- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 75 for mTLS (0.03 sec)
-
manifests/charts/istio-control/istio-discovery/files/injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
pilot/pkg/security/model/authentication.go
} } // ApplyCustomSDSToClientCommonTLSContext applies the customized sds to CommonTlsContext // Used for building upstream TLS context for egress gateway's TLS/mTLS origination func ApplyCustomSDSToClientCommonTLSContext(tlsContext *tls.CommonTlsContext, tlsOpts *networking.ClientTLSSettings, credentialSocketExist bool, ) { if tlsOpts.Mode == networking.ClientTLSSettings_MUTUAL {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 9.9K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
pkg/test/framework/components/echo/check/checkers.go
// Non-HTTP traffic. Fail open, we cannot check mTLS. return nil } if isMTLS(r) { return nil } return fmt.Errorf("expected X-Forwarded-Client-Cert but not found: %v", r) }) } func PlaintextForHTTP() echo.Checker { return Each(func(r echoClient.Response) error { if !isHTTPProtocol(r) { // Non-HTTP traffic. Fail open, we cannot check mTLS. return nil } if !isMTLS(r) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Mar 03 16:19:07 UTC 2023 - 17.5K bytes - Viewed (0) -
operator/README.md
##### --set syntax The CLI `--set` option can be used to override settings within the profile. For example, to enable auto mTLS, use `istioctl manifest generate --set values.global.mtls.auto=true --set values.global.controlPlaneSecurityEnabled=true` To override a setting that includes dots, escape them with a backslash (\). Your shell may require enclosing quotes. ``` bash
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Sep 17 08:27:52 UTC 2023 - 17.5K bytes - Viewed (0) -
pkg/security/security.go
OutputKeyCertToDir string // ProvCert is the directory for client to provide the key and certificate to CA server when authenticating // with mTLS. This is not used for workload mTLS communication, and is ProvCert string // ClusterID is the cluster where the agent resides. // Normally initialized from ISTIO_META_CLUSTER_ID - after a tortuous journey it
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
A secondary goal was to enable a smoother on-ramp from "Zero" to "Getting some value". Historically, Istio had to really be consumed all-or-nothing for things to work as expected. In particular, an easy answer to "I just want to have mTLS everywhere, then I can think about adopting the rest of service mesh" was desired. ## Goals Ztunnel should: * **Not break users**. This means that deploying Ztunnel should retain all existing Kubernetes behavior.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 22:35:16 UTC 2024 - 16.6K bytes - Viewed (0) -
pkg/adsc/adsc.go
// IP is currently the primary key used to locate inbound configs. It is sent by client, // must match a known endpoint IP. Tests can use a ServiceEntry to register fake IPs. IP string // CertDir is the directory where mTLS certs are configured. // If CertDir and Secret are empty, an insecure connection will be used. // TODO: implement SecretManager for cert dir CertDir string // Secrets is the interface used for getting keys and rootCA.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 05 22:18:49 UTC 2024 - 35K bytes - Viewed (0) -
pilot/pkg/model/service.go
// DisabledTLSModeLabel implies that this endpoint should receive traffic as is (mostly plaintext) DisabledTLSModeLabel = "disabled" // IstioMutualTLSModeLabel implies that the endpoint is ready to receive Istio mTLS connections. IstioMutualTLSModeLabel = "istio" // IstioCanonicalServiceLabelName is the name of label for the Istio Canonical Service for a workload instance.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 02:03:58 UTC 2024 - 46.3K bytes - Viewed (0) -
security/pkg/nodeagent/sds/sdsservice.go
return ret } // Pre-generate workload certificates to improve startup latency and ensure that for OUTPUT_CERTS // case we always write a certificate. A workload can technically run without any mTLS/CA // configured, in which case this will fail; if it becomes noisy we should disable the entire SDS // server in these cases. go func() {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat May 25 00:20:04 UTC 2024 - 10.9K bytes - Viewed (0)