Connection can be either plaintext or TLS, and client cert can be omitted.

Client cert must be presented, connection is in TLS.

Principal will be set to the identity from origin authentication.

Principal will be set to the identity from peer authentication.

JSON Web Token (JWT) token format for authentication as defined by https://tools.ietf.org/html/rfc7519.

Trigger rule to match against a request.

TLS authentication params.

OriginAuthenticationMethod defines authentication method/params for origin authentication.

PeerAuthenticationMethod defines one particular type of authentication, e.g mutual TLS, JWT etc, (no authentication is one type by itself) that can be used for peer authentication.

Policy defines what authentication methods can be accepted on workload(s), and if authenticated, which method/certificate will set the request principal (i.e request.auth.principal attribute).

PortSelector specifies the name or number of a port to be used for matching targets for authentication policy.

Describes how to match a given string.

TargetSelector defines a matching rule to a workload.

Defines the acceptable connection TLS mode.

Associates authentication with request principal.