- Sort Score
- Result 10 results
- Languages All
Results 211 - 220 of 390 for mtls (0.28 sec)
-
tests/integration/pilot/testdata/upgrade/1.6.11-install.yaml.tar
istio-system labels: istio.io/rev: 1-6-11 app: istiod istio: pilot release: istio spec: ports: - port: 15010 name: grpc-xds # plaintext - port: 15012 name: https-dns # mTLS with k8s-signed cert - port: 443 name: https-webhook # validation and injection targetPort: 15017 - port: 15014 name: http-monitoring # prometheus stats - name: dns-tls port: 853 targetPort: 15053 protocol: TCP selector: app: istiod istio.io/rev: 1-6-11 --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name:...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 13 16:06:08 UTC 2021 - 50K bytes - Viewed (0) -
pilot/pkg/networking/core/gateway_test.go
}, }, { // tcp server is non-istio mtls, no istio-peer-exchange in the alpns name: "tcp server with terminating (non-istio)mutual tls", server: &networking.Server{ Hosts: []string{"httpbin.example.com", "bookinfo.example.com"}, Port: &networking.Port{ Protocol: string(protocol.TLS), }, Tls: &networking.ServerTLSSettings{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 144K bytes - Viewed (0) -
tests/integration/pilot/multiplecontrolplanes/main_test.go
"Namespace": ns, }, `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: "usergroup-peerauth" namespace: {{ .Namespace }} spec: mtls: mode: STRICT `).ApplyOrFail(t, apply.NoCleanup) } } func allowExternalService(t framework.TestContext, ns string, externalNs string, revision string) { t.ConfigIstio().Eval(ns, map[string]any{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 16:52:52 UTC 2024 - 9.1K bytes - Viewed (0) -
pkg/test/echo/server/endpoint/grpc.go
grpc.KeepaliveParams(keepalive.ServerParameters{ MaxConnectionIdle: idleTimeout, }), } if s.Port.TLS { epLog.Infof("Listening GRPC (over TLS) on %v", p) // Create the TLS credentials creds, errCreds := credentials.NewServerTLSFromFile(s.TLSCert, s.TLSKey) if errCreds != nil { epLog.Errorf("could not load TLS keys: %s", errCreds) } opts = append(opts, grpc.Creds(creds)) } else if s.Port.XDSServer {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 25 17:30:37 UTC 2023 - 8.7K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/cds.go
// management server (see grpc/xds/internal/client/xds.go securityConfigFromCluster). const transportSocketName = "envoy.transport_sockets.tls" func buildUpstreamTLSContext(sans []string) *tls.UpstreamTlsContext { return &tls.UpstreamTlsContext{ CommonTlsContext: buildCommonTLSContext(sans), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 17:09:02 UTC 2024 - 9.2K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
### Inbound Traffic entering a pod over HBONE will be handled by the "inbound" code path, on port 15008. Incoming requests have multiple "layers": TLS wrapping HTTP CONNECT that is wrapping the user's connection. To unwrap the first layer, we terminate TLS. As part of this, we need to pick the correct certificate to serve on behalf of the destination workload. As discussed in [HBONE](#hbone), this is based on the destination IP.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 22:35:16 UTC 2024 - 16.6K bytes - Viewed (0) -
cluster/images/etcd/migrate/options.go
flags.StringVar(&opts.etcdServerArgs, "etcd-server-extra-args", "", "additional etcd server args for starting etcd servers during migration steps, need to set TLS certs flags for multi-member clusters using mTLS for communication. "+ "If unset fallbacks to ETCD_CREDS env.") } func lookupEnv(env string) (string, error) { result, ok := os.LookupEnv(env) if !ok || len(result) == 0 {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 31 09:59:52 UTC 2024 - 9.5K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/grpcecho_test.go
namespace: default spec: host: echo-app.default.svc.cluster.local trafficPolicy: tls: mode: ISTIO_MUTUAL --- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: default spec: mtls: mode: STRICT `, }, echoCfg{version: "v1", tls: true}) // ensure we can make 10 consecutive successful requests
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jan 12 18:20:36 UTC 2024 - 8.3K bytes - Viewed (0) -
pkg/adsc/adsc.go
} conn, err := grpc.Dial(config.Address, grpcDialOptions...) if err != nil { return nil, err } return conn, nil } func tlsConfig(config *Config) (*tls.Config, error) { var clientCerts []tls.Certificate var serverCABytes []byte var err error getClientCertificate := getClientCertFn(config) // Load the root CAs if config.RootCert != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 05 22:18:49 UTC 2024 - 35K bytes - Viewed (0) -
pilot/pkg/model/service.go
const ( // TLSModeLabelShortname name used for determining endpoint level tls transport socket configuration TLSModeLabelShortname = "tlsMode" // DisabledTLSModeLabel implies that this endpoint should receive traffic as is (mostly plaintext) DisabledTLSModeLabel = "disabled" // IstioMutualTLSModeLabel implies that the endpoint is ready to receive Istio mTLS connections. IstioMutualTLSModeLabel = "istio"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 02:03:58 UTC 2024 - 46.3K bytes - Viewed (0)