Skip to content
This repository was archived by the owner on May 17, 2024. It is now read-only.

Commit 6521088

Browse files
JoshVanLJoshVanL
committed
Adds no-impersonation documentation
Signed-off-by: JoshVanL <[email protected]>
1 parent 92b1a90 commit 6521088

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

README.md

+1
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,7 @@ users:
127127

128128
## Configuration
129129
- [Token Passthrough](./docs/tasks/token-passthrough.md)
130+
- [No Impersonation](./docs/tasks/no-impersonation.md)
130131

131132
## Development
132133
*NOTE*: building kube-oidc-proxy requires Go version 1.12 or higher.

docs/tasks/no-impersonation.md

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
# No Impersonation
2+
3+
kube-oidc-proxy can be configured to disable impersonation. When a request has
4+
been successfully authenticated, the request is forwarded as-is, without changes
5+
to the HTTP header and no authentication injected by the proxy. The OIDC
6+
bearer token is also kept in the request. This can be useful for securing
7+
endpoints that do not provide OIDC or any authentication methods and do not
8+
implement any authorization.
9+
10+
To disable impersonation, provide the following flag:
11+
12+
```
13+
--disable-impersonation
14+
```

0 commit comments

Comments
 (0)