the destination DNS name is treated as opaque, we cannot apply Istio policies to it as expected. For example, if I point an external name at another in-cluster Service (for example, `example.default.svc.cluster.local`), mTLS would not be used. `ExternalName` support has been revamped to fix these problems. `ExternalName`s are now simply treated as aliases.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Oct 27 03:08:29 UTC 2023 - 2.7K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/cert_authenticator.go
}, nil } // authenticateHTTP performs mTLS authentication for http requests. Requires having the endpoints on a listener // with proper TLS configuration. func (cca *ClientCertAuthenticator) authenticateHTTP(req *http.Request) (*security.Caller, error) { if req.TLS == nil || req.TLS.VerifiedChains == nil { return nil, fmt.Errorf("no client certificate is presented") } chains := req.TLS.VerifiedChains
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jul 19 02:12:12 UTC 2022 - 3.1K bytes - Viewed (0) -
security/pkg/nodeagent/util/util.go
// This is typically used to share the certs with non-proxy containers in the pod which does not run as root or 1337. // For example, prometheus server could use proxy provisioned certs to scrape application metrics through mTLS. certFileMode = os.FileMode(0o644) } // Depending on the SDS resource to output, some fields may be nil if privateKey == nil && certChain == nil && rootCert == nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 17 10:33:38 UTC 2023 - 2.9K bytes - Viewed (0) -
docs/lambda/README.md
``` MINIO_LAMBDA_WEBHOOK_ENABLE_function=on MINIO_LAMBDA_WEBHOOK_ENDPOINT_function=http://localhost:5000 MINIO_LAMBDA_WEBHOOK_AUTH_TOKEN="mytoken" minio server /data & ``` ### Lambda Target with mTLS authentication If your lambda target expects mTLS client you can enable it per function target as follows ```
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Tue Apr 04 19:15:28 UTC 2023 - 7.6K bytes - Viewed (0) -
tests/testdata/networking/sidecar-ns-scope/configs.yaml
- hosts: - "./*" --- # Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: istio-config spec: mtls: mode: STRICT --- # Corresponding destination rule to configure client side to use mutual TLS when talking to # any service (host) in the mesh.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jan 04 17:16:38 UTC 2021 - 3.5K bytes - Viewed (0) -
tests/integration/security/util/reachability/context.go
// Allows filtering the destinations we expect to reach (optional). ExpectDestinations func(from echo.Instance, to echo.Target) echo.Instances // Indicates whether the test should expect a MTLS response. ExpectMTLS func(from echo.Instance, opts echo.CallOptions) bool // Indicates whether a test should be run in the multicluster environment.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 23 21:20:43 UTC 2022 - 8.6K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authn/authentication.go
return []authn.MTLSSettings{{ Port: 0, Mode: model.MTLSDisable, }} } // We need to create configuration for the passthrough, // but also any ports that are not explicitly declared in the Service but are in the mTLS port level settings. resp := []authn.MTLSSettings{ // Full passthrough - no port match b.applier.InboundMTLSSettings(0, b.proxy, b.trustDomains, authn.NoOverride), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 4.4K bytes - Viewed (0) -
pilot/pkg/model/credentials/resource.go
KubernetesGatewaySecretType = "kubernetes-gateway" kubernetesGatewaySecretTypeURI = KubernetesGatewaySecretType + "://" // BuiltinGatewaySecretType is the name of a SDS secret that uses the workloads own mTLS certificate BuiltinGatewaySecretType = "builtin" BuiltinGatewaySecretTypeURI = BuiltinGatewaySecretType + "://" // SdsCaSuffix is the suffix of the sds resource name for root CA. SdsCaSuffix = "-cacert" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 28 20:33:15 UTC 2023 - 5.1K bytes - Viewed (0) -
tools/packaging/common/sidecar.env
# ISTIO_NAMESPACE=default # Specify the IP address used in endpoints. If not set, 'hostname --ip-address' will be used. # Needed if the host has multiple IP. # ISTIO_SVC_IP= # If istio-pilot is configured with mTLS authentication (--controlPlaneAuthPolicy MUTUAL_TLS ) you must # also configure the mesh expansion machines: # ISTIO_PILOT_PORT=15005 # ISTIO_CP_AUTH=MUTUAL_TLS
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 31 18:02:42 UTC 2022 - 4.7K bytes - Viewed (0)