Search Options

Results per page
Sort
Preferred Languages
Advance

Results 11 - 20 of 424 for serviceAccounts (0.2 sec)

  2. github.com/istio/istio

    pilot/pkg/networking/core/cluster_tls.go 

    	}

	// For backward compatibility, use metadata certs if provided.
	if cb.hasMetadataCerts() {
		return cb.buildMutualTLS(serviceAccounts, sni), autoDetected
	}

	// Build settings for auto MTLS.
	return cb.buildIstioMutualTLS(serviceAccounts, sni), autoDetected
}

func (cb *ClusterBuilder) hasMetadataCerts() bool {
	return cb.metadataCerts != nil
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Apr 18 19:09:43 UTC 2024
    - 19.2K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/kubeapiserver/options/authentication_test.go 

    		testAuthenticationConfigFile      string
		expectErr                         string
		enabledFeatures, disabledFeatures []featuregate.Feature
	}{
		{
			name: "test when OIDC and ServiceAccounts are nil",
		},
		{
			name: "test when OIDC and ServiceAccounts are valid",
			testOIDC: &OIDCAuthenticationOptions{
				UsernameClaim:      "sub",
				SigningAlgs:        []string{"RS256"},
				IssuerURL:          "https://testIssuerURL",
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 36.5K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    plugin/pkg/admission/serviceaccount/admission_test.go 

    	admit.SetExternalKubeInformerFactory(informerFactory)
	admit.MountServiceAccountToken = true

	// Add the default service account for the ns into the cache
	informerFactory.Core().V1().ServiceAccounts().Informer().GetStore().Add(&corev1.ServiceAccount{
		ObjectMeta: metav1.ObjectMeta{
			Name:      DefaultServiceAccountName,
			Namespace: ns,
		},
	})

	v1PodIn := &corev1.Pod{
		Spec: corev1.PodSpec{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Apr 12 17:49:30 UTC 2024
    - 36.9K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go 

    		}
	}

	// Create the service account
	sa, err = coreClient.ServiceAccounts(namespace).Create(context.TODO(), &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name}}, metav1.CreateOptions{})
	if apierrors.IsAlreadyExists(err) {
		// If we're racing to init and someone else already created it, re-fetch
		return coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
	}
	return sa, err
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Feb 05 10:24:31 UTC 2024
    - 8.1K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go 

    				rbacv1helpers.NewRule("delete").Groups(legacyGroup).Resources("secrets").RuleOrDie(),
				rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("namespaces", "secrets", "serviceaccounts", "configmaps").RuleOrDie(),
				rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("secrets", "serviceaccounts").RuleOrDie(),
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Mar 08 19:25:10 UTC 2024
    - 34.4K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pilot/pkg/serviceregistry/serviceentry/conversion.go 

    		Addresses: svc.GetAddresses(proxy),

		// This is based on alpha.istio.io/canonical-serviceaccounts and
		//  alpha.istio.io/kubernetes-serviceaccounts.
		SubjectAltNames: svc.ServiceAccounts,
	}

	if len(svc.Attributes.LabelSelectors) > 0 {
		se.WorkloadSelector = &networking.WorkloadSelector{Labels: svc.Attributes.LabelSelectors}
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 29 02:03:58 UTC 2024
    - 16.9K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/controlplane/apiserver/config.go 

    	for _, f := range opts.Authentication.ServiceAccounts.KeyFiles {
		keys, err := keyutil.PublicKeysFromFile(f)
		if err != nil {
			return nil, nil, fmt.Errorf("failed to parse key file %q: %w", f, err)
		}
		pubKeys = append(pubKeys, keys...)
	}
	config.ServiceAccountIssuerURL = opts.Authentication.ServiceAccounts.Issuers[0]
	config.ServiceAccountJWKSURI = opts.Authentication.ServiceAccounts.JWKSURI
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Jun 07 17:57:37 UTC 2024
    - 14.9K bytes
    - Viewed (0)
  9. github.com/istio/istio

    pilot/pkg/model/service.go 

    					Port:     port.Port,
					Protocol: port.Protocol,
				}
			} else {
				out.Ports[i] = nil
			}
		}
	}

	if s.ServiceAccounts != nil {
		out.ServiceAccounts = make([]string, len(s.ServiceAccounts))
		copy(out.ServiceAccounts, s.ServiceAccounts)
	}
	out.ClusterVIPs = *s.ClusterVIPs.DeepCopy()
	return &out
}

// Equals compares two service objects.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 29 02:03:58 UTC 2024
    - 46.3K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    plugin/pkg/admission/serviceaccount/admission.go 

    	return false
}

// getServiceAccount returns the ServiceAccount for the given namespace and name if it exists
func (s *Plugin) getServiceAccount(namespace string, name string) (*corev1.ServiceAccount, error) {
	serviceAccount, err := s.serviceAccountLister.ServiceAccounts(namespace).Get(name)
	if err == nil {
		return serviceAccount, nil
	}
	if !errors.IsNotFound(err) {
		return nil, err
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Apr 12 17:49:30 UTC 2024
    - 18.6K bytes
    - Viewed (0)
  11. github.com/istio/istio

    manifests/charts/istio-operator/templates/clusterrole.yaml 

      - ""
  resources:
  - configmaps
  - endpoints
  - events
  - namespaces
  - pods
  - pods/proxy
  - pods/portforward
  - persistentvolumeclaims
  - secrets
  - services
  - serviceaccounts
  - resourcequotas
  verbs:
  - '*'
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Apr 02 08:32:06 UTC 2024
    - 1.9K bytes
    - Viewed (0)
Back to top