- Sort Score
- Result 10 results
- Languages All
Results 1 - 9 of 9 for root1 (0.04 sec)
-
pilot/pkg/bootstrap/certcontroller.go
log.Infof("Use roots from %v and watch", fileBundle.RootCertFile) caBundle = s.CA.GetCAKeyCertBundle().GetRootCertPem() // Similar code to istio-ca-secret: refresh the root cert, but in casecrets s.addStartFunc("istiod server certificate rotation", func(stop <-chan struct{}) error { go func() { // regenerate istiod key cert when root cert changes. s.watchRootCertAndGenKeyCert(stop)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 11.3K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
// // Support for signing other root CA has been removed - too dangerous, no clear use case. // // Default config, for backward compat with Citadel: // - if "cacerts" secret exists in istio-system, will be mounted. It may contain an optional "root-cert.pem", // with additional roots and optional {ca-key, ca-cert, cert-chain}.pem user-provided root CA.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
workloadTrustBundle *tb.TrustBundle certMu sync.RWMutex istiodCert *tls.Certificate // istiodCertBundleWatche provides callbacks when the Istiod certs or roots are changed. // The roots are used by the namespace controller to update Istiod roots and patch webhooks. // The certs are used to refresh Istiod credentials. istiodCertBundleWatcher *keycertbundle.Watcher server server.Instance
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pkg/security/security.go
// GkeWorkloadRootCertFilePath is the well-known path for the GKE workload root certificate file GkeWorkloadRootCertFilePath = WorkloadIdentityCredentialsPath + "/ca_certificates.pem" // SystemRootCerts is special case input for root cert configuration to use system root certificates. SystemRootCerts = "SYSTEM" // RootCertReqResourceName is resource name of discovery request for root certificate. RootCertReqResourceName = "ROOTCA"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pkg/config/constants/constants.go
DefaultPilotTLSCaCert = PilotWellKnownDNSCaCertPath + "root-cert.pem" DefaultPilotTLSCaCertAlternatePath = PilotWellKnownDNSCertPath + "ca.crt" // CertChainFilename is mTLS chain file CertChainFilename = "cert-chain.pem" // KeyFilename is mTLS private key KeyFilename = "key.pem" // RootCertFilename is mTLS root cert RootCertFilename = "root-cert.pem"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 10K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/workloads_test.go
}, model.WorkloadAuthorization{ LabelSelector: model.NewSelector(map[string]string{"app": "foo"}), Authorization: &security.Authorization{Name: "root-ns", Namespace: "istio-system"}, }, }, pod: &v1.Pod{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ Name: "name", Namespace: "ns",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.3K bytes - Viewed (0) -
pilot/pkg/features/pilot.go
"The provider of Pilot DNS certificate. K8S RA will be used for k8s.io/NAME. 'istiod' value will sign"+ " using Istio build in CA. Other values will not not generate TLS certs, but still "+ " distribute ./etc/certs/root-cert.pem. Only used if custom certificates are not mounted.").Get() ClusterName = env.Register("CLUSTER_ID", constants.DefaultClusterName, "Defines the cluster and service registry that this Istiod instance belongs to").Get()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 13.3K bytes - Viewed (0) -
pilot/pkg/model/gateway.go
// Note: Secrets that are not referenced by any Gateway, but are in the same namespace as the pod, are explicitly *not* // included. This ensures we don't give permission to unexpected secrets, such as the citadel root key/cert. VerifiedCertificateReferences sets.String } func (g *MergedGateway) HasAutoPassthroughGateways() bool { if g != nil { return g.ContainsAutoPassthroughGateways } return false }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 26K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_builder.go
tlsClientCertChain string // tlsClientKey is the absolute path to client private key file tlsClientKey string // tlsClientRootCert is the absolute path to client root cert file tlsClientRootCert string } // ClusterBuilder interface provides an abstraction for building Envoy Clusters. type ClusterBuilder struct { // Proxy related information used to build clusters.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 31.6K bytes - Viewed (0)