Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.2.x (latest)
  • 2.1.x
  • 2.0.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • 1.6.x
  • 1.5.x
  • 1.4.x
  • 1.3.x
  • 1.2.x

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this pageOn this page
  • Manage admin resources
  • Generate dataplane token
  • Generate user token
  • Generate zone token
  • View Envoy config dump
  • View Envoy stats
  • View Envoy clusters
Kong Mesh
2.1.x
  • Home
  • Kong Mesh
  • Security
  • Kong Mesh API access control
You are browsing documentation for an outdated version. See the latest documentation here.

Kong Mesh API access control

Kong Mesh provide a simple access control to administrative actions executed on Kong Mesh API Server (port 5681 by default).

Manage admin resources

Admin resources are Secret and GlobalSecret.

  • KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS allows users to manage admin resources. Default is mesh-system:admin.
  • KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS allows groups to manage admin resources. Default is mesh-system:admin.

Generate dataplane token

  • KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS allows users to generate dataplane token. Default mesh-system:admin.
  • KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS allows groups to generate dataplane token. Default mesh-system:admin.

Generate user token

  • KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS allows users to generate user token. Default mesh-system:admin.
  • KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS allows groups to generate user token. Default mesh-system:admin.

Generate zone token

  • KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS allows users to generate zone token. Default mesh-system:admin.
  • KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS allows groups to generate zone token. Default mesh-system:admin.

View Envoy config dump

  • KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS allows users to view Envoy config dump. Default is an empty list.
  • KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS allows groups to view Envoy config dump. Default: mesh-system:unauthenticated, mesh-system:authenticated.

View Envoy stats

  • KUMA_ACCESS_STATIC_VIEW_STATS_USERS allows users to view Envoy stats. Default is an empty list.
  • KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS allows groups to view Envoy stats. Default: mesh-system:unauthenticated, mesh-system:authenticated.

View Envoy clusters

  • KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS allows users to view Envoy clusters. Default is an empty list.
  • KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS allows groups to view Envoy clusters. Default: mesh-system:unauthenticated, mesh-system:authenticated.
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023