- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 105 for mTLS (0.16 sec)
-
tests/integration/pilot/grpc_probe_test.go
} ns := namespace.NewOrFail(t, t, namespace.Config{Prefix: "grpc-probe", Inject: true}) // apply strict mtls t.ConfigKube(t.Clusters().Configs()...).YAML(ns.Name(), ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: grpc-probe-mtls spec: mtls: mode: STRICT`).ApplyOrFail(t) for _, testCase := range []struct { name string rewrite bool
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.8K bytes - Viewed (0) -
tests/integration/security/mtls_healthcheck_test.go
) { ctx.Helper() wantSuccess := rewrite policyYAML := fmt.Sprintf(`apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "mtls-strict-for-%v" spec: selector: matchLabels: app: "%v" mtls: mode: STRICT `, name, name) ctx.ConfigIstio().YAML(ns.Name(), policyYAML).ApplyOrFail(ctx) var healthcheck echo.Instance cfg := echo.Config{ Namespace: ns,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 2.9K bytes - Viewed (0) -
pilot/pkg/networking/core/sidecar_simulation_test.go
ClusterMatched: "inbound|70||", }, Strict: simulation.Result{ // TLS, but not mTLS Error: simulation.ErrMTLSError, }, }, { Name: "mtls tcp to tcp", Call: simulation.Call{ Port: 70, Protocol: simulation.TCP, TLS: simulation.MTLS, CallMode: simulation.CallModeInbound, }, Disabled: simulation.Result{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
opts = getTLSFilterChainMatchOptions(lp) mtls.TCP = BuildListenerTLSContext(cc.tlsSettings, lb.node, lb.push.Mesh, istionetworking.TransportProtocolTCP, false) mtls.HTTP = mtls.TCP } else { lp := istionetworking.ModelProtocolToListenerProtocol(cc.port.Protocol) opts = getFilterChainMatchOptions(mtls, lp) } // Build the actual chain chains := lb.inboundChainForOpts(cc, mtls, opts) if cc.bindToPort {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/simulation/traffic.go
} mTLSSecretConfigName := "default" if input.MtlsSecretConfigName != "" { mTLSSecretConfigName = input.MtlsSecretConfigName } // mTLS listener will only accept mTLS traffic if fc.TransportSocket != nil && sim.requiresMTLS(fc, mTLSSecretConfigName) != (input.TLS == MTLS) { // If there is no tls inspector, then result.Error = ErrMTLSError return } if len(input.CustomListenerValidations) > 0 {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
releasenotes/notes/push-cds-on-auto-passthrough-gateway-change.yaml
apiVersion: release-notes/v2 kind: bug-fix area: traffic-management releaseNotes: - |
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 16:52:59 UTC 2024 - 181 bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
mode := checker.GetMutualTLSModeForPort(si.Port.TargetPort) // auto-mtls label is set - clients will attempt to connect using mtls, and // gRPC doesn't support permissive. if node.Labels[label.SecurityTlsMode.Name] == "istio" && mode == model.MTLSPermissive { mode = model.MTLSStrict }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
cb.applyHBONETransportSocketMatches(c.cluster, tls, istioAutodetectedMtls) } else if c.cluster.GetType() != cluster.Cluster_ORIGINAL_DST { // For headless service, discovery type will be `Cluster_ORIGINAL_DST` // Apply auto mtls to clusters excluding these kind of headless services. if istioAutodetectedMtls { // convert to transport socket matcher if the mode was auto detected transportSocket := c.cluster.TransportSocket
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/templates/NOTES.txt
"pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" "global.mtls.enabled" "the PeerAuthentication resource" "global.mtls.auto" "meshConfig.enableAutoMtls" "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 20:02:28 UTC 2024 - 4.6K bytes - Viewed (0) -
docs/logging/README.md
tls_skip_verify (on|off) trust server TLS without verification, defaults to "on" (verify) client_tls_cert (path) path to client certificate for mTLS auth client_tls_key (path) path to client key for mTLS auth version (string) specify the version of the Kafka cluster comment (sentence) optionally add a comment to this setting ```
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 09 17:15:03 UTC 2024 - 10.4K bytes - Viewed (0)