AccessControlPolicy
hub.traefik.io / v1alpha1
apiVersion: hub.traefik.io/v1alpha1
kind: AccessControlPolicy
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
AccessControlPolicySpec configures an access control policy.
apiKey object
AccessControlPolicyAPIKey configure an APIKey control policy.
forwardHeaders
object
ForwardHeaders instructs the middleware to forward key metadata as header values upon successful authentication.
keySource object required
KeySource defines how to extract API keys from requests.
cookie
string
Cookie is the name of a cookie.
header
string
Header is the name of a header.
headerAuthScheme
string
HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization".
If set, this scheme is removed from the token, and all requests not including it are dropped.
query
string
Query is the name of a query parameter.
keys []object
Keys define the set of authorized keys to access a protected resource.
id
string required
ID is the unique identifier of the key.
metadata
object
Metadata holds arbitrary metadata for this key, can be used by ForwardHeaders.
value
string required
Value is the SHAKE-256 hash (using 64 bytes) of the API key.
basicAuth object
AccessControlPolicyBasicAuth holds the HTTP basic authentication configuration.
forwardUsernameHeader
string
realm
string
stripAuthorizationHeader
boolean
users
[]string
jwt object
AccessControlPolicyJWT configures a JWT access control policy.
claims
string
forwardHeaders
object
jwksFile
string
jwksUrl
string
publicKey
string
signingSecret
string
signingSecretBase64Encoded
boolean
stripAuthorizationHeader
boolean
tokenQueryKey
string
oAuthIntro object
AccessControlOAuthIntro configures an OAuth 2.0 Token Introspection access control policy.
claims
string
clientConfig object required
AccessControlOAuthIntroClientConfig configures the OAuth 2.0 client for issuing token introspection requests.
headers
object
Headers to set when sending requests to the Authorization Server.
maxRetries
integer
MaxRetries defines the number of retries for introspection requests.
timeoutSeconds
integer
TimeoutSeconds configures the maximum amount of seconds to wait before giving up on requests.
tls object
TLS configures TLS communication with the Authorization Server.
ca
string
CA sets the CA bundle used to sign the Authorization Server certificate.
insecureSkipVerify
boolean
InsecureSkipVerify skips the Authorization Server certificate validation.
For testing purposes only, do not use in production.
tokenTypeHint
string
TokenTypeHint is a hint to pass to the Authorization Server.
See https://tools.ietf.org/html/rfc7662#section-2.1 for more information.
url
string required
URL of the Authorization Server.
forwardHeaders
object
tokenSource object required
TokenSource describes how to extract tokens from HTTP requests.
If multiple sources are set, the order is the following: header > query > cookie.
cookie
string
Cookie is the name of a cookie.
header
string
Header is the name of a header.
headerAuthScheme
string
HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization".
If set, this scheme is removed from the token, and all requests not including it are dropped.
query
string
Query is the name of a query parameter.
oidc object
AccessControlPolicyOIDC holds the OIDC authentication configuration.
authParams
object
claims
string
clientId
string
disableAuthRedirectionPaths
[]string
forwardHeaders
object
issuer
string
logoutUrl
string
redirectUrl
string
scopes
[]string
secret object
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
name
string
name is unique within a namespace to reference a secret resource.
namespace
string
namespace defines the space within which the secret name must be unique.
session object
Session holds session configuration.
domain
string
path
string
refresh
boolean
sameSite
string
secure
boolean
stateCookie object
StateCookie holds state cookie configuration.
domain
string
path
string
sameSite
string
secure
boolean
oidcGoogle object
AccessControlPolicyOIDCGoogle holds the Google OIDC authentication configuration.
authParams
object
clientId
string
emails
[]string
Emails are the allowed emails to connect.
minItems:
1
forwardHeaders
object
logoutUrl
string
redirectUrl
string
secret object
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
name
string
name is unique within a namespace to reference a secret resource.
namespace
string
namespace defines the space within which the secret name must be unique.
session object
Session holds session configuration.
domain
string
path
string
refresh
boolean
sameSite
string
secure
boolean
stateCookie object
StateCookie holds state cookie configuration.
domain
string
path
string
sameSite
string
secure
boolean
status object
The current status of this access control policy.
specHash
string
syncedAt
string
format:
date-time
version
string
No matches. Try .spec.apiKey for an exact path