Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 9 of 9 for tlsOptions (0.17 sec)

  2. github.com/istio/istio

    pilot/pkg/bootstrap/certcontroller.go 

    func (s *Server) initFileCertificateWatches(tlsOptions TLSOptions) error {
	if err := s.istiodCertBundleWatcher.SetFromFilesAndNotify(tlsOptions.KeyFile, tlsOptions.CertFile, tlsOptions.CaCertFile); err != nil {
		return fmt.Errorf("set keyCertBundle failed: %v", err)
	}
	// TODO: Setup watcher for root and restart server if it changes.
	for _, file := range []string{tlsOptions.CertFile, tlsOptions.KeyFile} {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 11.3K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pilot/pkg/bootstrap/server_test.go 

    	}

	// Update cert/key files.
	if err := os.WriteFile(tlsOptions.CertFile, testcerts.RotatedCert, 0o644); err != nil { // nolint: vetshadow
		t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.CertFile, err)
	}
	if err := os.WriteFile(tlsOptions.KeyFile, testcerts.RotatedKey, 0o644); err != nil { // nolint: vetshadow
		t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.KeyFile, err)
	}

	g := NewWithT(t)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 23.1K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/nodeagent/caclient/providers/citadel/client_test.go 

    		addr := serve(t, server, tlsOptions(t))
		opts := &security.Options{
			CAEndpoint:  addr,
			CredFetcher: plugin.CreateTokenPlugin("testdata/token"),
			ProvCert:    certDir,
		}
		rootCert := path.Join(certDir, constants.RootCertFilename)
		key := path.Join(certDir, constants.KeyFilename)
		cert := path.Join(certDir, constants.CertChainFilename)
		tlsOpts := &TLSOptions{
			RootCert: rootCert,
			Key:      key,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Apr 24 21:03:23 UTC 2024
    - 11.8K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/bootstrap/server.go 

    func hasCustomTLSCerts(tlsOptions TLSOptions) (ok bool, tlsCertPath, tlsKeyPath, caCertPath string) {
	// load from tls args as priority
	if hasCustomTLSCertArgs(tlsOptions) {
		return true, tlsOptions.CertFile, tlsOptions.KeyFile, tlsOptions.CaCertFile
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 46.3K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    pkg/kubelet/server/server.go 

    		WriteTimeout:   4 * 60 * time.Minute,
		MaxHeaderBytes: 1 << 20,
	}

	if tlsOptions != nil {
		s.TLSConfig = tlsOptions.Config
		// Passing empty strings as the cert and key files means no
		// cert/keys are specified and GetCertificate in the TLSConfig
		// should be called instead.
		if err := s.ListenAndServeTLS(tlsOptions.CertFile, tlsOptions.KeyFile); err != nil {
			klog.ErrorS(err, "Failed to listen and serve")
			os.Exit(1)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Jun 04 06:25:43 UTC 2024
    - 40.1K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pkg/istio-agent/agent_test.go 

    	meta.Namespace = "fake-namespace"
	meta.ServiceAccount = "fake-sa"
	meta.ProxyConfig = pc
	return meta
}

func setupCa(t *testing.T, auth *security.FakeAuthenticator) *mock.CAServer {
	t.Helper()
	opt := tlsOptions(t)
	s, err := mock.NewCAServerWithKeyCert(0,
		testutil.ReadFile(t, filepath.Join(env.IstioSrc, "./tests/testdata/certs/pilot/ca-key.pem")),
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 16 22:12:28 UTC 2024
    - 33.4K bytes
    - Viewed (0)
  8. github.com/istio/istio

    pkg/istio-agent/xds_proxy.go 

    func (p *XdsProxy) getTLSOptions(agent *Agent) (*istiogrpc.TLSOptions, error) {
	if agent.proxyConfig.ControlPlaneAuthPolicy == meshconfig.AuthenticationPolicy_NONE {
		return nil, nil
	}
	xdsCACertPath, err := agent.FindRootCAForXDS()
	if err != nil {
		return nil, fmt.Errorf("failed to find root CA cert for XDS: %v", err)
	}
	key, cert := agent.GetKeyCertsForXDS()
	return &istiogrpc.TLSOptions{
		RootCert:      xdsCACertPath,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 16 22:12:28 UTC 2024
    - 27.9K bytes
    - Viewed (0)
  9. github.com/istio/istio

    pilot/pkg/networking/core/listener_inbound.go 

    	// exact, just best effort optimization
	filterChains := make([]*listener.FilterChain, 0, 1+5)
	filterChains = append(filterChains, buildInboundBlackhole(lb))

	mtlsOptions := lb.authnBuilder.ForPassthrough()
	for _, mtls := range mtlsOptions {
		cc := inboundChainConfig{
			port: model.ServiceInstancePort{
				ServicePort: &model.Port{
					Name: model.VirtualInboundListenerName,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 01:56:28 UTC 2024
    - 35.1K bytes
    - Viewed (0)
  10. github.com/istio/istio

    pilot/pkg/config/kube/gateway/conversion_test.go 

    			name: "reference-policy-tcp",
			validationIgnorer: crdvalidation.NewValidationIgnorer(
				"istio-system/^not-allowed-echo-",
			),
		},
		{name: "serviceentry"},
		{name: "eastwest"},
		{name: "eastwest-tlsoption"},
		{name: "eastwest-labelport"},
		{name: "eastwest-remote"},
		{name: "alias"},
		{name: "mcs"},
		{name: "route-precedence"},
		{name: "waypoint"},
		{name: "isolation"},
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 08 20:24:52 UTC 2024
    - 34.9K bytes
    - Viewed (0)
Back to top