- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 66 for ca (0.11 sec)
-
manifests/charts/gateways/istio-egress/files/profile-ambient.yaml
meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true # Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/istio-operator/files/profile-ambient.yaml
meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true # Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
architecture/ambient/ztunnel.md
When fetching certificates, ztunnel will authenticate to the CA with its own identity, but request the identity of another workload. Critically, the CA must enforce that the ztunnel has permission to request that identity. Requests for identities not running on the node are rejected. This is critical to ensure that a compromised node does not compromise the entire mesh.
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 25 22:35:16 GMT 2024 - 16.6K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/profile-openshift-ambient.yaml
env: PILOT_ENABLE_AMBIENT: "true" # Allow sidecars/ingress to send/receive HBONE. This is required for interop. PILOT_ENABLE_SENDING_HBONE: "true" PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" platform: openshift variant: distroless seLinuxOptions:
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat May 04 01:17:57 GMT 2024 - 955 bytes - Viewed (0) -
manifests/charts/base/files/profile-openshift-ambient.yaml
env: PILOT_ENABLE_AMBIENT: "true" # Allow sidecars/ingress to send/receive HBONE. This is required for interop. PILOT_ENABLE_SENDING_HBONE: "true" PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" platform: openshift variant: distroless seLinuxOptions:
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat May 04 01:17:57 GMT 2024 - 955 bytes - Viewed (0) -
manifests/charts/default/files/profile-ambient.yaml
meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true # Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/istio-cni/files/profile-ambient.yaml
meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true # Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/base/files/profile-ambient.yaml
meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" global: variant: distroless pilot: env: PILOT_ENABLE_AMBIENT: "true" CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel" cni: ambient: enabled: true # Ztunnel doesn't use a namespace, so everything here is mostly for ztunnel
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Thu Apr 18 19:09:43 GMT 2024 - 683 bytes - Viewed (0) -
manifests/charts/README.md
- Better security: separate Istio components reside in different namespaces, allowing different teams or roles to manage different parts of Istio. For example, a security team would maintain the root CA and policy, a telemetry team may only have access to Prometheus, and a different team may maintain the control plane components (which are highly security sensitive).
Plain Text - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Feb 07 17:53:24 GMT 2024 - 6.7K bytes - Viewed (0) -
manifests/charts/istiod-remote/files/gateway-injection-template.yaml
path: istio-token expirationSeconds: 43200 audience: {{ .Values.global.sds.token.aud }} {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: name: istio-ca-root-cert {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - name: istio-certs secret:
Others - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Feb 27 16:55:16 GMT 2024 - 8.6K bytes - Viewed (0)