- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 149 for mtls (0.1 sec)
-
tests/integration/security/pass_through_filter_chain_test.go
// The request should be denied on port 8085 and 8071. name: "STRICT with DISABLE", config: `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: {{ .To.ServiceName }}-mtls spec: selector: matchLabels: app: {{ .To.ServiceName }} mtls: mode: STRICT portLevelMtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
pilot/pkg/networking/core/peer_authentication_simulation_test.go
{ Name: "mtls on port 8000", Call: mkCall(8000, simulation.MTLS), Result: simulation.Result{ClusterMatched: "inbound|8000||"}, }, { Name: "plaintext port 9000", Call: mkCall(9000, simulation.Plaintext), Result: simulation.Result{ClusterMatched: "InboundPassthroughCluster"}, }, { Name: "mtls port 9000", Call: mkCall(9000, simulation.MTLS),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/xds/sds_test.go
Cert string CaCert string CaCrl string } allResources := []string{ "kubernetes://generic", "kubernetes://generic-mtls", "kubernetes://generic-mtls-cacert", "kubernetes://generic-mtls-split", "kubernetes://generic-mtls-split-cacert", "kubernetes://generic-mtls-crl", "kubernetes://generic-mtls-crl-cacert", } cases := []struct { name string proxy *model.Proxy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 13 20:55:20 UTC 2024 - 17.7K bytes - Viewed (0) -
tests/integration/security/sds_ingress/ingress_test.go
} // TestSingleMTLSGateway_ServerKeyCertRotation tests a single mTLS ingress gateway with SDS enabled. // Verifies behavior in these scenarios. // (1) create two kubernetes secrets to provision server key/cert and client CA cert, and // verify that mTLS connection could establish to deliver HTTPS request. // (2) replace kubernetes secret to rotate server key/cert, and verify that mTLS connection could
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 32.7K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/ep_filters_test.go
Mtls: &security.PeerAuthentication_MutualTLS{Mode: security.PeerAuthentication_MutualTLS_STRICT}, }, }, IsMtlsDisabled: false, }, "mtls-off-global": { Config: config.Config{ Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication, Name: "mtls-off", Namespace: "istio-system", }, Spec: &security.PeerAuthentication{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 01:17:58 UTC 2024 - 26.8K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
}) } return res } func isMtlsModeUnset(mtls *v1beta1.PeerAuthentication_MutualTLS) bool { return mtls == nil || mtls.Mode == v1beta1.PeerAuthentication_MutualTLS_UNSET } func isMtlsModeStrict(mtls *v1beta1.PeerAuthentication_MutualTLS) bool { return mtls != nil && mtls.Mode == v1beta1.PeerAuthentication_MutualTLS_STRICT } func isMtlsModeDisable(mtls *v1beta1.PeerAuthentication_MutualTLS) bool {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0) -
pilot/pkg/model/authentication_test.go
GroupVersionKind: gvk.PeerAuthentication, CreationTimestamp: baseTimestamp, Name: "default", Namespace: "foo", }, Spec: &securityBeta.PeerAuthentication{ Mtls: &securityBeta.PeerAuthentication_MutualTLS{ Mode: securityBeta.PeerAuthentication_MutualTLS_STRICT, }, }, }, { Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 45.1K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_validation_test.go
) const ( httpPlaintext = "http-plaintext" httpMTLS = "http-mtls" tcpPlaintext = "tcp-plaintext" tcpMTLS = "tcp-mtls" tcpWL = "tcp-wl" passThrough = "tcp-mtls-pass-through" // policy to enable mTLS in client and server: // ports with plaintext: 8090 (http) and 8092 (tcp) // ports with mTLS: 8091 (http), 8093 (tcp) and 9000 (tcp passthrough). policy = `
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 5.9K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
kind: PeerAuthentication metadata: name: "mtls" spec: mtls: mode: STRICT --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: "server-naked" spec: host: "*.local" trafficPolicy: tls: mode: ISTIO_MUTUAL ` ) // TestTrustDomainAliasSecureNaming scope:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/ep_filters.go
} } // EndpointsWithMTLSFilter removes all endpoints that do not handle mTLS. This is determined by looking at // auto-mTLS, DestinationRule, and PeerAuthentication to determine if we would send mTLS to these endpoints. // Note there is no guarantee these destinations *actually* handle mTLS; just that we are configured to send mTLS to them.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 01:17:58 UTC 2024 - 9.1K bytes - Viewed (0)