Advanced K8s Gateway Configuration

Access Methods Configuration Parameters

Parameter

Description

defaultsConf.defaultSamlAccessId

Default SAML Access ID to be used for logging in to the Gateway Console using the SAML authentication method.

defaultsConf.defaultOidcAccessId

Default OIDC Access ID to be used for logging in to the Gateway Console using the OIDC authentication method.

You can also configure these parameters using the Web interface of the Gateway Configuration Manager.

TLS Configuration Parameters

Parameter

Description

TLSConf.akeylessWebUI

Default value: false

Allows configuring TLS for the Gateway Console.

If you enable TLS for this component, you must provide a TLS certificate and a private key.

TLSConf.vaultProxy

Default value: false

Allows configuring TLS for the Vault Proxy.

If you enable TLS for this component, you must provide a TLS certificate and a private key.

TLSConf.akeylessAPIServices

Default value: false

Allows configuring TLS for the Akeyless API Services.

If you enable TLS for this component, you must provide a TLS certificate and a private key.

TLSConf.configurationManager

Default value: false

Allows configuring TLS for the Gateway Configuration Manager.

If you enable TLS for this component, you must provide a TLS certificate and a private key.

TLSConf.tlsExistingSecretName

Value: the name of the Kubernetes secret

You can provide the certificate and the key using the existing secret in Kubernetes.

The secret must include:

  • akeyless-api-cert.crt (base64-encoded)
  • akeyless-api-cert.key (base64-encoded)

If you provide the key and the certificate using this secret, the corresponding parameters below must be left blank.

TLSConf.tlsCertificate

Value:
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

A base64-encoded content of the certificate.

TLSConf.tlsPrivateKey

Value:
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

A base64-encoded content of the RSA private key.

You can also configure TLS parameters using the Web interface of the Gateway Configuration Manager.

Cache Configuration Parameters

Parameter

Description

cachingConf.enabled

Default value: false

Enables caching functionality.

cachingConf.cacheTTL

Default value: 60 minutes

Sets the amount of time (in minutes) during which a secret should be kept in the cache.

cachingConf.proActiveCaching.enabled

Default value: false

Enables proactive caching functionality.

cachingConf.proActiveCaching.minimumFetchingTime

Default value: 5 minutes

Instructs the system to update secrets in the cache if they are older than the specified value.

cachingConf.proActiveCaching.dumpInterval

Default value: 1 minute

Sets the amount of time (in minutes) between the two consecutive backups of cached secrets.

You can also configure Caching parameters using the Web interface of the Gateway Configuration Manager.


Did this page help you?