- Sort Score
- Result 10 results
- Languages All
Results 1 - 8 of 8 for CertSigner (0.39 sec)
-
security/pkg/pki/ra/k8s_ra.go
requestedLifetime time.Duration, ) ([]byte, error) { certSignerDomain := r.certSignerDomain if certSignerDomain == "" && certSigner != "" { return nil, raerror.NewError(raerror.CertGenError, fmt.Errorf("certSignerDomain is required for signer %s", certSigner)) } if certSignerDomain != "" && certSigner != "" { certSigner = certSignerDomain + "/" + certSigner } else {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Aug 02 14:34:38 UTC 2023 - 7.2K bytes - Viewed (0) -
security/pkg/server/ca/server.go
certSigner := crMetadata[security.CertSigner].GetStringValue() _, _, certChainBytes, rootCertBytes := s.ca.GetCAKeyCertBundle().GetAll() certOpts := ca.CertOpts{ SubjectIDs: sans, TTL: time.Duration(request.ValidityDuration) * time.Second, ForCA: false, CertSigner: certSigner, } var signErr error var cert []byte
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 28 17:35:26 UTC 2024 - 8K bytes - Viewed (0) -
pilot/cmd/pilot-agent/options/security.go
FileDebounceDuration: fileDebounceDuration, SecretRotationGracePeriodRatio: secretRotationGracePeriodRatioEnv, STSPort: stsPort, CertSigner: certSigner.Get(), CARootPath: cafile.CACertFilePath, CertChainFilePath: security.DefaultCertChainFilePath, KeyFilePath: security.DefaultKeyFilePath,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 4.7K bytes - Viewed (0) -
security/pkg/nodeagent/caclient/providers/citadel/client.go
func (c *CitadelClient) CSRSign(csrPEM []byte, certValidTTLInSec int64) (res []string, err error) { crMetaStruct := &structpb.Struct{ Fields: map[string]*structpb.Value{ security.CertSigner: { Kind: &structpb.Value_StringValue{StringValue: c.opts.CertSigner}, }, }, } req := &pb.IstioCertificateRequest{ Csr: string(csrPEM), ValidityDuration: certValidTTLInSec, Metadata: crMetaStruct, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 4.9K bytes - Viewed (0) -
pilot/cmd/pilot-agent/options/options.go
disableEnvoyEnv = env.Register("DISABLE_ENVOY", false, "Disables all Envoy agent features.").Get() // certSigner is cert signer for workload cert certSigner = env.Register("ISTIO_META_CERT_SIGNER", "", "The cert signer info for workload cert") istiodSAN = env.Register("ISTIOD_SAN", "",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jan 09 19:21:50 UTC 2024 - 8.1K bytes - Viewed (0) -
pkg/security/security.go
"The token is accepted if it matches with one of the audiences").Get(), ",") ) const ( BearerTokenPrefix = "Bearer " K8sTokenPrefix = "Istio " // CertSigner info CertSigner = "CertSigner" // ImpersonatedIdentity declares the identity we are requesting a certificate on behalf of. // This is constrained to only allow identities in CATrustedNodeAccounts, and only to impersonate identities
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
security/pkg/pki/ra/k8s_ra_test.go
certOptions := ca.CertOpts{ SubjectIDs: []string{subjectID}, TTL: 60 * time.Second, ForCA: false, CertSigner: "kube-apiserver-client", } _, err = ra.SignWithCertChain(csrPEM, certOptions) if (tc.expectedFail && err == nil) || (!tc.expectedFail && err != nil) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Sep 27 00:44:54 UTC 2023 - 9.7K bytes - Viewed (0) -
security/pkg/pki/ca/ca.go
TTL time.Duration // ForCA indicates whether the signed certificate if for CA. // If true, the signed certificate is a CA certificate, otherwise, it is a workload certificate. ForCA bool // Cert Signer info CertSigner string } const ( // selfSignedCA means the Istio CA uses a self signed certificate. selfSignedCA caTypes = iota // pluggedCertCA means the Istio CA uses a operator-specified key/cert. pluggedCertCA )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Nov 30 19:33:26 UTC 2023 - 17.2K bytes - Viewed (0)