我的书签
添加书签
移除书签RequestAuthentication
- Require JWT for all request for workloads that have label
- The next example shows how to set a different JWT requirement for a different
host. TheRequestAuthenticationdeclares it can accept JWTs issued by eitherissuer-fooorissuer-bar(the public key set is implicitly set from the OpenID Connect spec).
- You can fine tune the authorization policy to set different requirement per path. For example, to require JWT on all paths, except /healthz, the same can be used, but the authorization policy could be:
[Experimental] Routing based on derived is now supported. A prefix ‘@’ is used to denote a match against internal metadata instead of the headers in the request. Currently this feature is only supported for the following metadata:
- RequestAuthentication to decode and validate a JWT. This also makes the available for use in the VirtualService.
- AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request.
