deploy-templates/templates/authpolicy-esa.yaml (42 lines of code) (raw):
kind: RequestAuthentication
apiVersion: security.istio.io/v1beta1
metadata:
name: request-auth-{{ .Chart.Name }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
{{- include "ddm-notification-service.selectorLabels" . | nindent 6 }}
jwtRules:
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.admin" . }}
jwksUri: {{ template "jwksUri.admin" . }}
{{- if .Values.keycloak.customHost }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.admin" . }}
jwksUri: {{ template "jwksUri.admin" . }}
{{- end }}