- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 36 for OUTPUT_CERTS (0.33 sec)
-
tools/packaging/common/istio-start.sh
fi # CA_ADDR > PILOT_ADDRESS > ISTIO_PILOT_PORT CA_ADDR=${CA_ADDR:-${CUSTOM_PILOT_ADDRESS:-${DEFAULT_PILOT_ADDRESS}}} PROV_CERT=${PROV_CERT-./etc/certs} OUTPUT_CERTS=${OUTPUT_CERTS-./etc/certs} export PROV_CERT export OUTPUT_CERTS export CA_ADDR # If predefined ISTIO_AGENT_FLAGS is null, make it an empty string. ISTIO_AGENT_FLAGS=${ISTIO_AGENT_FLAGS:-} # Split ISTIO_AGENT_FLAGS by spaces.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 06 22:16:26 UTC 2024 - 5.4K bytes - Viewed (0) -
tools/packaging/common/sidecar.env
# environment variable. If the value is different from PROV_CERTS the workload certs will be saved, but # the provisioning cert will remain under control of the VM provisioning tools. # OUTPUT_CERTS=/var/run/secrets/istio # OUTPUT_CERTS=/etc/certs # Address of the CA. The CA must implement the Istio protocol, accepting the provisioning certificate
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 31 18:02:42 UTC 2022 - 4.7K bytes - Viewed (0) -
architecture/security/istio-agent.md
a certificate. This can be handled in various ways: * `GenerateSecret` may additionally write any signed certificates to disk, with `OUTPUT_CERTS` configured. * Users may have external CA setups that pre-configure certificates. * The CaClient can use JWT token for the initial setup, then switch to mTLS certificates. Note that `OUTPUT_CERTS` can be used to refresh certificates using previously provisioned certificates, by configuring
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Aug 22 16:45:50 UTC 2023 - 7.2K bytes - Viewed (0) -
pkg/kube/inject/testdata/inject/grpc-agent.yaml.injected
- --proxyLogLevel=warning - --proxyComponentLogLevel=misc:error - --log_output_level=default:info env: - name: ISTIO_META_GENERATOR value: grpc - name: OUTPUT_CERTS value: /var/lib/istio/data - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod.istio-system.svc:15012 - name: POD_NAME valueFrom:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 5.6K bytes - Viewed (0) -
tests/integration/telemetry/api/setup_test.go
e.Subsets[0].Annotations[annotation.SidecarStatsHistogramBuckets.Name] = customBuckets } e.Subsets[0].Annotations[annotation.ProxyConfig.Name] = proxyMetadata } proxyMd := `{"proxyMetadata": {"OUTPUT_CERTS": "/etc/certs/custom"}}` prom := echo.Config{ // mock prom instance is used to mock a prometheus server, which will visit other echo instance /metrics // endpoint with proxy provisioned certs. Service: "mock-prom",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 4.7K bytes - Viewed (0) -
pkg/test/framework/components/echo/kube/templates/vm_deployment.yaml
fi echo "istiod host ok" # read certs from correct directory sudo sh -c 'echo PROV_CERT=/var/run/secrets/istio >> /var/lib/istio/envoy/cluster.env' sudo sh -c 'echo OUTPUT_CERTS=/var/run/secrets/istio >> /var/lib/istio/envoy/cluster.env' # This looks weird but Kubernetes escapes $$ to $; we want double dollar sign for current PID pid="$$$$"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 19:29:42 UTC 2024 - 8K bytes - Viewed (0) -
pilot/cmd/pilot-agent/options/options.go
// set to "SYSTEM" for ACME/public signed CA servers. caRootCA = env.Register("CA_ROOT_CA", "", "Explicitly set the root CA to expect for the CA connection.").Get() outputKeyCertToDir = env.Register("OUTPUT_CERTS", "", "The output directory for the key and certificate. If empty, key and certificate will not be saved. "+ "Must be set for VMs using provisioning certificates.").Get()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jan 09 19:21:50 UTC 2024 - 8.1K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml
exec: command: - pilot-agent - wait - --url=http://localhost:15020/healthz/ready env: - name: ISTIO_META_GENERATOR value: grpc - name: OUTPUT_CERTS value: /var/lib/istio/data {{- if eq .InboundTrafficPolicyMode "localhost" }} - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION value: "true" {{- end }} - name: PILOT_CERT_PROVIDER
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Apr 26 16:51:17 UTC 2024 - 12.1K bytes - Viewed (0) -
security/pkg/nodeagent/sds/sdsservice.go
} ret.rootCaPath = options.CARootPath if options.FileMountedCerts { return ret } // Pre-generate workload certificates to improve startup latency and ensure that for OUTPUT_CERTS // case we always write a certificate. A workload can technically run without any mTLS/CA // configured, in which case this will fail; if it becomes noisy we should disable the entire SDS // server in these cases.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat May 25 00:20:04 UTC 2024 - 10.9K bytes - Viewed (0) -
operator/cmd/mesh/testdata/manifest-generate/output/sidecar_template.golden.yaml
- wait - --url=http://localhost:15020/healthz/ready env: - name: ISTIO_META_GENERATOR value: grpc - name: OUTPUT_CERTS value: /var/lib/istio/data {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }} - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION value: "true"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 10 05:10:03 UTC 2024 - 86.9K bytes - Viewed (0)