- Sort Score
- Result 10 results
- Languages All
Results 51 - 60 of 97 for mtls (0.05 sec)
-
tests/integration/security/file_mounted_certs/main_test.go
"workload-certs": {"secret": {"secretName":"` + ServerSecretName + `"}} } ` // workload-certs are needed in order to load the "default" SDS resource, which // will be used for the xds-grpc mTLS (tls_certificate_sds_secret_configs.name == "default") sidecarVolumeMounts := ` { "server-certs": { "mountPath": "/server-certs" }, "client-certs": { "mountPath": "/client-certs" },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 13.4K bytes - Viewed (0) -
tests/integration/security/filebased_tls_origination/egress_gateway_origination_test.go
// only use Simple TLS as it doesn't verify client side cert // TODO: mechanism to enforce mutual TLS(client cert) validation by the server // 1. Mutual TLS origination from egress gateway to https endpoint: // internalClient ) ---HTTP request (Host: some-external-site.com----> Hits listener 0.0.0.0_80 -> // VS Routing (add Egress Header) --> Egress Gateway(originates mTLS with client certs)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
pilot/pkg/security/model/authentication_test.go
}, }, }, }, }, }, }, }, }, }, }, { name: "MTLS using SDS with custom certs in metadata", node: &model.Proxy{ Metadata: &model.NodeMetadata{ TLSServerCertChain: "serverCertChain", TLSServerKey: "serverKey",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 20 22:39:21 UTC 2024 - 18.9K bytes - Viewed (0) -
pilot/pkg/networking/core/networkfilter.go
} // buildMongoFilter builds an outbound Envoy MongoProxy filter. func buildMongoFilter(statPrefix string) *listener.Filter { // TODO: add a watcher for /var/lib/istio/mongo/certs // if certs are found use, TLS or mTLS clusters for talking to MongoDB. // User is responsible for mounting those certs in the pod. mongoProxy := &mongo.MongoProxy{ StatPrefix: statPrefix, // mongo stats are prefixed with mongo.<statPrefix> by Envoy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 13.7K bytes - Viewed (0) -
pkg/kubeapiserver/authenticator/config.go
BootstrapTokenAuthenticator authenticator.Token // ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If this value is nil, then mutual TLS is disabled. ClientCAContentProvider dynamiccertificates.CAContentProvider // Optional field, custom dial function used to connect to webhook
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 19:29:33 UTC 2024 - 15.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go
// clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string `json:"clientKey,omitempty"` // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 17:59:05 UTC 2024 - 25.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go
// clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string `json:"clientKey,omitempty"` // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 17:59:05 UTC 2024 - 26.6K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/values.yaml
multiCluster: # Set to true to connect two kubernetes clusters via their respective # ingressgateway services when pods in each cluster cannot directly # talk to one another. All clusters should be using Istio mTLS and must # have a shared root CA for this model to work. enabled: false # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 13K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder.go
return nil } return durationpb.New(t) } // TODO: This code is still insufficient. Ideally we should be parsing all the virtual services // with TLS blocks and build the appropriate filter chain matches and routes here. And then finally // evaluate the left over unmatched TLS traffic using allow_any or registry_only. // See https://github.com/istio/istio/issues/21170
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 17.9K bytes - Viewed (0) -
pkg/workloadapi/workload.proto
oneof destination { // TODO: add support for hostname lookup NamespacedHostname hostname = 1; NetworkAddress address = 2; } // port to reach the gateway at for mTLS HBONE connections uint32 hbone_mtls_port = 3; reserved "hbone_single_tls_port"; reserved 4; } // NetworkAddress represents an address bound to a specific network. message NetworkAddress {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 18:02:35 UTC 2024 - 12.9K bytes - Viewed (0)