- Sort Score
- Result 10 results
- Languages All
Results 1 - 8 of 8 for PROV_CERT (0.11 sec)
-
tools/packaging/common/istio-start.sh
fi # CA_ADDR > PILOT_ADDRESS > ISTIO_PILOT_PORT CA_ADDR=${CA_ADDR:-${CUSTOM_PILOT_ADDRESS:-${DEFAULT_PILOT_ADDRESS}}} PROV_CERT=${PROV_CERT-./etc/certs} OUTPUT_CERTS=${OUTPUT_CERTS-./etc/certs} export PROV_CERT export OUTPUT_CERTS export CA_ADDR # If predefined ISTIO_AGENT_FLAGS is null, make it an empty string. ISTIO_AGENT_FLAGS=${ISTIO_AGENT_FLAGS:-}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 06 22:16:26 UTC 2024 - 5.4K bytes - Viewed (0) -
tools/packaging/common/sidecar.env
# the expected SAN. Istio-agent will use it to connect to istiod and get fresh certificates. # PROV_CERT=/var/run/secrets/istio # Location to save the certificates from the CA. Setting this to the same location with PROV_CERT # allows rotation of the secrets. Users may also use longer-lived PROV_CERT, rotated under the control # of the provisioning tool.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 31 18:02:42 UTC 2022 - 4.7K bytes - Viewed (0) -
pilot/cmd/pilot-agent/options/security.go
security.GkeWorkloadCertChainFilePath, security.GkeWorkloadKeyFilePath, security.GkeWorkloadRootCertFilePath) } if o.ProvCert != "" { return nil, fmt.Errorf( "invalid options: PROV_CERT and FILE_MOUNTED_CERTS of GKE workload cert are mutually exclusive") } o.FileMountedCerts = true o.CertChainFilePath = security.GkeWorkloadCertChainFilePath o.KeyFilePath = security.GkeWorkloadKeyFilePath
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 4.7K bytes - Viewed (0) -
pkg/istio-agent/agent_test.go
}) t.Run("VMs provisioned certificates - short lived", func(t *testing.T) { // User has certificates pre-provisioned on the VM by some sort of tooling, pointed to by // PROV_CERT. These are used for mTLS auth with XDS and CA. Certificates are short lived, // OUTPUT_CERT = PROV_CERT. This is the same as "VMs", just skipping the initial // JWT exchange. dir := mktemp() copyCerts(t, dir) sds := Setup(t, func(a AgentTest) AgentTest {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 16 22:12:28 UTC 2024 - 33.4K bytes - Viewed (0) -
pkg/test/framework/components/echo/kube/templates/vm_deployment.yaml
echo "/var/run/secrets/istio/bootstrap/hosts: $ISTIOCTL_HOST" exit 1 fi echo "istiod host ok" # read certs from correct directory sudo sh -c 'echo PROV_CERT=/var/run/secrets/istio >> /var/lib/istio/envoy/cluster.env' sudo sh -c 'echo OUTPUT_CERTS=/var/run/secrets/istio >> /var/lib/istio/envoy/cluster.env'
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 19:29:42 UTC 2024 - 8K bytes - Viewed (0) -
pilot/cmd/pilot-agent/options/options.go
// May also be used in K8S to use a Secret to bootstrap (as a 'refresh key'), but use short-lived tokens // with extra SAN (labels, etc) in data path. provCert = env.Register("PROV_CERT", "", "Set to a directory containing provisioned certs, for VMs").Get() // set to "SYSTEM" for ACME/public signed XDS servers. xdsRootCA = env.Register("XDS_ROOT_CA", "",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jan 09 19:21:50 UTC 2024 - 8.1K bytes - Viewed (0) -
architecture/security/istio-agent.md
| Variable | Description | | - | - | |CA_ADDR|Address of CA, defaults to discoveryAddress| |CA_PROVIDER|Type of CA; supported values are GoogleCA or Citadel (although anything but GoogleCA will use Citadel); defaults to Citadel| |PROV_CERT|certificates to be used for mTLS communication with control plane only; NOT for workload mTLS|
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 22 16:45:50 UTC 2023 - 7.2K bytes - Viewed (0) -
pkg/istio-agent/agent.go
if fileExists(k8sCAIstioMountedPath) { rootCAPath = k8sCAIstioMountedPath } else { rootCAPath = k8sCAPath } } else if a.secOpts.ProvCert != "" { // This was never completely correct - PROV_CERT are only intended for auth with CA_ADDR, // and should not be involved in determining the root CA. // For VMs, the root cert file used to auth may be populated afterwards.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 05 10:02:56 UTC 2024 - 26.7K bytes - Viewed (0)