Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticatorOptions ¶ added in v0.11.0
type AuthenticatorOptions struct {
// EnableClientCert enables the client certificate authenticator when true.
EnableClientCert bool
}
type ClusterNodeAuthorizer ¶ added in v0.12.0
type ClusterNodeAuthorizer struct {
// contains filtered or unexported fields
}
func NewClusterNodeAuthorizer ¶ added in v0.12.0
func NewClusterNodeAuthorizer(client kube.Client, trustedNodeAccounts sets.Set[types.NamespacedName]) *ClusterNodeAuthorizer
type Options ¶ added in v0.2.0
type Options struct {
// ClusterID is the ID of the cluster to verify requests to.
ClusterID string
// Address to serve the gRPC service
ServingAddress string
// MaximumClientCertificateDuration is the maximum duration a client can
// request its duration for. If the client requests a duration larger than
// this value, this value will be used instead.
MaximumClientCertificateDuration time.Duration
// Authenticators configures authenticators to use for incoming CSR requests.
Authenticators AuthenticatorOptions
CATrustedNodeAccounts []string
}
type Server ¶
type Server struct {
securityapi.UnimplementedIstioCertificateServiceServer
// contains filtered or unexported fields
}
Server is the implementation of the istio CreateCertificate service
func (*Server) Check ¶ added in v0.2.0
Check is used by the shared readiness manager to expose whether the server is ready.
func (*Server) CreateCertificate ¶
func (s *Server) CreateCertificate(ctx context.Context, icr *securityapi.IstioCertificateRequest) (*securityapi.IstioCertificateResponse, error)
CreateCertificate is the istio grpc API func, to authenticate, authorize, and sign CSRs requests from istio clients.
func (*Server) NeedLeaderElection ¶ added in v0.2.0
All istio-csr's should serve the CreateCertificate service
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.