Optional. List of CIDR ranges to match based on source IP address. At least one
IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
"1.2.3.0/24") are supported. Authorization based on source IP alone
should be avoided. The IP addresses of any load balancers or proxies
should be considered untrusted.
Optional. List of CIDR ranges to match based on source IP address. At least one
IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
"1.2.3.0/24") are supported. Authorization based on source IP alone
should be avoided. The IP addresses of any load balancers or proxies
should be considered untrusted.
Optional. List of CIDR ranges to match based on source IP address. At least one
IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
"1.2.3.0/24") are supported. Authorization based on source IP alone
should be avoided. The IP addresses of any load balancers or proxies
should be considered untrusted.
Optional. List of CIDR ranges to match based on source IP address. At least one
IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
"1.2.3.0/24") are supported. Authorization based on source IP alone
should be avoided. The IP addresses of any load balancers or proxies
should be considered untrusted.
Optional. List of peer identities to match for authorization. At least one
principal should match. Each peer can be an exact match, or a prefix
match (example, "namespace/*") or a suffix match (example,
"/service-account") or a presence match "". Authorization based on
the principal name without certificate validation (configured by
ServerTlsPolicy resource) is considered insecure.
Optional. List of peer identities to match for authorization. At least one
principal should match. Each peer can be an exact match, or a prefix
match (example, "namespace/*") or a suffix match (example,
"/service-account") or a presence match "". Authorization based on
the principal name without certificate validation (configured by
ServerTlsPolicy resource) is considered insecure.
Optional. List of peer identities to match for authorization. At least one
principal should match. Each peer can be an exact match, or a prefix
match (example, "namespace/*") or a suffix match (example,
"/service-account") or a presence match "". Authorization based on
the principal name without certificate validation (configured by
ServerTlsPolicy resource) is considered insecure.
Optional. List of peer identities to match for authorization. At least one
principal should match. Each peer can be an exact match, or a prefix
match (example, "namespace/*") or a suffix match (example,
"/service-account") or a presence match "". Authorization based on
the principal name without certificate validation (configured by
ServerTlsPolicy resource) is considered insecure.