Search Options

Results per page
Sort
Preferred Languages
Advance

Results 31 - 36 of 36 for tokenreview (0.53 sec)

  2. github.com/istio/istio

    manifests/charts/istio-control/istio-discovery/templates/clusterrole.yaml 

    {{- range .Values.global.certSigners }}
    - {{ . | quote }}
{{- end }}
    verbs: ["approve"]
{{- end}}

  # Used by Istiod to verify the JWT tokens
  - apiGroups: ["authentication.k8s.io"]
    resources: ["tokenreviews"]
    verbs: ["create"]

  # Used by Istiod to verify gateway SDS
  - apiGroups: ["authorization.k8s.io"]
    resources: ["subjectaccessreviews"]
    verbs: ["create"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 12 16:44:32 UTC 2024
    - 5.7K bytes
    - Viewed (0)
  3. github.com/istio/istio

    samples/addons/kiali.yaml 

      resources:
  - projects
  verbs:
  - get
- apiGroups: ["route.openshift.io"]
  resources:
  - routes
  verbs:
  - get
- apiGroups: ["authentication.k8s.io"]
  resources:
  - tokenreviews
  verbs:
  - create
- apiGroups: ["oauth.openshift.io"]
  resources:
  - oauthclients
  resourceNames:
  - kiali-istio-system
  verbs:
  - get
...
---
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Jun 12 18:57:35 UTC 2024
    - 10.6K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json 

    identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated...
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Feb 20 15:45:02 UTC 2024
    - 4.5M bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/kubelet/apis/config/types.go 

    	ClientCAFile string
}

// KubeletWebhookAuthentication contains settings related to webhook authentication
type KubeletWebhookAuthentication struct {
	// enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API
	Enabled bool
	// cacheTTL enables caching of authentication results
	CacheTTL metav1.Duration
}

// KubeletAnonymousAuthentication enables anonymous requests to the kubelet server.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Mar 05 21:10:42 UTC 2024
    - 35.1K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    cluster/gce/gci/configure-helper.sh 

          - "RequestReceived"

  # Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,
  # so only log at the Metadata level.
  - level: Metadata
    resources:
      - group: "" # core
        resources: ["secrets", "configmaps", "serviceaccounts/token"]
      - group: authentication.k8s.io
        resources: ["tokenreviews"]
    omitStages:
      - "RequestReceived"
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Jun 10 22:07:47 UTC 2024
    - 141.1K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    api/openapi-spec/v3/api__v1_openapi.json 

                  }
            ],
            "description": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation."
          },
          "expirationSeconds": {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 1.8M bytes
    - Viewed (0)
Back to top