- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 28 for mtls (0.31 sec)
-
pilot/pkg/networking/core/peer_authentication_simulation_test.go
{ Name: "mtls on port 8000", Call: mkCall(8000, simulation.MTLS), Result: simulation.Result{ClusterMatched: "inbound|8000||"}, }, { Name: "plaintext port 9000", Call: mkCall(9000, simulation.Plaintext), Result: simulation.Result{ClusterMatched: "InboundPassthroughCluster"}, }, { Name: "mtls port 9000", Call: mkCall(9000, simulation.MTLS),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/networking/core/sidecar_simulation_test.go
}, Strict: simulation.Result{ // TLS, but not mTLS Error: simulation.ErrMTLSError, }, }, { Name: "mtls to http", Call: simulation.Call{ Port: 80, Protocol: simulation.HTTP, TLS: simulation.MTLS, CallMode: simulation.CallModeInbound, }, Disabled: simulation.Result{ // TLS is not terminated, so we will attempt to decode as HTTP and fail
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
// to handle mTLS vs plaintext and HTTP vs TCP (depending on protocol and PeerAuthentication). var opts []FilterChainMatchOptions mtls := lb.authnBuilder.ForPort(cc.port.TargetPort) // Chain has explicit user TLS config. This can only apply when the TLS mode is DISABLE to avoid conflicts. if cc.tlsSettings != nil && mtls.Mode == model.MTLSDisable {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/simulation/traffic.go
} // For simplicity, set SNI automatically for TLS traffic. if c.Sni == "" && (c.TLS == TLS) { c.Sni = c.HostHeader } if c.Path == "" { c.Path = "/" } if c.TLS == "" { c.TLS = Plaintext } if c.Address == "" { // pick a random address, assumption is the test does not care c.Address = "1.3.3.7" } if c.TLS == MTLS && c.Alpn == "" { c.Alpn = protocolToMTLSAlpn(c.Protocol)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
pkg/config/constants/constants.go
// CertChainFilename is mTLS chain file CertChainFilename = "cert-chain.pem" // KeyFilename is mTLS private key KeyFilename = "key.pem" // RootCertFilename is mTLS root cert RootCertFilename = "root-cert.pem" // ConfigPathDir config directory for storing envoy json config files. ConfigPathDir = "./etc/istio/proxy"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 10K bytes - Viewed (0) -
tests/integration/telemetry/api/dashboard_test.go
"$service", ".*", "$srcns", ".*", "$srcwl", ".*", "$namespace", ".*", "$workload", ".*", "$dstsvc", ".*", "$adapter", ".*", "$qrep", "destination", // Just allow all mTLS settings rather than trying to send mtls and plaintext `connection_security_policy="unknown"`, `connection_security_policy=~".*"`, `connection_security_policy="mutual_tls"`, `connection_security_policy=~".*"`,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 20:46:28 UTC 2024 - 11.4K bytes - Viewed (0) -
pilot/pkg/networking/core/listenertest/match.go
} type FilterChainType string const ( PlainTCP FilterChainType = "plaintext TCP" PlainHTTP FilterChainType = "plaintext HTTP" StandardTLS FilterChainType = "TLS" MTLSTCP FilterChainType = "mTLS TCP" MTLSHTTP FilterChainType = "mTLS HTTP" Unknown FilterChainType = "unknown" ) func classifyFilterChain(have *listener.FilterChain) FilterChainType { fcm := have.GetFilterChainMatch()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 6.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
kind: PeerAuthentication metadata: name: global-strict spec: mtls: mode: STRICT `).ApplyOrFail(t) opt = opt.DeepCopy() if !src.Config().HasProxyCapabilities() && dst.Config().HasProxyCapabilities() { // Expect deny if the dest is in the mesh (enforcing mTLS) but src is not (not sending mTLS) opt.Check = CheckDeny } src.CallOrFail(t, opt) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pkg/config/analysis/analyzers/analyzers_test.go
expected: []message{ {msg.NoServerCertificateVerificationDestinationLevel, "DestinationRule db-mtls"}, {msg.NoServerCertificateVerificationPortLevel, "DestinationRule db-mtls"}, }, }, { name: "destinationrule with no cacert, simple at destinationlevel and mutual at port level", inputFiles: []string{ "testdata/destinationrule-compound-mutual-simple.yaml", },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 07:22:31 UTC 2024 - 42.6K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
else echo "ERROR: Some of ETCD_APISERVER_CA_KEY, ETCD_APISERVER_CA_CERT, ETCD_APISERVER_SERVER_KEY, ETCD_APISERVER_SERVER_CERT, ETCD_APISERVER_CLIENT_KEY and ETCD_APISERVER_CLIENT_CERT are missing, mTLS between etcd server and kube-apiserver cannot be enabled. Please provide all mTLS credential." exit 1 fi
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0)