- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 20 for tlsOptions (0.4 sec)
-
pilot/pkg/bootstrap/certcontroller.go
func (s *Server) initFileCertificateWatches(tlsOptions TLSOptions) error { if err := s.istiodCertBundleWatcher.SetFromFilesAndNotify(tlsOptions.KeyFile, tlsOptions.CertFile, tlsOptions.CaCertFile); err != nil { return fmt.Errorf("set keyCertBundle failed: %v", err) } // TODO: Setup watcher for root and restart server if it changes. for _, file := range []string{tlsOptions.CertFile, tlsOptions.KeyFile} {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 11.3K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/providers/citadel/client.go
type CitadelClient struct { // It means enable tls connection to Citadel if this is not nil. tlsOpts *TLSOptions client pb.IstioCertificateServiceClient conn *grpc.ClientConn provider credentials.PerRPCCredentials opts *security.Options } type TLSOptions struct { RootCert string Key string Cert string } // NewCitadelClient create a CA client for Citadel.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 4.9K bytes - Viewed (0) -
pilot/pkg/bootstrap/server_test.go
} // Update cert/key files. if err := os.WriteFile(tlsOptions.CertFile, testcerts.RotatedCert, 0o644); err != nil { // nolint: vetshadow t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.CertFile, err) } if err := os.WriteFile(tlsOptions.KeyFile, testcerts.RotatedKey, 0o644); err != nil { // nolint: vetshadow t.Fatalf("WriteFile(%v) failed: %v", tlsOptions.KeyFile, err) } g := NewWithT(t)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 23.1K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/providers/citadel/client_test.go
addr := serve(t, server, tlsOptions(t)) opts := &security.Options{ CAEndpoint: addr, CredFetcher: plugin.CreateTokenPlugin("testdata/token"), ProvCert: certDir, } rootCert := path.Join(certDir, constants.RootCertFilename) key := path.Join(certDir, constants.KeyFilename) cert := path.Join(certDir, constants.CertChainFilename) tlsOpts := &TLSOptions{ RootCert: rootCert, Key: key,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 24 21:03:23 UTC 2024 - 11.8K bytes - Viewed (0) -
pilot/pkg/bootstrap/options.go
// Optional TLS configuration TLSOptions TLSOptions // The listening address for secured gRPC. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0") // a port number is automatically chosen. SecureGRPCAddr string } type InjectionOptions struct { // Directory of injection related config files. InjectionDirectory string } // TLSOptions is optional TLS parameters for Istiod server.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 6.1K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
func hasCustomTLSCerts(tlsOptions TLSOptions) (ok bool, tlsCertPath, tlsKeyPath, caCertPath string) { // load from tls args as priority if hasCustomTLSCertArgs(tlsOptions) { return true, tlsOptions.CertFile, tlsOptions.KeyFile, tlsOptions.CaCertFile }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pilot/cmd/pilot-discovery/app/cmd.go
c.PersistentFlags().StringVar(&serverArgs.ServerOptions.TLSOptions.CaCertFile, "caCertFile", "", "File containing the x509 Server CA Certificate") c.PersistentFlags().StringVar(&serverArgs.ServerOptions.TLSOptions.CertFile, "tlsCertFile", "", "File containing the x509 Server Certificate") c.PersistentFlags().StringVar(&serverArgs.ServerOptions.TLSOptions.KeyFile, "tlsKeyFile", "",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Apr 12 16:44:32 UTC 2024 - 8.5K bytes - Viewed (0) -
pilot/pkg/grpc/tls.go
sec_model "istio.io/istio/pkg/model" "istio.io/istio/security/pkg/pki/util" ) // TLSOptions include TLS options that a grpc client uses to connect with server. type TLSOptions struct { RootCert string Key string Cert string ServerAddress string SAN string } func getTLSDialOption(opts *TLSOptions) (grpc.DialOption, error) { rootCert, err := getRootCertificate(opts.RootCert)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 2.9K bytes - Viewed (0) -
pkg/istio-agent/plugins.go
// Using citadel CA var tlsOpts *citadel.TLSOptions var err error // Special case: if Istiod runs on a secure network, on the default port, don't use TLS // TODO: may add extra cases or explicit settings - but this is a rare use cases, mostly debugging if strings.HasSuffix(opts.CAEndpoint, ":15010") { log.Warn("Debug mode or IP-secure network") } else { tlsOpts = &citadel.TLSOptions{} tlsOpts.RootCert, err = a.FindRootCAForCA()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat May 11 03:32:57 UTC 2024 - 2.7K bytes - Viewed (0) -
pilot/pkg/bootstrap/webhook.go
return } tlsConfig := &tls.Config{ GetCertificate: s.getIstiodCertificate, MinVersion: tls.VersionTLS12, CipherSuites: args.ServerOptions.TLSOptions.CipherSuits, } // Compliance for control plane validation and injection webhook server. sec_model.EnforceGoCompliance(tlsConfig) istiolog.Info("initializing secure webhook server for istiod webhooks")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jun 11 17:37:53 UTC 2024 - 2.7K bytes - Viewed (0)