- Sort Score
- Result 10 results
- Languages All
Results 1 - 9 of 9 for tlsOptions (0.32 sec)
-
pilot/pkg/bootstrap/certcontroller.go
func (s *Server) initFileCertificateWatches(tlsOptions TLSOptions) error { if err := s.istiodCertBundleWatcher.SetFromFilesAndNotify(tlsOptions.KeyFile, tlsOptions.CertFile, tlsOptions.CaCertFile); err != nil { return fmt.Errorf("set keyCertBundle failed: %v", err) } // TODO: Setup watcher for root and restart server if it changes. for _, file := range []string{tlsOptions.CertFile, tlsOptions.KeyFile} {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 11.3K bytes - Viewed (0) -
pilot/pkg/bootstrap/server_test.go
} // Update cert/key files. if err := os.WriteFile(tlsOptions.CertFile, testcerts.RotatedCert, 0o644); err != nil { // nolint: vetshadow t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.CertFile, err) } if err := os.WriteFile(tlsOptions.KeyFile, testcerts.RotatedKey, 0o644); err != nil { // nolint: vetshadow t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.KeyFile, err) } g := NewWithT(t)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 23.1K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/providers/citadel/client_test.go
addr := serve(t, server, tlsOptions(t)) opts := &security.Options{ CAEndpoint: addr, CredFetcher: plugin.CreateTokenPlugin("testdata/token"), ProvCert: certDir, } rootCert := path.Join(certDir, constants.RootCertFilename) key := path.Join(certDir, constants.KeyFilename) cert := path.Join(certDir, constants.CertChainFilename) tlsOpts := &TLSOptions{ RootCert: rootCert, Key: key,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 24 21:03:23 UTC 2024 - 11.8K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
func hasCustomTLSCerts(tlsOptions TLSOptions) (ok bool, tlsCertPath, tlsKeyPath, caCertPath string) { // load from tls args as priority if hasCustomTLSCertArgs(tlsOptions) { return true, tlsOptions.CertFile, tlsOptions.KeyFile, tlsOptions.CaCertFile }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pkg/kubelet/server/server.go
WriteTimeout: 4 * 60 * time.Minute, MaxHeaderBytes: 1 << 20, } if tlsOptions != nil { s.TLSConfig = tlsOptions.Config // Passing empty strings as the cert and key files means no // cert/keys are specified and GetCertificate in the TLSConfig // should be called instead. if err := s.ListenAndServeTLS(tlsOptions.CertFile, tlsOptions.KeyFile); err != nil { klog.ErrorS(err, "Failed to listen and serve") os.Exit(1)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 04 06:25:43 UTC 2024 - 40.1K bytes - Viewed (0) -
pkg/istio-agent/agent_test.go
meta.Namespace = "fake-namespace" meta.ServiceAccount = "fake-sa" meta.ProxyConfig = pc return meta } func setupCa(t *testing.T, auth *security.FakeAuthenticator) *mock.CAServer { t.Helper() opt := tlsOptions(t) s, err := mock.NewCAServerWithKeyCert(0, testutil.ReadFile(t, filepath.Join(env.IstioSrc, "./tests/testdata/certs/pilot/ca-key.pem")),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 33.4K bytes - Viewed (0) -
pkg/istio-agent/xds_proxy.go
func (p *XdsProxy) getTLSOptions(agent *Agent) (*istiogrpc.TLSOptions, error) { if agent.proxyConfig.ControlPlaneAuthPolicy == meshconfig.AuthenticationPolicy_NONE { return nil, nil } xdsCACertPath, err := agent.FindRootCAForXDS() if err != nil { return nil, fmt.Errorf("failed to find root CA cert for XDS: %v", err) } key, cert := agent.GetKeyCertsForXDS() return &istiogrpc.TLSOptions{ RootCert: xdsCACertPath,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 27.9K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
// exact, just best effort optimization filterChains := make([]*listener.FilterChain, 0, 1+5) filterChains = append(filterChains, buildInboundBlackhole(lb)) mtlsOptions := lb.authnBuilder.ForPassthrough() for _, mtls := range mtlsOptions { cc := inboundChainConfig{ port: model.ServiceInstancePort{ ServicePort: &model.Port{ Name: model.VirtualInboundListenerName,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/conversion_test.go
name: "reference-policy-tcp", validationIgnorer: crdvalidation.NewValidationIgnorer( "istio-system/^not-allowed-echo-", ), }, {name: "serviceentry"}, {name: "eastwest"}, {name: "eastwest-tlsoption"}, {name: "eastwest-labelport"}, {name: "eastwest-remote"}, {name: "alias"}, {name: "mcs"}, {name: "route-precedence"}, {name: "waypoint"}, {name: "isolation"}, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 20:24:52 UTC 2024 - 34.9K bytes - Viewed (0)