- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 272 for mtls (0.06 sec)
-
pilot/pkg/networking/core/peer_authentication_simulation_test.go
{ Name: "mtls on port 8000", Call: mkCall(8000, simulation.MTLS), Result: simulation.Result{ClusterMatched: "inbound|8000||"}, }, { Name: "plaintext port 9000", Call: mkCall(9000, simulation.Plaintext), Result: simulation.Result{ClusterMatched: "InboundPassthroughCluster"}, }, { Name: "mtls port 9000", Call: mkCall(9000, simulation.MTLS),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/xds/sds_test.go
Cert string CaCert string CaCrl string } allResources := []string{ "kubernetes://generic", "kubernetes://generic-mtls", "kubernetes://generic-mtls-cacert", "kubernetes://generic-mtls-split", "kubernetes://generic-mtls-split-cacert", "kubernetes://generic-mtls-crl", "kubernetes://generic-mtls-crl-cacert", } cases := []struct { name string proxy *model.Proxy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 13 20:55:20 UTC 2024 - 17.7K bytes - Viewed (0) -
tests/integration/security/sds_ingress/ingress_test.go
} // TestSingleMTLSGateway_ServerKeyCertRotation tests a single mTLS ingress gateway with SDS enabled. // Verifies behavior in these scenarios. // (1) create two kubernetes secrets to provision server key/cert and client CA cert, and // verify that mTLS connection could establish to deliver HTTPS request. // (2) replace kubernetes secret to rotate server key/cert, and verify that mTLS connection could
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 32.7K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/testdata/tls.yaml.golden
internal.istio.io/parents: Gateway/gateway/terminate-mtls.istio-system creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-terminate-mtls namespace: istio-system spec: servers: - hosts: - '*/other.example' port: name: default number: 34000 protocol: HTTPS tls: credentialName: kubernetes-gateway://istio-system/my-cert-http
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Mar 01 20:54:36 UTC 2024 - 4K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/ep_filters_test.go
Mtls: &security.PeerAuthentication_MutualTLS{Mode: security.PeerAuthentication_MutualTLS_STRICT}, }, }, IsMtlsDisabled: false, }, "mtls-off-global": { Config: config.Config{ Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication, Name: "mtls-off", Namespace: "istio-system", }, Spec: &security.PeerAuthentication{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 01:17:58 UTC 2024 - 26.8K bytes - Viewed (0) -
architecture/ambient/peer-authentication.md
the effective policy is `PERMISSIVE` (the default), the ztunnel will open a vanilla TLS HBONE tunnel (NOTE: this is not mTLS) to the Waypoint proxy and forward the traffic over that connection without presenting a client certificate. Therefore, it is absolutely critical that the waypoint proxy not assume any identity from incoming connections, even if the ztunnel is hairpinning. In other words, all traffic over TLS HBONE tunnels must be considered to be untrusted. From there, traffic is returned to...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Aug 09 22:09:18 UTC 2023 - 3.9K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: disable-mtls spec: mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 127 bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
}) } return res } func isMtlsModeUnset(mtls *v1beta1.PeerAuthentication_MutualTLS) bool { return mtls == nil || mtls.Mode == v1beta1.PeerAuthentication_MutualTLS_UNSET } func isMtlsModeStrict(mtls *v1beta1.PeerAuthentication_MutualTLS) bool { return mtls != nil && mtls.Mode == v1beta1.PeerAuthentication_MutualTLS_STRICT } func isMtlsModeDisable(mtls *v1beta1.PeerAuthentication_MutualTLS) bool {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/testdata/tls.yaml
hostname: "other.example" port: 34000 protocol: HTTPS allowedRoutes: namespaces: from: All tls: mode: Terminate certificateRefs: - name: my-cert-http options: gateway.istio.io/tls-terminate-mode: MUTUAL - name: terminate-istio-mtls hostname: "egress.example" port: 34000 protocol: HTTPS allowedRoutes: namespaces:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Mar 01 20:54:36 UTC 2024 - 2K bytes - Viewed (0) -
pilot/pkg/model/authentication_test.go
GroupVersionKind: gvk.PeerAuthentication, CreationTimestamp: baseTimestamp, Name: "default", Namespace: "foo", }, Spec: &securityBeta.PeerAuthentication{ Mtls: &securityBeta.PeerAuthentication_MutualTLS{ Mode: securityBeta.PeerAuthentication_MutualTLS_STRICT, }, }, }, { Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 45.1K bytes - Viewed (0)