certificate.tls¶
Simplest configuration:
[certificate#0]
type = tls
svcmgr -s <svcname> set --kw certificate#0.type=tls
certificate_chain_filename¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Local filesystem data source of the TLS certificate chain.
certificate_chain_inline_string¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
String inlined data source of the TLS certificate chain.
certificate_secret¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
The name of the secret object name hosting the certificate files. The secret must have the certificate_chain and server_key keys set. This setting makes the certificate served to envoy via the secret discovery service, which allows its live rotation.
private_key_filename¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Local filesystem data source of the TLS private key.
private_key_inline_string¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
String inlined filesystem data source of the TLS private key. A reference to a secret for example.
validation_secret¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
The name of the secret object name hosting the certificate autority files for certificate_secret validation. The secret must have the trusted_ca and verify_certificate_hash keys set. This setting makes the validation data served to envoy via the secret discovery service, which allows certificates live rotation.