- Sort Score
- Result 10 results
- Languages All
Results 141 - 150 of 390 for mtls (0.04 sec)
-
tests/integration/security/cacert_rotation/main_test.go
WithDefaultFilters(1, 1). FromMatch(match.ServiceName(from.NamespacedName())). ToMatch(match.ServiceName(to.NamespacedName())). Run(func(t framework.TestContext, from echo.Instance, to echo.Target) { // Verify mTLS works between a and b opts := echo.CallOptions{ To: to, Port: echo.Port{ Name: "http", }, } opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 6.6K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/endpoint_builder.go
// For the SNI-DNAT clusters, we are using AUTO_PASSTHROUGH gateway. AUTO_PASSTHROUGH is intended // to passthrough mTLS requests. However, at the gateway we do not actually have any way to tell if the // request is a valid mTLS request or not, since its passthrough TLS. // To ensure we allow traffic only to mTLS endpoints, we filter out non-mTLS endpoints for these cluster types. locEps = b.EndpointsWithMTLSFilter(locEps) } return locEps }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Apr 28 02:18:19 UTC 2024 - 26.1K bytes - Viewed (0) -
pilot/pkg/networking/core/listenertest/match.go
} type FilterChainType string const ( PlainTCP FilterChainType = "plaintext TCP" PlainHTTP FilterChainType = "plaintext HTTP" StandardTLS FilterChainType = "TLS" MTLSTCP FilterChainType = "mTLS TCP" MTLSHTTP FilterChainType = "mTLS HTTP" Unknown FilterChainType = "unknown" ) func classifyFilterChain(have *listener.FilterChain) FilterChainType { fcm := have.GetFilterChainMatch()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 6.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
kind: PeerAuthentication metadata: name: global-strict spec: mtls: mode: STRICT `).ApplyOrFail(t) opt = opt.DeepCopy() if !src.Config().HasProxyCapabilities() && dst.Config().HasProxyCapabilities() { // Expect deny if the dest is in the mesh (enforcing mTLS) but src is not (not sending mTLS) opt.Check = CheckDeny } src.CallOrFail(t, opt) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/credentials.go
// token is missing (for example, on a VM that has rebooted, causing the token to be removed from // volatile memory), we can still proceed and allow other authentication methods to potentially // handle the request, such as mTLS. func (t *DefaultTokenProvider) GetToken() (string, error) { if t.opts.CredFetcher == nil { return "", nil } token, err := t.opts.CredFetcher.GetPlatformCredential() if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 2.4K bytes - Viewed (0) -
releasenotes/notes/external-name-on.yaml
* Because the destination DNS name is treated as opaque, we cannot apply Istio policies to it as expected. For example, if I point an external name at another in-cluster Service (for example, `example.default.svc.cluster.local`), mTLS would not be used. `ExternalName` support has been revamped to fix these problems. `ExternalName`s are now simply treated as aliases.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Nov 02 18:58:52 UTC 2023 - 2.4K bytes - Viewed (0) -
tests/integration/security/ecc_signature_algorithm/mtls_strict_test.go
namespace: {{.AppNamespace}} spec: host: "server.{{.AppNamespace}}.svc.cluster.local" trafficPolicy: tls: mode: ISTIO_MUTUAL ` PeerAuthenticationConfig = ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: {{.AppNamespace}} spec: mtls: mode: STRICT ` ) func TestStrictMTLS(t *testing.T) { framework. NewTest(t).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2.5K bytes - Viewed (0) -
tests/integration/security/file_mounted_certs/p2p_mtls_test.go
` PeerAuthenticationConfig = ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: "istio-system" spec: mtls: mode: STRICT ` ) func createObject(ctx framework.TestContext, serviceNamespace string, yamlManifest string) { args := map[string]string{"AppNamespace": serviceNamespace} ctx.ConfigIstio().Eval(serviceNamespace, args, yamlManifest).ApplyOrFail(ctx)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2.8K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/templates/deployment.yaml
mountPath: /var/run/secrets/tokens readOnly: true {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - name: istio-certs mountPath: /etc/certs readOnly: true {{- end }} - mountPath: /var/lib/istio/data name: istio-data
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 12.1K bytes - Viewed (0) -
releasenotes/notes/external-name.yaml
* Because the destination DNS name is treated as opaque, we cannot apply Istio policies to it as expected. For example, if I point an external name at another in-cluster Service (for example, `example.default.svc.cluster.local`), mTLS would not be used. `ExternalName` support has been revamped to fix these problems. `ExternalName`s are now simply treated as aliases.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Oct 27 03:08:29 UTC 2023 - 2.7K bytes - Viewed (0)