- Sort Score
- Result 10 results
- Languages All
Results 1 - 6 of 6 for spiffe (0.17 sec)
-
pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
return &security.StringMatch{MatchType: &security.StringMatch_Exact{ Exact: strings.TrimPrefix(spiffe.MustGenSpiffeURI(meshCfg.MeshConfig, waypoint.Namespace, sa), spiffe.URIPrefix), }} }), }, }, }, }, }}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pkg/security/security.go
CAEndpointSAN string // The CA provider name. CAProviderName string // TrustDomain corresponds to the trust root of a system. // https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain TrustDomain string // WorkloadRSAKeySize is the size of a private key for a workload certificate. WorkloadRSAKeySize int // Whether to generate PKCS#8 private keys.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
log.Infof("Discover server subject alt names: %v", dnsNames) return dnsNames } // createPeerCertVerifier creates a SPIFFE certificate verifier with the current istiod configuration. func (s *Server) createPeerCertVerifier(tlsOptions TLSOptions, trustDomain string) (*spiffe.PeerCertVerifier, error) { customTLSCertsExists, _, _, caCertPath := hasCustomTLSCerts(tlsOptions)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pilot/pkg/simulation/traffic.go
sim.t.Fatal(err) } if len(t.GetCommonTlsContext().GetTlsCertificateSdsSecretConfigs()) == 0 { return false } // This is a lazy heuristic, we could check for explicit default resource or spiffe if it becomes necessary if t.GetCommonTlsContext().GetTlsCertificateSdsSecretConfigs()[0].Name != mTLSSecretConfigName { return false } if !t.RequireClientCertificate.Value { return false } return true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
"istio.io/istio/security/pkg/server/ca/authenticate" "istio.io/istio/security/pkg/util" ) type caOptions struct { ExternalCAType ra.CaExternalType ExternalCASigner string // domain to use in SPIFFE identity URLs TrustDomain string Namespace string Authenticators []security.Authenticator CertSignerDomain string }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_waypoint.go
httpName := name + "-http" httpChain := &listener.FilterChain{ Filters: lb.buildWaypointInboundHTTPFilters(svc, cc), Name: httpName, } if port.Protocol.IsUnsupported() { // If we need to sniff, insert two chains and the protocol detector chains = append(chains, tcpChain, httpChain) portMapper.Map[portString] = match.ToMatcher(match.NewAppProtocol(match.ProtocolMatch{ TCP: match.ToChain(tcpName),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 27.6K bytes - Viewed (0)