istio-csr image flags
cert-manager istio agent for signing istio agent certificate signing requests through cert-managerUsage:cert-manager-istio-csr [flags]App flags:-v, --log-level string Log level (1-5). (default "1")--metrics-port int Port to expose Prometheus metrics on 0.0.0.0 on path '/metrics'. (default 9402)--readiness-probe-path string HTTP path to expose the readiness probe server. (default "/readyz")--readiness-probe-port int Port to expose the readiness probe. (default 6060)Cert-manager flags:-c, --certificate-namespace string Namespace to request certificates. (default "istio-system")-g, --issuer-group string Group of the issuer to sign istio workload certificates. (default "cert-manager.io")-k, --issuer-kind string Kind of the issuer to sign istio workload certificates. (default "Issuer")-u, --issuer-name string Name of the issuer to sign istio workload certificates. (default "istio-ca")-d, --preserve-certificate-requests If enabled, will preserve created CertificateRequests, rather than deleting when they are ready. *WARNING*: do not use in production environments as over time requests will consume large amounts of etcd and API server resources.Kubernetes flags:--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.--as-uid string UID to impersonate for the operation.--cache-dir string Default cache directory (default "/Users/joakim/.kube/cache")--certificate-authority string Path to a cert file for the certificate authority--client-certificate string Path to a client certificate file for TLS--client-key string Path to a client key file for TLS--cluster string The name of the kubeconfig cluster to use--context string The name of the kubeconfig context to use--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure--kubeconfig string Path to the kubeconfig file to use for CLI requests.-n, --namespace string If present, the namespace scope for this CLI request--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")-s, --server string The address and port of the Kubernetes API server--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used--token string Bearer token for authentication to the API server--user string The name of the kubeconfig user to useTLS flags:--root-ca-file string File location of a PEM encoded Roots CA bundle to be used as root of trust for TLS in the mesh. If empty, the CA returned from the cert-manager issuer will be used.--serving-certificate-dns-names strings A list of DNS names to request for the server's serving certificate which will be presented to istio-agents. (default [cert-manager-istio-csr.cert-manager.svc])-t, --serving-certificate-duration duration Certificate duration of serving certificates. Will be renewed after 2/3 of the duration. (default 1h0m0s)--trust-domain string The Istio cluster's trust domain. (default "cluster.local")Server flags:--cluster-id string The ID of the istio cluster to verify. (default "Kubernetes")-m, --max-client-certificate-duration duration Maximum duration a client certificate can be requested and valid for. Will override with this value if the requested duration is larger (default 1h0m0s)-a, --serving-address string Address to serve certificates gRPC service. (default "0.0.0.0:6443")Controller flags:--configmap-namespace-selector string Selector to filter on namespaces where the controller creates istio-ca-root-cert ConfigMap. Supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)--leader-election-namespace string Namespace to use for controller leader election. (default "istio-system")
Copy to clipboard