- Sort Score
- Result 10 results
- Languages All
Results 71 - 80 of 178 for service_account (0.47 sec)
-
plugin/pkg/auth/authorizer/node/node_authorizer.go
} if attrs.GetSubresource() != "token" { klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) return authorizer.DecisionNoOpinion, "can only create token subresource of serviceaccount", nil } ok, err := r.hasPathFrom(nodeName, startingType, attrs.GetNamespace(), attrs.GetName()) if err != nil { klog.V(2).Infof("NODE DENY: %v", err)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 16K bytes - Viewed (0) -
pkg/serviceaccount/jwt.go
"k8s.io/apiserver/pkg/authentication/authenticator" apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount" ) // ServiceAccountTokenGetter defines functions to retrieve a named service account and secret type ServiceAccountTokenGetter interface { GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error) GetPod(namespace, name string) (*v1.Pod, error) GetSecret(namespace, name string) (*v1.Secret, error)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 27 22:16:08 UTC 2024 - 10.7K bytes - Viewed (0) -
pilot/pkg/credentials/kube/secrets.go
s.authorizationCache[key] = authorizationResponse{ expiration: time.Now().Add(expDelta), authorized: response, } } func (s *CredentialsController) Authorize(serviceAccount, namespace string) error { user := sa.MakeUsername(namespace, serviceAccount) if cached, f := s.cachedAuthorization(user); f { return cached } err := func() error {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 19:18:21 UTC 2024 - 10K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
} // For backward compatibility, use metadata certs if provided. if cb.hasMetadataCerts() { return cb.buildMutualTLS(serviceAccounts, sni), autoDetected } // Build settings for auto MTLS. return cb.buildIstioMutualTLS(serviceAccounts, sni), autoDetected } func (cb *ClusterBuilder) hasMetadataCerts() bool { return cb.metadataCerts != nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
cmd/kube-controller-manager/app/core.go
aliases: []string{"serviceaccount"}, initFunc: startServiceAccountController, } } func startServiceAccountController(ctx context.Context, controllerContext ControllerContext, controllerName string) (controller.Interface, bool, error) { sac, err := serviceaccountcontroller.NewServiceAccountsController( controllerContext.InformerFactory.Core().V1().ServiceAccounts(),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 08:42:31 UTC 2024 - 39K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/workloads.go
Name: wle.Name, Namespace: wle.Namespace, Network: network, ClusterId: string(a.ClusterID), ServiceAccount: wle.Spec.ServiceAccount, Services: constructServicesFromWorkloadEntry(&wle.Spec, services), AuthorizationPolicies: policies, Status: workloadapi.WorkloadStatus_HEALTHY, // TODO: WE can be unhealthy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.9K bytes - Viewed (0) -
samples/extauthz/cmd/extauthz/main.go
overrideHeader = "x-ext-authz-additional-header-override" overrideGRPCValue = "grpc-additional-header-override-value" resultAllowed = "allowed" resultDenied = "denied" ) var ( serviceAccount = flag.String("allow_service_account", "a", "allowed service account, matched against the service account in the source principal from the client certificate") httpPort = flag.String("http", "8000", "HTTP server port")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 15 18:23:48 UTC 2024 - 10.4K bytes - Viewed (0) -
manifests/charts/istiod-remote/values.yaml
# Default behavior: latest images will be Always else IfNotPresent. imagePullPolicy: "" # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace # to use for pulling any images in pods that reference this ServiceAccount. # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 21K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
# Default behavior: latest images will be Always else IfNotPresent. imagePullPolicy: "" # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace # to use for pulling any images in pods that reference this ServiceAccount. # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 21.1K bytes - Viewed (0) -
helm/minio/templates/statefulset.yaml
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} {{- end }} {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} containers: - name: {{ .Chart.Name }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Fri Apr 26 07:50:24 UTC 2024 - 10.7K bytes - Viewed (0)