- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 181 for service_account (0.2 sec)
-
pkg/controlplane/apiserver/options/options.go
if completed.Authentication.ServiceAccounts.MaxExpiration < lowBound || completed.Authentication.ServiceAccounts.MaxExpiration > upBound { return CompletedOptions{}, fmt.Errorf("the service-account-max-token-expiration must be between 1 hour and 2^32 seconds") } if completed.Authentication.ServiceAccounts.ExtendExpiration {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Apr 27 12:19:56 UTC 2024 - 15.4K bytes - Viewed (0) -
plugin/pkg/admission/serviceaccount/admission.go
// 1. If the pod does not specify a ServiceAccount, it sets the pod's ServiceAccount to "default" // 2. It ensures the ServiceAccount referenced by the pod exists // 3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pod's ServiceAccount does not reference
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Apr 12 17:49:30 UTC 2024 - 18.6K bytes - Viewed (0) -
plugin/pkg/admission/serviceaccount/admission_test.go
admit.SetExternalKubeInformerFactory(informerFactory) admit.MountServiceAccountToken = true // Add the default service account for the ns into the cache informerFactory.Core().V1().ServiceAccounts().Informer().GetStore().Add(&corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: DefaultServiceAccountName, Namespace: ns, }, }) v1PodIn := &corev1.Pod{ Spec: corev1.PodSpec{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Apr 12 17:49:30 UTC 2024 - 36.9K bytes - Viewed (0) -
pilot/pkg/serviceregistry/serviceentry/conversion.go
Addresses: svc.GetAddresses(proxy), // This is based on alpha.istio.io/canonical-serviceaccounts and // alpha.istio.io/kubernetes-serviceaccounts. SubjectAltNames: svc.ServiceAccounts, } if len(svc.Attributes.LabelSelectors) > 0 { se.WorkloadSelector = &networking.WorkloadSelector{Labels: svc.Attributes.LabelSelectors} }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 29 02:03:58 UTC 2024 - 16.9K bytes - Viewed (0) -
pkg/serviceaccount/claims_test.go
} type fakeGetter struct { serviceAccount *v1.ServiceAccount secret *v1.Secret pod *v1.Pod node *v1.Node } func (f fakeGetter) GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error) { if f.serviceAccount == nil { return nil, apierrors.NewNotFound(schema.GroupResource{Group: "", Resource: "serviceaccounts"}, name) } return f.serviceAccount, nil }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 17.9K bytes - Viewed (0) -
pilot/pkg/model/service_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 20:38:02 UTC 2024 - 13.9K bytes - Viewed (0) -
pkg/kubeapiserver/options/authentication.go
} ret.APIAudiences = o.APIAudiences if o.ServiceAccounts != nil { if len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 { ret.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers) } ret.ServiceAccountKeyFiles = o.ServiceAccounts.KeyFiles ret.ServiceAccountIssuers = o.ServiceAccounts.Issuers ret.ServiceAccountLookup = o.ServiceAccounts.Lookup } if o.TokenFile != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 22:40:22 UTC 2024 - 32.4K bytes - Viewed (0) -
pkg/serviceaccount/jwt_test.go
} func generateECDSAToken(t *testing.T, iss string, serviceAccount *v1.ServiceAccount, ecdsaSecret *v1.Secret) string { t.Helper() ecdsaGenerator, err := serviceaccount.JWTTokenGenerator(iss, getPrivateKey(ecdsaPrivateKey)) if err != nil { t.Fatalf("error making generator: %v", err) } ecdsaToken, err := ecdsaGenerator.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *ecdsaSecret)) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 27 22:16:08 UTC 2024 - 17K bytes - Viewed (0) -
pkg/spiffe/spiffe_test.go
namespace: "foo", serviceAccount: "bar", trustDomain: "******@****.***.gserviceaccount.com", expectedURI: "spiffe://kube-federating-id.testproj.iam.gserviceaccount.com/ns/foo/sa/bar", }, } for id, tc := range testCases { got, err := genSpiffeURI(tc.trustDomain, tc.namespace, tc.serviceAccount) if tc.expectedError == "" && err != nil { t.Errorf("teste case [%v] failed, error %v", id, tc) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 18.1K bytes - Viewed (0) -
istioctl/pkg/workload/workload_test.go
} }) t.Run(dir.Name(), func(t *testing.T) { createClientFunc := func(client kube.CLIClient) { client.Kube().CoreV1().ServiceAccounts("bar").Create(context.Background(), &v1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{Namespace: "bar", Name: "vm-serviceaccount"}, Secrets: []v1.ObjectReference{{Name: "test"}}, }, metav1.CreateOptions{})
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 27 16:59:05 UTC 2024 - 14.6K bytes - Viewed (0)