KalmProtected Endpoint
ProtectedEndpoint defines the endpoint that needs authorization to access.
For example, the default configuration for Kalm dashboard would look as follows:
apiVersion: core.kalm.dev/v1alpha1
kind: ProtectedEndpoint
metadata:
name: kalm
namespace: kalm-system
spec:
name: kalm
allowToPassIfHasBearerToken: true
ports:
- 3001
It protects the 3001 port of the kalm component.
Protected Endpoint
| Field | Type | Description | Required |
|---|---|---|---|
| name | string | name of the endpoint | True |
| type | ProtectedEndpointType | type of protected endpoint | True |
| ports | uint32[] | the protected service ports | False |
| groups | string[] | groups the user should be in to access protected endpoint. | False |
| allowToPassIfHasBearerToken | bool | Allow auth proxy to let the request pass if it has bearer token. This flag should be set carefully. Please make sure that the upstream can handle the token correctly. Otherwise, client can bypass Kalm SSO by sending a not empty bearer token. | False |
ProtectedEndpointType
| Name | Description |
|---|---|
| Port | Protect a single port of a component |
| Component | Protect all ports of a component |
| HttpRoute | Protect all ports that receive traffic from this route |