kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update misleading documentation 

Update misleading information that HTTPS is required and link to self-documented code to find more edge-case configuration options
pull/26018/head
Charly Rippenkroeger 2021-01-08 13:40:07 -06:00 committed by GitHub
parent a66af45c21
commit e72ec8fbd0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/en/docs/reference/access-authn-authz/authentication.md
View File

@ -457,7 +457,7 @@ clusters:
- name: name-of-remote-authn-service
cluster:
certificate-authority: /path/to/ca.pem # CA for verifying the remote service.
server: https://authn.example.com/authenticate # URL of remote service to query. Must use 'https'.
server: https://authn.example.com/authenticate # URL of remote service to query. 'https' recommended for production.
# users refers to the API server's webhook configuration.
users:
@ -475,6 +475,8 @@ contexts:
name: webhook
```
Refer to [Cluster Struct](https://github.com/kubernetes/kubernetes/blob/2b8cac754c88900ea3ad91d6c3f0997b602a3051/staging/src/k8s.io/client-go/tools/clientcmd/api/v1/types.go#L63) for more configuration options.
When a client attempts to authenticate with the API server using a bearer token as discussed [above](#putting-a-bearer-token-in-a-request),
the authentication webhook POSTs a JSON-serialized `TokenReview` object containing the token to the remote service.