- Sort Score
- Result 10 results
- Languages All
Results 51 - 60 of 244 for mTLS (0.05 sec)
-
pilot/pkg/security/authn/factory.go
// It may return nil, if no authentication is needed. AuthNFilter(forSidecar bool) *hcm.HttpFilter // PortLevelSetting returns port level mTLS settings. PortLevelSetting() map[uint32]model.MutualTLSMode MtlsPolicy } type MtlsPolicy interface { // GetMutualTLSModeForPort gets the mTLS mode for the given port. If there is no port level setting, it // returns the inherited namespace/mesh level setting.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
tests/integration/security/egress_sidecar_tls_origination_test.go
var ( credNameGeneric = "mtls-credential-generic" fakeCredName = "fake-mtls-credential" credWithCRL = "mtls-credential-generic-valid-crl" credWithDummyCRL = "mtls-credential-generic-dummy-crl" ) // Create a valid kubernetes secret to provision key/cert for sidecar. ingressutil.CreateIngressKubeSecretInNamespace(t, credNameGeneric, ingressutil.Mtls, ingressutil.IngressCredential{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 10.4K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-workload-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: strict-mtls spec: selector: matchLabels: app: a mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 166 bytes - Viewed (0) -
pilot/pkg/model/authentication.go
MTLSUnknown MutualTLSMode = iota // MTLSDisable if authentication policy disable mTLS. MTLSDisable // MTLSPermissive if authentication policy enable mTLS in permissive mode. MTLSPermissive // MTLSStrict if authentication policy enable mTLS in strict mode. MTLSStrict ) // In Ambient, we convert k8s PeerAuthentication resources to the same type as AuthorizationPolicies
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 10.1K bytes - Viewed (0) -
manifests/addons/dashboards/istio-workload-dashboard.json
"format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", "refId": "A", "step": 2 }, { "datasource": { "type": "prometheus", "uid": "${datasource}" },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 27 03:47:04 UTC 2024 - 102.7K bytes - Viewed (0) -
tests/integration/security/sds_ingress/quic/ingress_test.go
}) }) } // TestMtlsGatewaysWithQUIC deploys multiple mTLS gateways with SDS enabled, and creates kubernetes that store // private key, server certificate and CA certificate for each mTLS gateway. Verifies that client can communicate // by using both QUIC and TCP/mTLS func TestMtlsGatewaysWithQUIC(t *testing.T) { // nolint: staticcheck framework. NewTest(t).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.6K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/testdata/tls.yaml.golden
internal.istio.io/gateway-service: istio-ingressgateway.istio-system.svc.domain.suffix internal.istio.io/parents: Gateway/gateway/terminate-mtls.istio-system creationTimestamp: null name: gateway-istio-autogenerated-k8s-gateway-terminate-mtls namespace: istio-system spec: servers: - hosts: - '*/other.example' port: name: default number: 34000 protocol: HTTPS
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Mar 01 20:54:36 UTC 2024 - 4K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
} if protocol == networking.ListenerProtocolTCP && features.MetadataExchange { // For TCP with mTLS, we advertise "istio-peer-exchange" from client and // expect the same from server. This is so that secure metadata exchange // transfer can take place between sidecars for TCP with mTLS. if features.DisableMxALPN { ctx.CommonTlsContext.AlpnProtocols = util.ALPNDownstream } else {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
tests/integration/security/reachability_test.go
expectCrossCluster: notFromNaked, expectCrossNetwork: never, expectSuccess: always, }, // --------start of auto mtls partial test cases --------------- // The follow three consecutive test together ensures the auto mtls works as intended // for sidecar migration scenario. { name: "migration no tls", configs: config.Sources{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/security/authn/policy_applier.go
} } } return outputPolicy } func isMtlsModeUnset(mtls *v1beta1.PeerAuthentication_MutualTLS) bool { return mtls == nil || mtls.Mode == v1beta1.PeerAuthentication_MutualTLS_UNSET
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 09:47:21 UTC 2024 - 19.2K bytes - Viewed (0)