diff --git a/charts/gateway-helm/templates/_rbac.tpl b/charts/gateway-helm/templates/_rbac.tpl index f0107bb6fe16..68cbe6be8fa2 100644 --- a/charts/gateway-helm/templates/_rbac.tpl +++ b/charts/gateway-helm/templates/_rbac.tpl @@ -64,12 +64,10 @@ apiGroups: - gateway.envoyproxy.io resources: - envoyproxies -- authenticationfilters - envoypatchpolicies - clienttrafficpolicies - backendtrafficpolicies - securitypolicies -- ratelimitfilters verbs: - get - list diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index c4b160c5c74e..d47d1de2b866 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -42,21 +42,19 @@ import ( ) const ( - classGatewayIndex = "classGatewayIndex" - gatewayTLSRouteIndex = "gatewayTLSRouteIndex" - gatewayHTTPRouteIndex = "gatewayHTTPRouteIndex" - gatewayGRPCRouteIndex = "gatewayGRPCRouteIndex" - gatewayTCPRouteIndex = "gatewayTCPRouteIndex" - gatewayUDPRouteIndex = "gatewayUDPRouteIndex" - secretGatewayIndex = "secretGatewayIndex" - targetRefGrantRouteIndex = "targetRefGrantRouteIndex" - backendHTTPRouteIndex = "backendHTTPRouteIndex" - backendGRPCRouteIndex = "backendGRPCRouteIndex" - backendTLSRouteIndex = "backendTLSRouteIndex" - backendTCPRouteIndex = "backendTCPRouteIndex" - backendUDPRouteIndex = "backendUDPRouteIndex" - rateLimitFilterHTTPRouteIndex = "rateLimitHTTPRouteIndex" - rateLimitFilterGRPCRouteIndex = "rateLimitGRPCRouteIndex" + classGatewayIndex = "classGatewayIndex" + gatewayTLSRouteIndex = "gatewayTLSRouteIndex" + gatewayHTTPRouteIndex = "gatewayHTTPRouteIndex" + gatewayGRPCRouteIndex = "gatewayGRPCRouteIndex" + gatewayTCPRouteIndex = "gatewayTCPRouteIndex" + gatewayUDPRouteIndex = "gatewayUDPRouteIndex" + secretGatewayIndex = "secretGatewayIndex" + targetRefGrantRouteIndex = "targetRefGrantRouteIndex" + backendHTTPRouteIndex = "backendHTTPRouteIndex" + backendGRPCRouteIndex = "backendGRPCRouteIndex" + backendTLSRouteIndex = "backendTLSRouteIndex" + backendTCPRouteIndex = "backendTCPRouteIndex" + backendUDPRouteIndex = "backendUDPRouteIndex" ) type gatewayAPIReconciler struct { diff --git a/site/content/en/latest/user/jwt-authentication.md b/site/content/en/latest/user/jwt-authentication.md index 88a79a5a81cc..239bca9b88c3 100644 --- a/site/content/en/latest/user/jwt-authentication.md +++ b/site/content/en/latest/user/jwt-authentication.md @@ -6,8 +6,8 @@ This guide provides instructions for configuring [JSON Web Token (JWT)][jwt] aut if an incoming request has a valid JWT before routing the request to a backend service. Currently, Envoy Gateway only supports validating a JWT from an HTTP header, e.g. `Authorization: Bearer `. -Envoy Gateway introduces a new CRD called [SecurityPolicy][] that allows the user to configure JWT authentication. -This instantiated resource can be linked to a [Gateway][], [HTTPRoute][] or [GRPCRoute][] resource. +Envoy Gateway introduces a new CRD called [SecurityPolicy][SecurityPolicy] that allows the user to configure JWT authentication. +This instantiated resource can be linked to a [Gateway][Gateway], [HTTPRoute][HTTPRoute] or [GRPCRoute][GRPCRoute] resource. ## Prerequisites @@ -17,7 +17,8 @@ Before proceeding, you should be able to query the example backend using HTTP or ## Configuration -Allow requests with a valid JWT by creating an [SecurityPolicy][] and attaching it to the example HTTPRoute or GRPCRoute. +Allow requests with a valid JWT by creating an [SecurityPolicy][SecurityPolicy] and attaching it to the example +HTTPRoute or GRPCRoute. ### HTTPRoute @@ -164,3 +165,6 @@ Checkout the [Developer Guide](../../contributions/develop/) to get involved in [SecurityPolicy]: https://gateway.envoyproxy.io/latest/design/security-policy [jwt]: https://tools.ietf.org/html/rfc7519 [jwks]: https://tools.ietf.org/html/rfc7517 +[Gateway]: https://gateway-api.sigs.k8s.io/api-types/gateway +[HTTPRoute]: https://gateway-api.sigs.k8s.io/api-types/httproute +[GRPCRoute]: https://gateway-api.sigs.k8s.io/api-types/grpcroute