- Sort Score
- Result 10 results
- Languages All
Results 31 - 40 of 201 for audiences (0.51 sec)
-
pilot/pkg/bootstrap/istio_ca.go
// This value can also be extracted from the mounted token trustedIssuer = env.Register("TOKEN_ISSUER", "", "OIDC token issuer. If set, will be used to check the tokens.") audience = env.Register("AUDIENCE", "", "Expected audience in the tokens. ") caRSAKeySize = env.Register("CITADEL_SELF_SIGNED_CA_RSA_KEY_SIZE", 2048, "Specify the RSA key size to use for self-signed Istio CA certificates.")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
fi if [[ -n "${SERVICE_CLUSTER_IP_RANGE:-}" ]]; then params+=" --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}" fi params+=" --service-account-issuer=${SERVICEACCOUNT_ISSUER}" params+=" --api-audiences=${SERVICEACCOUNT_ISSUER}" params+=" --service-account-signing-key-file=${SERVICEACCOUNT_KEY_PATH}" local audit_policy_config_mount="" local audit_policy_config_volume="" local audit_webhook_config_mount=""
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
tests/integration/security/authz_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 50.1K bytes - Viewed (0) -
istioctl/pkg/workload/workload.go
// ObjectMeta isn't required in real k8s, but needed for tests ObjectMeta: metav1.ObjectMeta{ Name: serviceAccount, Namespace: wg.Namespace, }, Spec: authenticationv1.TokenRequestSpec{ Audiences: []string{"istio-ca"}, ExpirationSeconds: &tokenDuration, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 25.5K bytes - Viewed (0) -
pkg/printers/internalversion/printers.go
} row.Cells = append(row.Cells, storageCapacity) tokenRequests := "<unset>" if obj.Spec.TokenRequests != nil { audiences := []string{} for _, t := range obj.Spec.TokenRequests { audiences = append(audiences, t.Audience) } tokenRequests = strings.Join(audiences, ",") } requiresRepublish := false if obj.Spec.RequiresRepublish != nil { requiresRepublish = *obj.Spec.RequiresRepublish
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 11 14:04:15 UTC 2024 - 128.3K bytes - Viewed (0) -
staging/src/k8s.io/api/storage/v1/types.go
type VolumeLifecycleMode string // TokenRequest contains parameters of a service account token. type TokenRequest struct { // audience is the intended audience of the token in "TokenRequestSpec". // It will default to the audiences of kube apiserver. Audience string `json:"audience" protobuf:"bytes,1,opt,name=audience"` // expirationSeconds is the duration of validity of the token in "TokenRequestSpec".
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 23 17:42:49 UTC 2024 - 32K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.30.md
- Added audienceMatchPolicy field to AuthenticationConfiguration and support for configuring multiple audiences. The "audienceMatchPolicy" can be empty (or unset) when a single audience is specified in the "audiences" field. The "audienceMatchPolicy" must be set to "MatchAny" when multiple audiences are specified in the "audiences" field. ([#123165](https://github.com/kubernetes/kubernetes/pull/123165), [@aramase](https://github.com/aramase))
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 04:05:28 UTC 2024 - 253.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
DisableHTTP2 bool } type AuthenticationInfo struct { // APIAudiences is a list of identifier that the API identifies as. This is // used by some authenticators to validate audience bound credentials. APIAudiences authenticator.Audiences // Authenticator determines which subject is making the request Authenticator authenticator.Request RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
// JWTRule is from the JWT_RULE environment variable. // An example of json string for JWTRule is: // `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`. jwtRule := &v1beta1.JWTRule{} err := json.Unmarshal([]byte(args.JwtRule), jwtRule) if err != nil { return nil, fmt.Errorf("failed to unmarshal JWT rule: %v", err) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
plugin/pkg/admission/noderestriction/admission_test.go
return eviction } func makeTokenRequest(podname string, poduid types.UID) *authenticationapi.TokenRequest { tr := &authenticationapi.TokenRequest{ Spec: authenticationapi.TokenRequestSpec{ Audiences: []string{"foo"}, }, } if podname != "" { tr.Spec.BoundObjectRef = &authenticationapi.BoundObjectReference{ Kind: "Pod", APIVersion: "v1", Name: podname, UID: poduid,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 73.2K bytes - Viewed (0)