- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 67 for audiences (0.15 sec)
-
pkg/kube/client.go
}) } return g.Wait() } func (c *client) CreatePerRPCCredentials(_ context.Context, tokenNamespace, tokenServiceAccount string, audiences []string, expirationSeconds int64, ) (credentials.PerRPCCredentials, error) { return NewRPCCredentials(c, tokenNamespace, tokenServiceAccount, audiences, expirationSeconds, 60) } func (c *client) UtilFactory() PartialFactory { return c.clientFactory }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 14:44:17 UTC 2024 - 39K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
// This value can also be extracted from the mounted token trustedIssuer = env.Register("TOKEN_ISSUER", "", "OIDC token issuer. If set, will be used to check the tokens.") audience = env.Register("AUDIENCE", "", "Expected audience in the tokens. ") caRSAKeySize = env.Register("CITADEL_SELF_SIGNED_CA_RSA_KEY_SIZE", 2048, "Specify the RSA key size to use for self-signed Istio CA certificates.")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
fi if [[ -n "${SERVICE_CLUSTER_IP_RANGE:-}" ]]; then params+=" --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}" fi params+=" --service-account-issuer=${SERVICEACCOUNT_ISSUER}" params+=" --api-audiences=${SERVICEACCOUNT_ISSUER}" params+=" --service-account-signing-key-file=${SERVICEACCOUNT_KEY_PATH}" local audit_policy_config_mount="" local audit_policy_config_volume="" local audit_webhook_config_mount=""
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
istioctl/pkg/workload/workload.go
// ObjectMeta isn't required in real k8s, but needed for tests ObjectMeta: metav1.ObjectMeta{ Name: serviceAccount, Namespace: wg.Namespace, }, Spec: authenticationv1.TokenRequestSpec{ Audiences: []string{"istio-ca"}, ExpirationSeconds: &tokenDuration, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 25.5K bytes - Viewed (0) -
staging/src/k8s.io/api/storage/v1/types.go
type VolumeLifecycleMode string // TokenRequest contains parameters of a service account token. type TokenRequest struct { // audience is the intended audience of the token in "TokenRequestSpec". // It will default to the audiences of kube apiserver. Audience string `json:"audience" protobuf:"bytes,1,opt,name=audience"` // expirationSeconds is the duration of validity of the token in "TokenRequestSpec".
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 23 17:42:49 UTC 2024 - 32K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
DisableHTTP2 bool } type AuthenticationInfo struct { // APIAudiences is a list of identifier that the API identifies as. This is // used by some authenticators to validate audience bound credentials. APIAudiences authenticator.Audiences // Authenticator determines which subject is making the request Authenticator authenticator.Request RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
// JWTRule is from the JWT_RULE environment variable. // An example of json string for JWTRule is: // `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`. jwtRule := &v1beta1.JWTRule{} err := json.Unmarshal([]byte(args.JwtRule), jwtRule) if err != nil { return nil, fmt.Errorf("failed to unmarshal JWT rule: %v", err) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pkg/serviceaccount/claims_test.go
}{ { // pod and secret sa: sa, pod: pod, sec: sec, // really fast exp: 0, // nil audience aud: nil, err: "internal error, token can only be bound to one object type", }, { // pod sa: sa, pod: pod, // empty audience aud: []string{}, exp: 100, sc: &jwt.Claims{ Subject: "system:serviceaccount:myns:mysvcacct",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 17.9K bytes - Viewed (0) -
pkg/registry/storage/csidriver/strategy_test.go
wantGeneration: 1, }, { name: "service account token feature enabled, before: none, update: audience=gcp", old: driverWithNothing, update: driverWithServiceAccountTokenGCP, wantTokenRequests: []storage.TokenRequest{{Audience: gcp}}, wantRequiresRepublish: &enabled, wantGeneration: 1, }, {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 16.7K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/files/waypoint.yaml
path: annotations name: istio-podinfo - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: name: istio-ca-root-cert name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 22:41:03 UTC 2024 - 10.3K bytes - Viewed (0)