minor changes

2023-04-22 08:29:03 +02:00 · 2023-04-22 08:29:03 +02:00 · 57ba00a8c5
commit 57ba00a8c5
parent d0751fcbf8
4 changed files with 4 additions and 21 deletions
--- a/Istio/06-Authentication/01-namespaces/deployment_2.yaml
+++ b/Istio/06-Authentication/01-namespaces/deployment_2.yaml
@ -30,7 +30,6 @@ spec:
    metadata:
      labels:
        app: byeworld
-#        sidecar.istio.io/inject: "false"
    spec:
      containers:
        - name: byeworld
--- a/Istio/06-Authentication/02-target-service-accounts/README.md
+++ b/Istio/06-Authentication/02-target-service-accounts/README.md
@ -15,7 +15,7 @@ include_toc: true

 Bla bla bla

-Configuration targeting service accounts
+Configuration targeting service accounts (among others)

 By default, when a pod is deployed, if a service account has not been specified, it will be given the service account `default` from that namespace. 

--- a/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml
+++ b/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml
@ -30,7 +30,6 @@ spec:
    metadata:
      labels:
        app: byeworld
-#        sidecar.istio.io/inject: "false"
    spec:
      containers:
        - name: byeworld
--- a/Istio/06-Authentication/README.md
+++ b/Istio/06-Authentication/README.md
@ -1,29 +1,14 @@
 ## Authentication

- Based on deployments
-
 - Based on namespaces (done)
-
+  
 - Based on method (somewhat done, so I will mark it as valid)

- Based on service account(s)
+- Based on service account(s) (somewhat done)

 - Custom action (it's in alpha feature, should not focus on it for now)

- Audit / logs (shold be the 5th)
-
-
-
-reference (from specific deployment)
-
-https://discuss.istio.io/t/istio-deployment-deny-all-default/10983/6
-
-```yaml
-  rules:
-  - from:
-    - source:
-        principals: ["cluster.local/ns/default/sa/bookinfo-reviews"]
-```
+- Audit / logs (should be the 3th)


 JWT seems important, refer to source.requestPrincipals