- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 49 for Citadel (0.12 sec)
-
pilot/pkg/grpc/tls.go
if strings.Contains(config.ServerName, "localhost") { config.ServerName = "istiod.istio-system.svc" } if opts.SAN != "" { config.ServerName = opts.SAN } // Compliance for all gRPC clients (e.g. Citadel).. sec_model.EnforceGoCompliance(&config) transportCreds := credentials.NewTLS(&config) return grpc.WithTransportCredentials(transportCreds), nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 2.9K bytes - Viewed (0) -
manifests/charts/gateways/istio-egress/values.yaml
# Istiod is the default pilotCertProvider: istiod sds: # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the # JWT is intended for the CA. token: aud: istio-ca sts:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 12.4K bytes - Viewed (0) -
manifests/charts/gateways/istio-ingress/values.yaml
# Istiod is the default pilotCertProvider: istiod sds: # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. # When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the # JWT is intended for the CA. token: aud: istio-ca sts:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 16:55:16 UTC 2024 - 13K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
// // Support for signing other root CA has been removed - too dangerous, no clear use case. // // Default config, for backward compat with Citadel: // - if "cacerts" secret exists in istio-system, will be mounted. It may contain an optional "root-cert.pem", // with additional roots and optional {ca-key, ca-cert, cert-chain}.pem user-provided root CA.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
security/pkg/server/ca/server.go
"istio.io/istio/pkg/security" "istio.io/istio/security/pkg/pki/ca" caerror "istio.io/istio/security/pkg/pki/error" "istio.io/istio/security/pkg/pki/util" ) var serverCaLog = log.RegisterScope("serverca", "Citadel server log") // CertificateAuthority contains methods to be supported by a CA. type CertificateAuthority interface { // Sign generates a certificate for a workload or CA, from the given CSR and cert opts.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 28 17:35:26 UTC 2024 - 8K bytes - Viewed (0) -
operator/pkg/patch/patch.go
- [list_entry_value] selects a list entry in list d which is a regex match of list_entry_value. Some examples are given below. Given a resource: kind: Deployment metadata: name: istio-citadel namespace: istio-system a: b: - name: n1 value: v1 - name: n2 list: - "vv1" - vv2=foo values and list entries can be added, modified or deleted. # MODIFY
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Aug 10 15:35:03 UTC 2023 - 6.2K bytes - Viewed (0) -
pkg/istio-agent/agent.go
k8sCAIstioMountedPath = "./var/run/secrets/istio/kubernetes/ca.crt" // CitadelCACertPath is the directory for Citadel CA certificate. // This is mounted from config map 'istio-ca-root-cert'. Part of startup, // this may be replaced with ./etc/certs, if a root-cert.pem is found, to // handle secrets mounted from non-citadel CAs. CitadelCACertPath = "./var/run/secrets/istio" ) const (
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 05 10:02:56 UTC 2024 - 26.7K bytes - Viewed (0) -
pkg/security/security.go
// TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/sidecar-injector-configmap-with-revision-canary.yaml
:{"enabled":true,"suffix":"global"}},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"debug":"info","domain":"","enabled":true,"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"namespace":"istio-system","ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","port":80,"targetPort":80},{"name":"https","po...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 21 03:10:21 UTC 2024 - 27.5K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/sidecar-injector-configmap-absolute-override.yaml
:{"enabled":true,"suffix":"global"}},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"debug":"info","domain":"","enabled":true,"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"namespace":"istio-system","ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","port":80,"targetPort":80},{"name":"https","po...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 21 03:10:21 UTC 2024 - 27.4K bytes - Viewed (0)