github.com/cilium/cilium@v1.16.2/Documentation/configuration/api-restrictions.rst

github.com/cilium/cilium@v1.16.2/Documentation/configuration/api-restrictions.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  *****************************
     8  Administrative API Enablement
     9  *****************************
    10  
    11  Cilium 1.14 introduced a new set of flags that you can use to selectively
    12  enable which API endpoints are exposed to clients. When an API client makes a
    13  request to an API endpoint that is administratively disabled, the server
    14  responds with an HTTP 403 Forbidden error.
    15  
    16  You can configure the option with a list of endpoints as described in the
    17  following sections, or by specifying an option with the ``*`` suffix. If ``*``
    18  is provided directly as a flag value, then all APIs are enabled. If there is
    19  text before the ``*``, then the API flag must start with that prefix in order
    20  for the flag to enable that option. For example, ``Get*`` enables all read-only
    21  "GET" APIs without enabling any write APIs.
    22  
    23  The cilium-agent relies on several of these APIs for its basic duties. In
    24  particular, disabling the following APIs will likely cause significant
    25  disruption to agent operations:
    26  
    27  - ``GetConfig``
    28  - ``GetHealthz``
    29  - ``PutEndpointID``
    30  - ``DeleteEndpointID``
    31  - ``PostIPAM``
    32  - ``DeleteIPAMIP``
    33  
    34  The following sections outline the flags for different Cilium binaries and the
    35  API endpoints that may be configured using those flags.
    36  
    37  .. include:: api-restrictions-table.rst