SessionHandling
microgateway.airlock.com/v1alpha1
SessionHandling contains the configuration for session handling.
apiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
name: session-handling-example
spec:
persistence:
# Specify the Redis database where sessions should be stored
redisProviderRef:
name: redis-provider-example
defaultTimeouts:
# Specify maximum lifetime of a session
lifetime: 16h
prefix: session_prefix_exampleapiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
name: defaultSessionHandling
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
| spec | object | Specification of the desired session handling behavior. | yes |
SessionHandling.spec
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| defaultTimeouts | object | DefaultTimeouts specifies the session timeouts to apply when not provided by the authentication method. | no | ||
| persistence | object | Persistence configures where to store the session state. | yes | ||
prefix |
string | Prefix specifies the prefix under which the sessions should be stored in the persistence layer. If not specified, an automatic prefix derived from the namespaced SessionHandling CR name is used, which ensures that sessions will always be isolated on Microgateways configured with different SessionHandling CRs, even if they share the same persistence backend. To allow session sharing between different Microgateway deployments, ensure that the prefix and persistence backend is the same across all corresponding SessionHandling CRs. Note: Session cookies are currently never shared across different fully qualified domain names (FQDNs) and authentication via different OIDC Relying Parties generates different session cookies. Clients will therefore only able to transparently reuse session cookies for connecting to different Microgateway deployments if those are a) exposed under the same FQDN and b) handle authentication via the same OIDC Relying Party. |
no |
SessionHandling.spec.defaultTimeouts
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| lifetime | string | Lifetime specifies the maximum duration a session can exist. | no | 12h |
See link |
SessionHandling.spec.persistence
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| redisProviderRef | object | RedisProviderRef specifies to cache session information in the provided Redis instance. | yes |
SessionHandling.spec.persistence.redisProviderRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |