Skip to content

We're Hiring!
Docs
Plugin Hub
Support
Community
Kong Academy

Get a Demo Start Free Trial

Kong Gateway
Kong Konnect
Kong Mesh
Plugin Hub
decK
Kubernetes Ingress Controller
Insomnia
Kuma

Docs contribution guidelines

2.2.x (latest)
2.1.x
2.0.x
1.9.x
1.8.x
1.7.x
1.6.x
1.5.x
1.4.x
1.3.x
1.2.x

Introduction
Getting Started
Install
- Installation Options
- Kubernetes
- Helm
- OpenShift
- Docker
- Amazon ECS
- Amazon Linux
- Red Hat
- CentOS
- Debian
- Ubuntu
- macOS
- Windows
Deploy
Explore
Networking
Security
Monitor and Manage
Policies
Enterprise Features
Reference docs
- HTTP API
- Annotations and labels in Kubernetes mode
- Kong Mesh data collection
- Resources
- Commands
  - kuma-cp
  - kuma-dp
  - kumactl
- Kuma-cp configuration reference
Community
- Open source License
- Contribute to Mesh

report-issue Report an issue

enterprise-switcher-icon Switch to OSS

Manage admin resources
Generate dataplane token
Generate user token
Generate zone token
View Envoy config dump
View Envoy stats
View Envoy clusters

Kong Mesh

2.1.x

Home
Kong Mesh
Security
Kong Mesh API access control

You are browsing documentation for an outdated version. See the latest documentation here.

Kong Mesh API access control

Kong Mesh provide a simple access control to administrative actions executed on Kong Mesh API Server (port 5681 by default).

Manage admin resources

Admin resources are Secret and GlobalSecret.

KUMA_ACCESS_STATIC_ADMIN_RESOURCES_USERS allows users to manage admin resources. Default is mesh-system:admin.
KUMA_ACCESS_STATIC_ADMIN_RESOURCES_GROUPS allows groups to manage admin resources. Default is mesh-system:admin.

Generate dataplane token

KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_USERS allows users to generate dataplane token. Default mesh-system:admin.
KUMA_ACCESS_STATIC_GENERATE_DP_TOKEN_GROUPS allows groups to generate dataplane token. Default mesh-system:admin.

Generate user token

KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_USERS allows users to generate user token. Default mesh-system:admin.
KUMA_ACCESS_STATIC_GENERATE_USER_TOKEN_GROUPS allows groups to generate user token. Default mesh-system:admin.

Generate zone token

KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_USERS allows users to generate zone token. Default mesh-system:admin.
KUMA_ACCESS_STATIC_GENERATE_ZONE_TOKEN_GROUPS allows groups to generate zone token. Default mesh-system:admin.

View Envoy config dump

KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_USERS allows users to view Envoy config dump. Default is an empty list.
KUMA_ACCESS_STATIC_GET_CONFIG_DUMP_GROUPS allows groups to view Envoy config dump. Default: mesh-system:unauthenticated, mesh-system:authenticated.

View Envoy stats

KUMA_ACCESS_STATIC_VIEW_STATS_USERS allows users to view Envoy stats. Default is an empty list.
KUMA_ACCESS_STATIC_VIEW_STATS_GROUPS allows groups to view Envoy stats. Default: mesh-system:unauthenticated, mesh-system:authenticated.

View Envoy clusters

KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS allows users to view Envoy clusters. Default is an empty list.
KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS allows groups to view Envoy clusters. Default: mesh-system:unauthenticated, mesh-system:authenticated.

Thank you for your feedback.

Was this page useful?

THE CLOUD CONNECTIVITY COMPANY

Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.
- Company
- Customers
- Events
- Investors
- Careers Hiring!
- Partners
- Press
- Contact
Products
Resources
- eBooks
- Webinars
- Briefs
- Blog
- API Gateway
- Microservices
Open Source
Solutions

Terms•Privacy

© Kong Inc. 2023