security.istio.io / v1 / RequestAuthentication

• object

  .spec

  Request authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/request_authentication.html

• array

  .spec .jwtRules

  Define the list of JWTs that can be validated at the selected workloads’ proxy.

• array

  .spec .jwtRules[] .audiences

  The list of JWT audiences that are allowed to access.

• boolean

  .spec .jwtRules[] .forwardOriginalToken

  If set to true, the original token will be kept for the upstream request.

• array

  .spec .jwtRules[] .fromCookies

  List of cookie names from which JWT is expected.

• array

  .spec .jwtRules[] .fromHeaders

  List of header locations from which JWT is expected.

• string required

  .spec .jwtRules[] .fromHeaders[] .name

  The HTTP header name.

• string

  .spec .jwtRules[] .fromHeaders[] .prefix

  The prefix that should be stripped before decoding the token.

• array

  .spec .jwtRules[] .fromParams

  List of query parameters from which JWT is expected.

• string required

  .spec .jwtRules[] .issuer

  Identifies the issuer that issued the JWT.

• string

  .spec .jwtRules[] .jwks

  JSON Web Key Set of public keys to validate signature of the JWT.

• string

  .spec .jwtRules[] .jwks_uri

  URL of the provider’s public key set to validate signature of the JWT.

• string

  .spec .jwtRules[] .jwksUri

  URL of the provider’s public key set to validate signature of the JWT.

• array

  .spec .jwtRules[] .outputClaimToHeaders

  This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.

• string required

  .spec .jwtRules[] .outputClaimToHeaders[] .claim

  The name of the claim to be copied from.

• string required

  .spec .jwtRules[] .outputClaimToHeaders[] .header

  The name of the header to be created.

• string

  .spec .jwtRules[] .outputPayloadToHeader

  This field specifies the header name to output a successfully verified JWT payload to the backend.

• string

  .spec .jwtRules[] .timeout

  The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.

• object

  .spec .selector

  Optional.

• object

  .spec .selector .matchLabels

  One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.

• object

  .spec .targetRef

• string

  .spec .targetRef .group

  group is the group of the target resource.

• string required

  .spec .targetRef .kind

  kind is kind of the target resource.

• string required

  .spec .targetRef .name

  name is the name of the target resource.

• string

  .spec .targetRef .namespace

  namespace is the namespace of the referent.

• array

  .spec .targetRefs

  Optional.

• string

  .spec .targetRefs[] .group

  group is the group of the target resource.

• string required

  .spec .targetRefs[] .kind

  kind is kind of the target resource.

• string required

  .spec .targetRefs[] .name

  name is the name of the target resource.

• string

  .spec .targetRefs[] .namespace

  namespace is the namespace of the referent.

• object

  .status

• array

  .status .conditions

  Current service state of the resource.

• string

  .status .conditions[] .lastProbeTime

  Last time we probed the condition.

• string

  .status .conditions[] .lastTransitionTime

  Last time the condition transitioned from one status to another.

• string

  .status .conditions[] .message

  Human-readable message indicating details about last transition.

• integer | string

  .status .conditions[] .observedGeneration

  Resource Generation to which the Condition refers.

• string

  .status .conditions[] .reason

  Unique, one-word, CamelCase reason for the condition’s last transition.

• string

  .status .conditions[] .status

  Status is the status of the condition.

• string

  .status .conditions[] .type

  Type is the type of the condition.

• integer | string

  .status .observedGeneration

• array

  .status .validationMessages

  Includes any errors or warnings detected by Istio’s analyzers.

• string

  .status .validationMessages[] .documentationUrl

  A url pointing to the Istio documentation for this specific error type.

• string

  .status .validationMessages[] .level

  Represents how severe a message is.

  Valid Options: UNKNOWN, ERROR, WARNING, INFO

• object

  .status .validationMessages[] .type

• string

  .status .validationMessages[] .type .code

  A 7 character code matching ^IST[0-9]{4}$ intended to uniquely identify the message type.

• string

  .status .validationMessages[] .type .name

  A human-readable name for the message type.