- Sort Score
- Result 10 results
- Languages All
Results 221 - 230 of 390 for mtls (0.1 sec)
-
security/pkg/nodeagent/sds/sdsservice.go
}, }, }) secret.Type = &tls.Secret_TlsCertificate{ TlsCertificate: &tls.TlsCertificate{ CertificateChain: &core.DataSource{ Specifier: &core.DataSource_InlineBytes{ InlineBytes: s.CertificateChain, }, }, PrivateKeyProvider: &tls.PrivateKeyProvider{ ProviderName: "cryptomb", ConfigType: &tls.PrivateKeyProvider_TypedConfig{ TypedConfig: msg,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat May 25 00:20:04 UTC 2024 - 10.9K bytes - Viewed (0) -
pilot/pkg/xds/mesh_network_test.go
Config: config.Config{ Meta: config.Meta{ GroupVersionKind: gvk.PeerAuthentication, Namespace: "istio-system", Name: "peer-authn-mtls-" + name, }, Spec: &v1beta1.PeerAuthentication{ Mtls: &v1beta1.PeerAuthentication_MutualTLS{Mode: mode}, }, }, allowCrossNetwork: mode != v1beta1.PeerAuthentication_MutualTLS_DISABLE, }) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 27 16:59:05 UTC 2024 - 24.6K bytes - Viewed (0) -
tests/integration/pilot/testdata/upgrade/1.7.6-install.yaml.tar
istio-system labels: istio.io/rev: 1-7-6 app: istiod istio: pilot release: istio spec: ports: - port: 15010 name: grpc-xds # plaintext - port: 15012 name: https-dns # mTLS with k8s-signed cert - port: 443 name: https-webhook # validation and injection targetPort: 15017 - port: 15014 name: http-monitoring # prometheus stats - name: dns-tls port: 853 targetPort: 15053 protocol: TCP selector: app: istiod istio.io/rev: 1-7-6 ---...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 13 16:06:08 UTC 2021 - 60K bytes - Viewed (0) -
tests/integration/security/file_mounted_certs/main_test.go
"workload-certs": {"secret": {"secretName":"` + ServerSecretName + `"}} } ` // workload-certs are needed in order to load the "default" SDS resource, which // will be used for the xds-grpc mTLS (tls_certificate_sds_secret_configs.name == "default") sidecarVolumeMounts := ` { "server-certs": { "mountPath": "/server-certs" }, "client-certs": { "mountPath": "/client-certs" },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 13.4K bytes - Viewed (0) -
tests/integration/security/filebased_tls_origination/egress_gateway_origination_test.go
// only use Simple TLS as it doesn't verify client side cert // TODO: mechanism to enforce mutual TLS(client cert) validation by the server // 1. Mutual TLS origination from egress gateway to https endpoint: // internalClient ) ---HTTP request (Host: some-external-site.com----> Hits listener 0.0.0.0_80 -> // VS Routing (add Egress Header) --> Egress Gateway(originates mTLS with client certs)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
pilot/pkg/security/model/authentication_test.go
}, }, }, }, }, }, }, }, }, }, }, { name: "MTLS using SDS with custom certs in metadata", node: &model.Proxy{ Metadata: &model.NodeMetadata{ TLSServerCertChain: "serverCertChain", TLSServerKey: "serverKey",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 20 22:39:21 UTC 2024 - 18.9K bytes - Viewed (0) -
pkg/kubeapiserver/authenticator/config.go
BootstrapTokenAuthenticator authenticator.Token // ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If this value is nil, then mutual TLS is disabled. ClientCAContentProvider dynamiccertificates.CAContentProvider // Optional field, custom dial function used to connect to webhook
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 19:29:33 UTC 2024 - 15.4K bytes - Viewed (0) -
pilot/pkg/networking/core/networkfilter.go
} // buildMongoFilter builds an outbound Envoy MongoProxy filter. func buildMongoFilter(statPrefix string) *listener.Filter { // TODO: add a watcher for /var/lib/istio/mongo/certs // if certs are found use, TLS or mTLS clusters for talking to MongoDB. // User is responsible for mounting those certs in the pod. mongoProxy := &mongo.MongoProxy{ StatPrefix: statPrefix, // mongo stats are prefixed with mongo.<statPrefix> by Envoy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 13.7K bytes - Viewed (0) -
tests/integration/pilot/testdata/upgrade/1.8.6-install.yaml.tar
/etc/istio/proxy name: istio-envoy {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - mountPath: /var/run/secrets/tokens name: istio-token {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: istio-podinfo mountPath: /etc/istio/pod {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - mountPath: {{ directory...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jun 01 19:57:24 UTC 2021 - 70K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go
// clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string `json:"clientKey,omitempty"` // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 17:59:05 UTC 2024 - 25.5K bytes - Viewed (0)