- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 324 for serviceAccounts (0.59 sec)
-
pkg/controlplane/apiserver/options/options.go
if completed.Authentication.ServiceAccounts.MaxExpiration < lowBound || completed.Authentication.ServiceAccounts.MaxExpiration > upBound { return CompletedOptions{}, fmt.Errorf("the service-account-max-token-expiration must be between 1 hour and 2^32 seconds") } if completed.Authentication.ServiceAccounts.ExtendExpiration {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Apr 27 12:19:56 UTC 2024 - 15.4K bytes - Viewed (0) -
pkg/controller/serviceaccount/serviceaccounts_controller.go
type ServiceAccountsControllerOptions struct { // ServiceAccounts is the list of service accounts to ensure exist in every namespace ServiceAccounts []v1.ServiceAccount // ServiceAccountResync is the interval between full resyncs of ServiceAccounts. // If non-zero, all service accounts will be re-listed this often.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat May 04 18:33:12 UTC 2024 - 7.5K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/waypoints.go
// waypoint. Must be one of "all", "service", "workload". TrafficType string // ServiceAccounts from instances of the waypoint. // This only handles Pods. If we wish to support non-pod waypoints, we'll // want to index ServiceEntry/WorkloadEntry or possibly allow specifying // the ServiceAccounts directly on a Gateway resource. ServiceAccounts []string }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 18:02:28 UTC 2024 - 11.1K bytes - Viewed (0) -
pilot/pkg/model/endpointshards.go
oldServiceAccount := shards.ServiceAccounts serviceAccounts := sets.String{} for _, epShards := range shards.Shards { for _, ep := range epShards { if ep.ServiceAccount != "" { serviceAccounts.Insert(ep.ServiceAccount) } } } if !oldServiceAccount.Equals(serviceAccounts) { shards.ServiceAccounts = serviceAccounts
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 15.6K bytes - Viewed (0) -
pkg/controller/serviceaccount/tokens_controller.go
if serviceAccount, ok := obj.(*v1.ServiceAccount); ok { e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) } } func (e *TokensController) queueServiceAccountUpdateSync(oldObj interface{}, newObj interface{}) { if serviceAccount, ok := newObj.(*v1.ServiceAccount); ok { e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat May 04 18:33:12 UTC 2024 - 20.5K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/conversion.go
for _, port := range svc.Spec.Ports { ports = append(ports, convertPort(port)) } var exportTo sets.Set[visibility.Instance] serviceaccounts := make([]string, 0) if svc.Annotations[annotation.AlphaCanonicalServiceAccounts.Name] != "" { serviceaccounts = append(serviceaccounts, strings.Split(svc.Annotations[annotation.AlphaCanonicalServiceAccounts.Name], ",")...) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 9.4K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_cache.go
service: service, destinationRule: dr, envoyFilterKeys: efKeys, metadataCerts: cb.metadataCerts, peerAuthVersion: cb.req.Push.AuthnPolicies.GetVersion(), serviceAccounts: cb.req.Push.ServiceAccounts(service.Hostname, service.Attributes.Namespace), endpointBuilder: eb, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 6.1K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
}, krt.WithName("Policies")) return AuthzDerivedPolicies, Policies } func implicitWaypointPolicyName(waypoint *Waypoint) string { if !features.DefaultAllowFromWaypoint || waypoint == nil || len(waypoint.ServiceAccounts) == 0 { return "" } // use '_' character since those are illegal in k8s names return "istio_allow_waypoint_" + waypoint.Namespace + "_" + waypoint.Name }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
} // For backward compatibility, use metadata certs if provided. if cb.hasMetadataCerts() { return cb.buildMutualTLS(serviceAccounts, sni), autoDetected } // Build settings for auto MTLS. return cb.buildIstioMutualTLS(serviceAccounts, sni), autoDetected } func (cb *ClusterBuilder) hasMetadataCerts() bool { return cb.metadataCerts != nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
pkg/kubeapiserver/options/authentication_test.go
testAuthenticationConfigFile string expectErr string enabledFeatures, disabledFeatures []featuregate.Feature }{ { name: "test when OIDC and ServiceAccounts are nil", }, { name: "test when OIDC and ServiceAccounts are valid", testOIDC: &OIDCAuthenticationOptions{ UsernameClaim: "sub", SigningAlgs: []string{"RS256"}, IssuerURL: "https://testIssuerURL",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 36.5K bytes - Viewed (0)