- Sort Score
- Result 10 results
- Languages All
Results 51 - 60 of 347 for mtls (0.28 sec)
-
architecture/security/istio-agent.md
1. The `caClient` will be configured to use either JWT or mTLS authentication. For JWT authentication, gRPC's `PerRPCCredentials` is configured with a `TokenProvider` which handles the logic of adding the proper JWT to each request. mTLS is configured by a tls.Config that points to files on disk. It should be noted there is a circular dependency with mTLS authentication; in order to fetch a certificate we need
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 22 16:45:50 UTC 2023 - 7.2K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: strict-mtls spec: mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 125 bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
// It may return nil, if no authentication is needed. AuthNFilter(forSidecar bool) *hcm.HttpFilter // PortLevelSetting returns port level mTLS settings. PortLevelSetting() map[uint32]model.MutualTLSMode MtlsPolicy } type MtlsPolicy interface { // GetMutualTLSModeForPort gets the mTLS mode for the given port. If there is no port level setting, it // returns the inherited namespace/mesh level setting.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
tests/integration/security/egress_sidecar_tls_origination_test.go
credWithCRL = "mtls-credential-generic-valid-crl" credWithDummyCRL = "mtls-credential-generic-dummy-crl" ) // Create a valid kubernetes secret to provision key/cert for sidecar. ingressutil.CreateIngressKubeSecretInNamespace(t, credNameGeneric, ingressutil.Mtls, ingressutil.IngressCredential{ Certificate: file.AsStringOrFail(t, path.Join(env.IstioSrc, "tests/testdata/certs/dns/cert-chain.pem")),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 10.4K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-workload-in.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: strict-mtls spec: selector: matchLabels: app: a mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 166 bytes - Viewed (0) -
pilot/pkg/model/authentication.go
) // MutualTLSMode is the mutual TLS mode specified by authentication policy. type MutualTLSMode int const ( // MTLSUnknown is used to indicate the variable hasn't been initialized correctly (with the authentication policy). MTLSUnknown MutualTLSMode = iota // MTLSDisable if authentication policy disable mTLS. MTLSDisable // MTLSPermissive if authentication policy enable mTLS in permissive mode. MTLSPermissive
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 10.1K bytes - Viewed (0) -
manifests/addons/dashboards/istio-workload-dashboard.json
"format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", "refId": "A", "step": 2 }, { "datasource": { "type": "prometheus", "uid": "${datasource}" },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 27 03:47:04 UTC 2024 - 102.7K bytes - Viewed (0) -
tests/integration/security/sds_ingress/quic/ingress_test.go
ingressutil.RunTestMultiQUICGateways(t, inst, ingressutil.TLS, namespace.Future(&echo1NS)) }) }) } // TestMtlsGatewaysWithQUIC deploys multiple mTLS gateways with SDS enabled, and creates kubernetes that store // private key, server certificate and CA certificate for each mTLS gateway. Verifies that client can communicate // by using both QUIC and TCP/mTLS func TestMtlsGatewaysWithQUIC(t *testing.T) { // nolint: staticcheck
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.6K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
// Compliance for downstream mesh mTLS. authn_model.EnforceCompliance(ctx.CommonTlsContext) return ctx } // GetMinTLSVersion returns the minimum TLS version for workloads based on the mesh config. func GetMinTLSVersion(ver meshconfig.MeshConfig_TLSConfig_TLSProtocol) tls.TlsParameters_TlsProtocol { switch ver { case meshconfig.MeshConfig_TLSConfig_TLSV1_3: return tls.TlsParameters_TLSv1_3 default:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
tests/integration/security/reachability_test.go
expectCrossNetwork: never, expectSuccess: always, }, // --------start of auto mtls partial test cases --------------- // The follow three consecutive test together ensures the auto mtls works as intended // for sidecar migration scenario. { name: "migration no tls", configs: config.Sources{ config.File("testdata/reachability/global-peer-authn.yaml.tmpl"),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 20.6K bytes - Viewed (0)