istio: istio.io/istio/security/pkg/cmd Index | Files

package cmd

import "istio.io/istio/security/pkg/cmd"

Index

Package Files

constants.go probe.go

Constants

const (
    // DefaultSelfSignedCACertTTL is the default TTL of self-signed CA root certificate.
    DefaultSelfSignedCACertTTL = 3650 * 24 * time.Hour

    // DefaultSelfSignedRootCertCheckInterval is the default interval a self-signed
    // CA checks and rotates its root certificate.
    DefaultSelfSignedRootCertCheckInterval = 1 * time.Hour

    // DefaultRootCertGracePeriodPercentile is the default length of root certificate
    // rotation grace period, configured as the ratio of the certificate TTL.
    DefaultRootCertGracePeriodPercentile = 20

    // ReadSigningCertRetryInterval specifies the time to wait between retries on reading the signing key and cert.
    ReadSigningCertRetryInterval = time.Second * 5

    // DefaultRequestedCACertTTL is the default requested TTL for the workload.
    DefaultRequestedCACertTTL = 365 * 24 * time.Hour

    // DefaultMaxWorkloadCertTTL is the default max TTL of issued workload certificates.
    DefaultMaxWorkloadCertTTL = 90 * 24 * time.Hour

    // DefaultWorkloadCertTTL is the default TTL of issued workload certificates.
    DefaultWorkloadCertTTL = 90 * 24 * time.Hour

    // DefaultWorkloadCertGracePeriodRatio is the default length of certificate rotation grace period,
    // configured as the ratio of the certificate TTL.
    DefaultWorkloadCertGracePeriodRatio = 0.5

    // DefaultWorkloadMinCertGracePeriod is the default minimum grace period for workload cert rotation.
    DefaultWorkloadMinCertGracePeriod = 10 * time.Minute

    // DefaultProbeCheckInterval is the default interval of checking the liveness of the CA.
    DefaultProbeCheckInterval = 30 * time.Second

    // DefaultCSRGracePeriodPercentage is the default length of certificate rotation grace period,
    // configured as the percentage of the certificate TTL.
    DefaultCSRGracePeriodPercentage = 50

    // DefaultCSRInitialRetrialInterval is the default initial interval between retries to send CSR to upstream CA.
    DefaultCSRInitialRetrialInterval = time.Second

    // DefaultCSRMaxRetries is the default value of CSR retries for Citadel to send CSR to upstream CA.
    DefaultCSRMaxRetries = 10

    // ListenedNamespaceKey is the key for the environment variable that specifies the namespace.
    ListenedNamespaceKey = "NAMESPACE"
)

func NewProbeCmd Uses

func NewProbeCmd() *cobra.Command

NewProbeCmd creates the cobra.Command for the probe command

Package cmd imports 5 packages (graph) and is imported by 1 packages. Updated 2019-10-22. Refresh now. Tools for package owners.