3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-24 12:08:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: additional kubernetes token source support (#1200)

Browse source
This commit is contained in:
Travis Groth 2020-08-04 09:40:51 -04:00 committed by GitHub
parent a555e5fcc3
commit 01d0f7de6e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/reference/readme.md
View file

@ -961,6 +961,16 @@ Requires setting [Google Cloud Serverless Authentication Service Account](./#goo
`From` is externally accessible source of the proxied request.
### Kubernetes Service Account Token
- `yaml`/`json` setting: `kubernetes_service_account_token` / `kubernetes_service_account_token_file`
- Type: `string` or relative file location containing a Kubernetes bearer token
- Optional
- Example: `eyJ0eXAiOiJKV1QiLCJhbGciOiJ...` or `/var/run/secrets/kubernetes.io/serviceaccount/token`
Use this token to authenticate requests to a Kubernetes API server.
Pomerium will [https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation](impersonate) the Pomerium user's identity, and Kubernetes RBAC can be applied to IdP user and groups.
### Path
- `yaml`/`json` setting: `path`