- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 15 for spiffe (0.13 sec)
-
pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
return &security.StringMatch{MatchType: &security.StringMatch_Exact{ Exact: strings.TrimPrefix(spiffe.MustGenSpiffeURI(meshCfg.MeshConfig, waypoint.Namespace, sa), spiffe.URIPrefix), }} }), }, }, }, }, }}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pkg/security/security.go
CAEndpointSAN string // The CA provider name. CAProviderName string // TrustDomain corresponds to the trust root of a system. // https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain TrustDomain string // WorkloadRSAKeySize is the size of a private key for a workload certificate. WorkloadRSAKeySize int // Whether to generate PKCS#8 private keys.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pkg/workloadapi/workload.proto
string network = 4; // Protocol that should be used to connect to this workload. TunnelProtocol tunnel_protocol = 5; // The SPIFFE identity of the workload. The identity is joined to form spiffe://<trust_domain>/ns/<namespace>/sa/<service_account>. // TrustDomain of the workload. May be elided if this is the mesh wide default (typically cluster.local) string trust_domain = 6;
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 18:02:35 UTC 2024 - 12.9K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
log.Infof("Discover server subject alt names: %v", dnsNames) return dnsNames } // createPeerCertVerifier creates a SPIFFE certificate verifier with the current istiod configuration. func (s *Server) createPeerCertVerifier(tlsOptions TLSOptions, trustDomain string) (*spiffe.PeerCertVerifier, error) { customTLSCertsExists, _, _, caCertPath := hasCustomTLSCerts(tlsOptions)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
tests/integration/telemetry/api/dashboard_test.go
"istio-workload-dashboard.json", []string{ "istio_tcp_", // there is no non-mtls traffic generated so the test flakes for the split query on // "Outgoing Requests By Destination And Response Code" "spiffe.*", }, false, }, { "istio-grafana-dashboards", "istio-performance-dashboard.json", []string{ // cAdvisor does not expose this metrics, and we don't have kubelet in kind
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 20:46:28 UTC 2024 - 11.4K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
"destination_principal": "spiffe://" + dst.Config().ServiceAccountName(), "destination_version": dst.Config().Version, "destination_workload": deployName(dst), "destination_workload_namespace": destns, "source_canonical_service": src.ServiceName(), "source_canonical_revision": src.Config().Version, "source_principal": "spiffe://" + src.Config().ServiceAccountName(),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pilot/pkg/simulation/traffic.go
sim.t.Fatal(err) } if len(t.GetCommonTlsContext().GetTlsCertificateSdsSecretConfigs()) == 0 { return false } // This is a lazy heuristic, we could check for explicit default resource or spiffe if it becomes necessary if t.GetCommonTlsContext().GetTlsCertificateSdsSecretConfigs()[0].Name != mTLSSecretConfigName { return false } if !t.RequireClientCertificate.Value { return false } return true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
"istio.io/istio/security/pkg/server/ca/authenticate" "istio.io/istio/security/pkg/util" ) type caOptions struct { ExternalCAType ra.CaExternalType ExternalCASigner string // domain to use in SPIFFE identity URLs TrustDomain string Namespace string Authenticators []security.Authenticator CertSignerDomain string }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
pkg/workloadapi/workload.pb.go
TunnelProtocol TunnelProtocol `protobuf:"varint,5,opt,name=tunnel_protocol,json=tunnelProtocol,proto3,enum=istio.workload.TunnelProtocol" json:"tunnel_protocol,omitempty"` // The SPIFFE identity of the workload. The identity is joined to form spiffe://<trust_domain>/ns/<namespace>/sa/<service_account>. // TrustDomain of the workload. May be elided if this is the mesh wide default (typically cluster.local)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 18:02:35 UTC 2024 - 65.9K bytes - Viewed (0) -
samples/addons/grafana.yaml
source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 20:46:28 UTC 2024 - 242.3K bytes - Viewed (0)