- Sort Score
- Result 10 results
- Languages All
Results 231 - 240 of 390 for mtls (0.05 sec)
-
pilot/pkg/model/push_context.go
if len(instances) == 0 { return MTLSDisable } for _, i := range instances { // Infer mTls disabled if any of the endpoint is with tls disabled if i.TLSMode == DisabledTLSModeLabel { return MTLSDisable } } } // 2. check mTLS settings from beta policy (i.e PeerAuthentication) at namespace / mesh level. // If the mode is not unknown, use it.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 09:02:11 UTC 2024 - 91.8K bytes - Viewed (0) -
istioctl/pkg/describe/describe.go
for _, ps := range trafficPolicy.PortLevelSettings { fmt.Fprintf(writer, "%s%d:\n", printSpaces(4), ps.GetPort().GetNumber()) if ps.Tls != nil { fmt.Fprintf(writer, "%sTLS Mode: %s\n", printSpaces(initPrintNum+printLevel2), ps.Tls.Mode.String()) } if sp := recordShortPolicies( ps.LoadBalancer, ps.ConnectionPool, ps.OutlierDetection); sp != "" {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 13 05:23:38 UTC 2024 - 50.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go
// clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. // Must be absent/empty if TCPTransport.URL is prefixed with http:// // Must be configured if TCPTransport.URL is prefixed with https:// // +optional ClientKey string `json:"clientKey,omitempty"` // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 17:59:05 UTC 2024 - 26.6K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/values.yaml
multiCluster: # Set to true to connect two kubernetes clusters via their respective # ingressgateway services when pods in each cluster cannot directly # talk to one another. All clusters should be using Istio mTLS and must # have a shared root CA for this model to work. enabled: false # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 13K bytes - Viewed (0) -
pkg/test/framework/components/echo/calloptions.go
if o.To != nil { return o.To.Config().ClusterLocalFQDN() } return "" } func (o CallOptions) DeepCopy() CallOptions { clone := o if o.TLS.Alpn != nil { clone.TLS.Alpn = make([]string, len(o.TLS.Alpn)) copy(clone.TLS.Alpn, o.TLS.Alpn) } return clone } // FillDefaults fills out any defaults that haven't been explicitly specified. func (o *CallOptions) FillDefaults() error {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Oct 08 09:39:20 UTC 2023 - 13K bytes - Viewed (0) -
pilot/pkg/xds/workload_test.go
expectAddedAndRemoved(ads.ExpectResponse(), []string{"istio-system/istio_converted_static_strict"}, nil) createPeerAuthentication(s, "policy2", "ns", &v1beta1.PeerAuthentication{ Mtls: &v1beta1.PeerAuthentication_MutualTLS{ Mode: v1beta1.PeerAuthentication_MutualTLS_PERMISSIVE, }, PortLevelMtls: map[uint32]*v1beta1.PeerAuthentication_MutualTLS{ 9080: {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 15.9K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder.go
return nil } return durationpb.New(t) } // TODO: This code is still insufficient. Ideally we should be parsing all the virtual services // with TLS blocks and build the appropriate filter chain matches and routes here. And then finally // evaluate the left over unmatched TLS traffic using allow_any or registry_only. // See https://github.com/istio/istio/issues/21170
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 17.9K bytes - Viewed (0) -
pkg/workloadapi/workload.proto
oneof destination { // TODO: add support for hostname lookup NamespacedHostname hostname = 1; NetworkAddress address = 2; } // port to reach the gateway at for mTLS HBONE connections uint32 hbone_mtls_port = 3; reserved "hbone_single_tls_port"; reserved 4; } // NetworkAddress represents an address bound to a specific network. message NetworkAddress {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 18:02:35 UTC 2024 - 12.9K bytes - Viewed (0) -
tests/integration/pilot/common/routing.go
metadata: name: %s spec: selector: matchLabels: app: %s mtls: mode: %s --- `, app, app, mode) } func globalPeerAuthentication(mode string) string { return fmt.Sprintf(`apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default spec: mtls: mode: %s --- `, mode) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 21:52:51 UTC 2024 - 135.9K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates ClientCA string // CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. // Generally this is the CA bundle file used to authenticate client certificates // If non-nil, this takes priority over the ClientCA file. CAContentProvider dynamiccertificates.CAContentProvider
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Mar 21 14:51:22 UTC 2023 - 19.9K bytes - Viewed (0)