- Sort Score
- Result 10 results
- Languages All
Results 101 - 110 of 268 for mTLS (0.03 sec)
-
pilot/pkg/features/security.go
var ( // SkipValidateTrustDomain tells the server proxy to not to check the peer's trust domain when // mTLS is enabled in authentication policy. SkipValidateTrustDomain = env.Register( "PILOT_SKIP_VALIDATE_TRUST_DOMAIN", false, "Skip validating the peer is from the same trust domain when mTLS is enabled in authentication policy").Get() XDSAuth = env.Register("XDS_AUTH", true,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Jan 13 03:50:59 UTC 2024 - 3.1K bytes - Viewed (0) -
tests/integration/security/testdata/reachability/workload-peer-authn-port-override.yaml.tmpl
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: {{ .To.ServiceName }} spec: selector: matchLabels: app: {{ .To.ServiceName }} mtls: mode: {{ .MTLSMode }} portLevelMtls: {{ (.To.PortForName `http`).WorkloadPort }}: mode: {{ .MTLSModeOverride }} {{ (.To.PortForName `http2`).WorkloadPort }}: mode: {{ .MTLSModeOverride }} {{ (.To.PortForName `https`).WorkloadPort }}:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jul 06 18:43:28 UTC 2022 - 648 bytes - Viewed (0) -
releasenotes/notes/28742.yaml
area: security issue: - https://github.com/istio/istio/issues/28742 releaseNotes: - | **Added** Configuring Envoy to fetch the Jwks by it self. This should be enabled if the JwksUri is a mesh cluster URL for mTLS and other benefits like retries, jws caching etc.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 11 21:29:16 UTC 2021 - 472 bytes - Viewed (0) -
internal/config/notify/help.go
}, config.HelpKV{ Key: target.WebhookClientCert, Description: "client cert for Webhook mTLS auth", Optional: true, Type: "string", Sensitive: true, }, config.HelpKV{ Key: target.WebhookClientKey, Description: "client cert key for Webhook mTLS auth", Optional: true, Type: "string", Sensitive: true, }, }
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Tue Mar 19 04:37:54 UTC 2024 - 18.8K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/mtls_checker.go
} } // isMtlsEnabled returns true if the given lbEp has mTLS enabled. func isMtlsEnabled(lbEp *endpoint.LbEndpoint) bool { return lbEp.Metadata.FilterMetadata[util.EnvoyTransportSocketMetadataKey]. GetFields()[model.TLSModeLabelShortname]. GetStringValue() == model.IstioMutualTLSModeLabel } // checkMtlsEnabled computes whether mTLS should be enabled or not. This is determined based
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Dec 01 07:32:22 UTC 2023 - 3.3K bytes - Viewed (0) -
pilot/pkg/xds/testdata/benchmarks/strict.yaml
name: auto protocol: "" resolution: STATIC endpoints: - address: 1.1.1.1 --- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default spec: mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Jul 29 02:10:48 UTC 2023 - 594 bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/destinationrule-compound-mutual-simple.yaml
# No caCertificates when mode is simple at destination level and MUTUAL at port level apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: db-mtls spec: host: mydbserver.prod.svc.cluster.local trafficPolicy: tls: mode: SIMPLE clientCertificate: /etc/certs/myclientcert.pem privateKey: /etc/certs/client_private_key.pem portLevelSettings: - port: number: 443 tls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Nov 17 12:28:05 UTC 2021 - 638 bytes - Viewed (0) -
tests/integration/ambient/testdata/automtls-partial-sidecar-dr-no-tls.yaml
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "default" annotations: test-suite: "automtls-partial-sidecar-dr-no-tls" spec: mtls: mode: STRICT --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: "multiversion-route" annotations: test-suite: "automtls-partial-sidecar-dr-no-tls" spec: hosts: - "multiversion" http:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 16 18:55:23 UTC 2023 - 996 bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
cb.applyHBONETransportSocketMatches(c.cluster, tls, istioAutodetectedMtls) } else if c.cluster.GetType() != cluster.Cluster_ORIGINAL_DST { // For headless service, discovery type will be `Cluster_ORIGINAL_DST` // Apply auto mtls to clusters excluding these kind of headless services. if istioAutodetectedMtls { // convert to transport socket matcher if the mode was auto detected transportSocket := c.cluster.TransportSocket
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/templates/NOTES.txt
"pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" "global.mtls.enabled" "the PeerAuthentication resource" "global.mtls.auto" "meshConfig.enableAutoMtls" "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 20:02:28 UTC 2024 - 4.6K bytes - Viewed (0)