Skip to search

RequestAuthentication

security.istio.io / v1

apiVersion: security.istio.io/v1 kind: RequestAuthentication metadata: name: example
View raw schema
spec object
Request authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/request_authentication.html
jwtRules []object
Define the list of JWTs that can be validated at the selected workloads' proxy.
maxItems: 4096
audiences []string
The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access.
forwardOriginalToken boolean
If set to true, the original token will be kept for the upstream request.
fromCookies []string
List of cookie names from which JWT is expected.
fromHeaders []object
List of header locations from which JWT is expected.
name string required
The HTTP header name.
minLength: 1
prefix string
The prefix that should be stripped before decoding the token.
fromParams []string
List of query parameters from which JWT is expected.
issuer string required
Identifies the issuer that issued the JWT.
minLength: 1
jwks string
JSON Web Key Set of public keys to validate signature of the JWT.
jwksUri string
URL of the provider's public key set to validate signature of the JWT.
minLength: 1
maxLength: 2048
jwks_uri string
URL of the provider's public key set to validate signature of the JWT.
minLength: 1
maxLength: 2048
outputClaimToHeaders []object
This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.
claim string required
The name of the claim to be copied from.
minLength: 1
header string required
The name of the header to be created.
pattern: ^[-_A-Za-z0-9]+$
minLength: 1
outputPayloadToHeader string
This field specifies the header name to output a successfully verified JWT payload to the backend.
timeout string
The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.
selector object
Optional.
matchLabels object
One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.
targetRef object
group string
group is the group of the target resource.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
kind is kind of the target resource.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
name is the name of the target resource.
minLength: 1
maxLength: 253
namespace string
namespace is the namespace of the referent.
targetRefs []object
Optional.
group string
group is the group of the target resource.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
kind is kind of the target resource.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
name is the name of the target resource.
minLength: 1
maxLength: 253
namespace string
namespace is the namespace of the referent.
status object

No matches. Try .spec.jwtRules for an exact path