TLS Protect for Kubernetes
Log inCreate account
Important Announcement!

This deprecated version of TLS Protect for Kubernetes, originally known as Jetstack Secure, will be PERMANENTLY SHUTDOWN on May 19, 2025. If you're still using this version, please work with your CyberArk/Venafi account team to transition to the current version of TLS Protect for Kubernetes.

isolated-issuer image flags

Isolated issuer for signing certificates securely


Usage:
  isolated-issuer [flags]


App flags:


  -c, --config string                 Filepath to config file. (default "config.yaml")
      --disable-mlock false           Disable mlockall from being called by this process at start time. This flag is useful for when the process does not have the 'CAP_IPC_LOCK' capability. Advised that this flag is set to false in production environments.
  -v, --log-level string              Log level (1-5). (default "1")
      --metrics-port int              TCP port to expose Prometheus metrics on 0.0.0.0 on HTTP path '/metrics'. (default 9402)
      --readiness-probe-path string   HTTP path to expose the readiness probe server. (default "/readyz")
      --readiness-probe-port int      Port to expose the readiness probe. (default 8080)


Validate flags:


      --insecure-print-unredacted   When printing config after validation, don't redact secrets and instead print in plaintext


Kubernetes flags:


      --as string                      Username to impersonate for the operation
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --cache-dir string               Default cache directory (default "/Users/joakim/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
  -n, --namespace string               If present, the namespace scope for this CLI request
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
  -s, --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
Copy to clipboard

On this page