WorkloadConfiguration specifies configuration of the workload handling.
For example,
authentication:
jwt:
issuers:
- issuer: "https://mycompany.corp"
jwksUri: "https://mycompany.corp/jwks.json"
shortName: "mycorp"
tokenFields:
attributes:
jsonPath: .custom_attributes
deregistration:
propagationDelay: 15s
JwtAuthenticationConfiguration
JwtAuthenticationConfiguration specifies configuration of the workload authentication by means of an OIDC ID Token.
Field | Description | Validation Rule |
---|---|---|
issuers |
List of tetrateio.api.onboarding.config.install.v1alpha1.JwtIssuer If a workload authenticates itself by means of an OIDC ID Token, the issuer of that token must be present in this list, otherwise authentication attempt will be declined. |
repeated = { |
WorkloadAuthenticationConfiguration
WorkloadAuthenticationConfiguration specifies configuration of the workload authentication.
Field | Description | Validation Rule |
---|---|---|
jwt |
tetrateio.api.onboarding.config.install.v1alpha1.JwtAuthenticationConfiguration |
– |
WorkloadConfiguration
WorkloadConfiguration specifies configuration of the workload handling.
Field | Description | Validation Rule |
---|---|---|
authentication |
tetrateio.api.onboarding.config.install.v1alpha1.WorkloadAuthenticationConfiguration |
– |
deregistration |
tetrateio.api.onboarding.config.install.v1alpha1.WorkloadDeregistrationConfiguration |
– |
WorkloadDeregistrationConfiguration
WorkloadDeregistrationConfiguration specifies configuration of the workload deregistration.
Field | Description | Validation Rule |
---|---|---|
propagationDelay |
google.protobuf.Duration During this time interval affected proxies will continue making requests to the deregistered workload until the respective configuration update arrives. To prevent traffic loss, As a rule of thumb, this value should remain relatively small, e.g. under
15 seconds. The reason for this is that shutdown flow on the workload’s side
is time-boxed. E.g., on VMs there is a stop timeout enforced by SystemD,
while on AWS ECS there is a stop timeout enforced by ECS Agent. If you pick
a delay value that is too big, Defaults to |
duration = { |