Update misleading documentation
Update misleading information that HTTPS is required and link to self-documented code to find more edge-case configuration optionspull/26018/head
Charly Rippenkroeger
GitHub
parent
a66af45c21
commit
e72ec8fbd0
|
|
@ -457,7 +457,7 @@ clusters:
|
||||||
- name: name-of-remote-authn-service
|
- name: name-of-remote-authn-service
|
||||||
cluster:
|
cluster:
|
||||||
certificate-authority: /path/to/ca.pem # CA for verifying the remote service.
|
certificate-authority: /path/to/ca.pem # CA for verifying the remote service.
|
||||||
server: https://authn.example.com/authenticate # URL of remote service to query. Must use 'https'.
|
server: https://authn.example.com/authenticate # URL of remote service to query. 'https' recommended for production.
|
||||||
|
|
||||||
# users refers to the API server's webhook configuration.
|
# users refers to the API server's webhook configuration.
|
||||||
users:
|
users:
|
||||||
|
|
@ -475,6 +475,8 @@ contexts:
|
||||||
name: webhook
|
name: webhook
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Refer to [Cluster Struct](https://github.com/kubernetes/kubernetes/blob/2b8cac754c88900ea3ad91d6c3f0997b602a3051/staging/src/k8s.io/client-go/tools/clientcmd/api/v1/types.go#L63) for more configuration options.
|
||||||
|
|
||||||
When a client attempts to authenticate with the API server using a bearer token as discussed [above](#putting-a-bearer-token-in-a-request),
|
When a client attempts to authenticate with the API server using a bearer token as discussed [above](#putting-a-bearer-token-in-a-request),
|
||||||
the authentication webhook POSTs a JSON-serialized `TokenReview` object containing the token to the remote service.
|
the authentication webhook POSTs a JSON-serialized `TokenReview` object containing the token to the remote service.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue