- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 106 for mtls (0.26 sec)
-
manifests/charts/istio-control/istio-discovery/files/injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
pilot/pkg/security/model/authentication.go
tlsContext.TlsCertificateSdsSecretConfigs = []*tls.SdsSecretConfig{ ConstructSdsSecretConfig(model.GetOrDefault(res.GetResourceName(), SDSDefaultResourceName)), } } // ApplyCustomSDSToClientCommonTLSContext applies the customized sds to CommonTlsContext // Used for building upstream TLS context for egress gateway's TLS/mTLS origination func ApplyCustomSDSToClientCommonTLSContext(tlsContext *tls.CommonTlsContext,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 9.9K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/injection-template.yaml
name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 10 21:01:52 UTC 2024 - 23.8K bytes - Viewed (0) -
pkg/test/framework/components/echo/check/checkers.go
// Non-HTTP traffic. Fail open, we cannot check mTLS. return nil } if isMTLS(r) { return nil } return fmt.Errorf("expected X-Forwarded-Client-Cert but not found: %v", r) }) } func PlaintextForHTTP() echo.Checker { return Each(func(r echoClient.Response) error { if !isHTTPProtocol(r) { // Non-HTTP traffic. Fail open, we cannot check mTLS. return nil } if !isMTLS(r) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Mar 03 16:19:07 UTC 2023 - 17.5K bytes - Viewed (0) -
operator/README.md
##### --set syntax The CLI `--set` option can be used to override settings within the profile. For example, to enable auto mTLS, use `istioctl manifest generate --set values.global.mtls.auto=true --set values.global.controlPlaneSecurityEnabled=true` To override a setting that includes dots, escape them with a backslash (\). Your shell may require enclosing quotes. ``` bash
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Sep 17 08:27:52 UTC 2023 - 17.5K bytes - Viewed (0) -
pkg/security/security.go
OutputKeyCertToDir string // ProvCert is the directory for client to provide the key and certificate to CA server when authenticating // with mTLS. This is not used for workload mTLS communication, and is ProvCert string // ClusterID is the cluster where the agent resides. // Normally initialized from ISTIO_META_CLUSTER_ID - after a tortuous journey it
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
### Inbound Traffic entering a pod over HBONE will be handled by the "inbound" code path, on port 15008. Incoming requests have multiple "layers": TLS wrapping HTTP CONNECT that is wrapping the user's connection. To unwrap the first layer, we terminate TLS. As part of this, we need to pick the correct certificate to serve on behalf of the destination workload. As discussed in [HBONE](#hbone), this is based on the destination IP.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 22:35:16 UTC 2024 - 16.6K bytes - Viewed (0) -
pkg/adsc/adsc.go
} conn, err := grpc.Dial(config.Address, grpcDialOptions...) if err != nil { return nil, err } return conn, nil } func tlsConfig(config *Config) (*tls.Config, error) { var clientCerts []tls.Certificate var serverCABytes []byte var err error getClientCertificate := getClientCertFn(config) // Load the root CAs if config.RootCert != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 05 22:18:49 UTC 2024 - 35K bytes - Viewed (0) -
pilot/pkg/model/service.go
const ( // TLSModeLabelShortname name used for determining endpoint level tls transport socket configuration TLSModeLabelShortname = "tlsMode" // DisabledTLSModeLabel implies that this endpoint should receive traffic as is (mostly plaintext) DisabledTLSModeLabel = "disabled" // IstioMutualTLSModeLabel implies that the endpoint is ready to receive Istio mTLS connections. IstioMutualTLSModeLabel = "istio"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 02:03:58 UTC 2024 - 46.3K bytes - Viewed (0) -
security/pkg/nodeagent/sds/sdsservice.go
}, }, }) secret.Type = &tls.Secret_TlsCertificate{ TlsCertificate: &tls.TlsCertificate{ CertificateChain: &core.DataSource{ Specifier: &core.DataSource_InlineBytes{ InlineBytes: s.CertificateChain, }, }, PrivateKeyProvider: &tls.PrivateKeyProvider{ ProviderName: "cryptomb", ConfigType: &tls.PrivateKeyProvider_TypedConfig{ TypedConfig: msg,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat May 25 00:20:04 UTC 2024 - 10.9K bytes - Viewed (0)