deploy-templates/templates/istio-requestauth.yaml (51 lines of code) (raw):
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: {{ template "geoServer.fullname" . }}-request-api-auth
spec:
selector:
matchLabels:
{{- include "geoServer.labels" . | nindent 8 }}
jwtRules:
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.external" . }}
jwksUri: {{ template "jwksUri.external" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.admin" . }}
jwksUri: {{ template "jwksUri.admin" . }}
{{- if .Values.keycloak.customHost }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.external" . }}
jwksUri: {{ template "jwksUri.external" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.admin" . }}
jwksUri: {{ template "jwksUri.admin" . }}
{{- end }}