certificate.tls¶
Simplest configuration:
[certificate#0]
type = tls
svcmgr -s <svcname> set --kw certificate#0.type=tls
certificate_chain_filename¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
Local filesystem data source of the TLS certificate chain.
certificate_chain_inline_string¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
String inlined data source of the TLS certificate chain.
certificate_secret¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
The name of the secret object name hosting the certificate files. The secret must have the certificate_chain and server_key keys set. This setting makes the certificate served to envoy via the secret discovery service, which allows its live rotation.
private_key_filename¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
Local filesystem data source of the TLS private key.
private_key_inline_string¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
String inlined filesystem data source of the TLS private key. A reference to a secret for example.
validation_secret¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
The name of the secret object name hosting the certificate autority files for certificate_secret validation. The secret must have the trusted_ca and verify_certificate_hash keys set. This setting makes the validation data served to envoy via the secret discovery service, which allows certificates live rotation.
comment¶
scopable |
False |
required |
False |
provisioning |
False |
default |
|
inheritance |
leaf > head |
scope order |
specific > generic |
Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.