- Sort Score
- Result 10 results
- Languages All
Results 31 - 40 of 105 for mTLS (0.12 sec)
-
pilot/pkg/xds/endpoints/endpoint_builder.go
// For the SNI-DNAT clusters, we are using AUTO_PASSTHROUGH gateway. AUTO_PASSTHROUGH is intended // to passthrough mTLS requests. However, at the gateway we do not actually have any way to tell if the // request is a valid mTLS request or not, since its passthrough TLS. // To ensure we allow traffic only to mTLS endpoints, we filter out non-mTLS endpoints for these cluster types. locEps = b.EndpointsWithMTLSFilter(locEps) } return locEps }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Apr 28 02:18:19 UTC 2024 - 26.1K bytes - Viewed (0) -
pilot/pkg/networking/core/listenertest/match.go
type FilterChainType string const ( PlainTCP FilterChainType = "plaintext TCP" PlainHTTP FilterChainType = "plaintext HTTP" StandardTLS FilterChainType = "TLS" MTLSTCP FilterChainType = "mTLS TCP" MTLSHTTP FilterChainType = "mTLS HTTP" Unknown FilterChainType = "unknown" ) func classifyFilterChain(have *listener.FilterChain) FilterChainType { fcm := have.GetFilterChainMatch()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 6.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
kind: PeerAuthentication metadata: name: global-strict spec: mtls: mode: STRICT `).ApplyOrFail(t) opt = opt.DeepCopy() if !src.Config().HasProxyCapabilities() && dst.Config().HasProxyCapabilities() { // Expect deny if the dest is in the mesh (enforcing mTLS) but src is not (not sending mTLS) opt.Check = CheckDeny } src.CallOrFail(t, opt) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/credentials.go
// token is missing (for example, on a VM that has rebooted, causing the token to be removed from // volatile memory), we can still proceed and allow other authentication methods to potentially // handle the request, such as mTLS. func (t *DefaultTokenProvider) GetToken() (string, error) { if t.opts.CredFetcher == nil { return "", nil } token, err := t.opts.CredFetcher.GetPlatformCredential() if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 2.4K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/templates/deployment.yaml
mountPath: /var/run/secrets/tokens readOnly: true {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - name: istio-certs mountPath: /etc/certs readOnly: true {{- end }} - mountPath: /var/lib/istio/data name: istio-data
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 12.1K bytes - Viewed (0) -
manifests/charts/gateways/istio-egress/templates/deployment.yaml
mountPath: /var/run/secrets/tokens readOnly: true {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - name: istio-certs mountPath: /etc/certs readOnly: true {{- end }} - mountPath: /var/lib/istio/data name: istio-data
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 12.1K bytes - Viewed (0) -
pkg/config/analysis/analyzers/analyzers_test.go
expected: []message{ {msg.NoServerCertificateVerificationDestinationLevel, "DestinationRule db-mtls"}, {msg.NoServerCertificateVerificationPortLevel, "DestinationRule db-mtls"}, }, }, { name: "destinationrule with no cacert, simple at destinationlevel and mutual at port level", inputFiles: []string{ "testdata/destinationrule-compound-mutual-simple.yaml", },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 07:22:31 UTC 2024 - 42.6K bytes - Viewed (0) -
pilot/pkg/networking/core/gateway.go
// (per the spec of AUTO_PASSTHROUGH), as well as all possible Istio mTLS ALPNs. This, // along with filtering out plaintext destinations in EDS, ensures that our requests will // always hit an Istio mTLS filter chain on the inbound side. As a result, it should not // be possible for anyone to access a cluster without mTLS. Note that we cannot actually // check for mTLS here, as we are doing passthrough TLS.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 46.4K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
else echo "ERROR: Some of ETCD_APISERVER_CA_KEY, ETCD_APISERVER_CA_CERT, ETCD_APISERVER_SERVER_KEY, ETCD_APISERVER_SERVER_CERT, ETCD_APISERVER_CLIENT_KEY and ETCD_APISERVER_CLIENT_CERT are missing, mTLS between etcd server and kube-apiserver cannot be enabled. Please provide all mTLS credential." exit 1 fi
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
tests/integration/security/authz_test.go
toMatch := match.Not(fromMatch) to := toMatch.GetServiceMatches(apps.Ns1.All) fromAndTo := to.Instances().Append(from) config.New(t). Source(config.File("testdata/authz/mtls.yaml.tmpl")). Source(config.File("testdata/authz/allow-principal.yaml.tmpl").WithParams( param.Params{ "Allowed": allowed, })). BuildAll(nil, to). Apply()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 50.1K bytes - Viewed (0)