Search Options

Results per page
Sort
Preferred Languages
Advance

Results 171 - 180 of 344 for ca (0.03 sec)

  1. cni/pkg/install/kubeconfig_test.go

    	"path/filepath"
    	"testing"
    
    	"istio.io/istio/cni/pkg/config"
    	testutils "istio.io/istio/pilot/test/util"
    )
    
    const (
    	k8sServiceHost = "10.96.0.1"
    	k8sServicePort = "443"
    	kubeCAFilepath = "testdata/kube-ca.crt"
    	saToken        = "service_account_token_string"
    )
    
    func TestCreateValidKubeconfigFile(t *testing.T) {
    	tmp := t.TempDir()
    	os.WriteFile(filepath.Join(tmp, "token"), []byte(saToken), 0o644)
    	cases := []struct {
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Aug 14 19:36:19 UTC 2024
    - 3.8K bytes
    - Viewed (0)
  2. cni/pkg/install/kubeconfig.go

    	}
    
    	if cfg.SkipTLSVerify {
    		// User explicitly opted into insecure.
    		cluster.InsecureSkipTLSVerify = true
    	} else {
    		caFile := model.GetOrDefault(cfg.KubeCAFile, cfg.K8sServiceAccountPath+"/ca.crt")
    		caContents, err := os.ReadFile(caFile)
    		if err != nil {
    			return kubeconfig{}, err
    		}
    		cluster.CertificateAuthorityData = caContents
    	}
    
    	token, err := os.ReadFile(cfg.K8sServiceAccountPath + "/token")
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Aug 01 18:38:14 UTC 2024
    - 4K bytes
    - Viewed (0)
  3. docs/sts/client_grants/__init__.py

                     sts_ep='http://localhost:9000'):
            self.cid = cid
            self.csec = csec
            self.idp_ep = idp_ep
            self.sts_ep = sts_ep
    
            # Load CA certificates from SSL_CERT_FILE file if set
            ca_certs = os.environ.get('SSL_CERT_FILE')
            if not ca_certs:
                ca_certs = certifi.where()
    
            self._http = urllib3.PoolManager(
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Apr 23 18:58:53 UTC 2021
    - 4.6K bytes
    - Viewed (0)
  4. manifests/charts/README.md

    - Better security: separate Istio components reside in different namespaces, allowing different teams or
    roles to manage different parts of Istio. For example, a security team would maintain the
    root CA and policy, a telemetry team may only have access to Prometheus,
    and a different team may maintain the control plane components (which are highly security sensitive).
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Oct 31 16:56:50 UTC 2024
    - 7.4K bytes
    - Viewed (0)
  5. common-protos/k8s.io/api/certificates/v1alpha1/generated.proto

      //
      // The data must consist only of PEM certificate blocks that parse as valid
      // X.509 certificates.  Each certificate must include a basic constraints
      // extension with the CA bit set.  The API server will reject objects that
      // contain duplicate certificates, or that use PEM block headers.
      //
      // Users of ClusterTrustBundles, including Kubelet, are free to reorder and
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Mar 11 18:43:24 UTC 2024
    - 4.2K bytes
    - Viewed (0)
  6. cni/pkg/config/config.go

    	// Logging level for the CNI plugin
    	// Since it runs out-of-process, it has to be separately configured
    	PluginLogLevel string
    	// The file mode to set when creating the kubeconfig file
    	KubeconfigMode int
    	// CA file for kubeconfig
    	KubeCAFile string
    	// Whether to use insecure TLS in the kubeconfig file
    	SkipTLSVerify bool
    
    	// Comma-separated list of K8S namespaces that CNI should ignore
    	ExcludeNamespaces string
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Fri Aug 16 15:33:47 UTC 2024
    - 5.7K bytes
    - Viewed (0)
  7. istioctl/pkg/writer/ztunnel/configdump/configdump.go

    func (c *ConfigWriter) PrintVersionSummary() error {
    	// TODO
    	return nil
    }
    
    // PrintPodRootCAFromDynamicSecretDump prints just pod's root ca from dynamic secret config dump to the ConfigWriter stdout
    func (c *ConfigWriter) PrintPodRootCAFromDynamicSecretDump() (string, error) {
    	// TODO
    	return "", nil
    }
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Jun 06 20:18:34 UTC 2024
    - 3.9K bytes
    - Viewed (0)
  8. common-protos/k8s.io/api/certificates/v1/generated.proto

      //
      // Custom signerNames can also be specified. The signer defines:
      //  1. Trust distribution: how trust (CA bundles) are distributed.
      //  2. Permitted subjects: and behavior when a disallowed subject is requested.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Mar 11 18:43:24 UTC 2024
    - 11.6K bytes
    - Viewed (0)
  9. okhttp/src/main/kotlin/okhttp3/CertificatePinner.kt

     *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
     *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
     *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root
     * Pinned certificates for publicobject.com:
     *     sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    Registered: Fri Nov 01 11:42:11 UTC 2024
    - Last Modified: Mon Jan 08 01:13:22 UTC 2024
    - 14.2K bytes
    - Viewed (0)
  10. helm-releases/minio-2.0.1.tgz

    needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Aug 31 09:09:09 UTC 2021
    - 13.6K bytes
    - Viewed (0)
Back to top