Documentation ¶
Index ¶
- func LoadKubeconfig() (*meshauth.KubeConfig, error)
- type GRPCServer
- type GenerateBootstrapOptions
- type MeshCertProvider
- type MeshCerts
- type XDSCreds
- func (x *XDSCreds) Build(config json.RawMessage) (credentials.Bundle, error)
- func (x *XDSCreds) Name() string
- func (x *XDSCreds) NewWithMode(mode string) (credentials.Bundle, error)
- func (x *XDSCreds) PerRPCCredentials() credentials.PerRPCCredentials
- func (x *XDSCreds) TransportCredentials() credentials.TransportCredentials
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadKubeconfig ¶
func LoadKubeconfig() (*meshauth.KubeConfig, error)
Load a kube config file for meshauth. Used to bootstrap auth.
Types ¶
type GRPCServer ¶
type GRPCServer interface { RegisterService(*grpc.ServiceDesc, interface{}) Serve(net.Listener) error Stop() GracefulStop() GetServiceInfo() map[string]grpc.ServiceInfo }
GRPCServer is the interface implemented by both grpc
func GenerateGRPCXDS ¶
func GenerateGRPCXDS(opts *GenerateBootstrapOptions) (GRPCServer, error)
GenerateBootstrap will write a Istio bootstrap file in the location expected by gRPC, using Istio environment variables:
XDS_ADDR - the address of the XDS server, defaults to istiod.istio-system.svc:15010 if cert not set, and 15012 if root cert found POD_NAMESPACE, LABELS - based on standard mounts ISTIO_META_env variables used like in regular Istio ...
type MeshCertProvider ¶
type MeshCertProvider struct { }
func (*MeshCertProvider) Name ¶
func (c *MeshCertProvider) Name() string
func (*MeshCertProvider) ParseConfig ¶
func (c *MeshCertProvider) ParseConfig(i interface{}) (*certprovider.BuildableConfig, error)
type MeshCerts ¶
type MeshCerts struct { }
func (*MeshCerts) KeyMaterial ¶
func (c *MeshCerts) KeyMaterial(ctx context.Context) (*certprovider.KeyMaterial, error)
type XDSCreds ¶
type XDSCreds struct { }
XDSCreds provides credentials for authenticating with the XDS server. Token: - Istio-ca path - k8s token - MDS - if available - google default credentials
Client certs: - workload id files - old istio files
TransportCredentials also sets the expected CA and SAN for the server.
func (*XDSCreds) Build ¶
func (x *XDSCreds) Build(config json.RawMessage) (credentials.Bundle, error)
func (*XDSCreds) NewWithMode ¶
func (x *XDSCreds) NewWithMode(mode string) (credentials.Bundle, error)
func (*XDSCreds) PerRPCCredentials ¶
func (x *XDSCreds) PerRPCCredentials() credentials.PerRPCCredentials
func (*XDSCreds) TransportCredentials ¶
func (x *XDSCreds) TransportCredentials() credentials.TransportCredentials