From 57ba00a8c5bcbe3e3939458621a93e664a318d0d Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Sat, 22 Apr 2023 08:29:03 +0200 Subject: [PATCH] minor changes --- .../01-namespaces/deployment_2.yaml | 1 - .../02-target-service-accounts/README.md | 2 +- .../deployment_2.yaml | 1 - Istio/06-Authentication/README.md | 21 +++---------------- 4 files changed, 4 insertions(+), 21 deletions(-) diff --git a/Istio/06-Authentication/01-namespaces/deployment_2.yaml b/Istio/06-Authentication/01-namespaces/deployment_2.yaml index 297b9d3..69a8412 100755 --- a/Istio/06-Authentication/01-namespaces/deployment_2.yaml +++ b/Istio/06-Authentication/01-namespaces/deployment_2.yaml @@ -30,7 +30,6 @@ spec: metadata: labels: app: byeworld -# sidecar.istio.io/inject: "false" spec: containers: - name: byeworld diff --git a/Istio/06-Authentication/02-target-service-accounts/README.md b/Istio/06-Authentication/02-target-service-accounts/README.md index 056030f..8825737 100755 --- a/Istio/06-Authentication/02-target-service-accounts/README.md +++ b/Istio/06-Authentication/02-target-service-accounts/README.md @@ -15,7 +15,7 @@ include_toc: true Bla bla bla -Configuration targeting service accounts +Configuration targeting service accounts (among others) By default, when a pod is deployed, if a service account has not been specified, it will be given the service account `default` from that namespace. diff --git a/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml b/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml index 297b9d3..69a8412 100755 --- a/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml +++ b/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml @@ -30,7 +30,6 @@ spec: metadata: labels: app: byeworld -# sidecar.istio.io/inject: "false" spec: containers: - name: byeworld diff --git a/Istio/06-Authentication/README.md b/Istio/06-Authentication/README.md index 499fee9..5dc5a91 100644 --- a/Istio/06-Authentication/README.md +++ b/Istio/06-Authentication/README.md @@ -1,29 +1,14 @@ ## Authentication -- Based on deployments - - Based on namespaces (done) - + - Based on method (somewhat done, so I will mark it as valid) -- Based on service account(s) +- Based on service account(s) (somewhat done) - Custom action (it's in alpha feature, should not focus on it for now) -- Audit / logs (shold be the 5th) - - - -reference (from specific deployment) - -https://discuss.istio.io/t/istio-deployment-deny-all-default/10983/6 - -```yaml - rules: - - from: - - source: - principals: ["cluster.local/ns/default/sa/bookinfo-reviews"] -``` +- Audit / logs (should be the 3th) JWT seems important, refer to source.requestPrincipals \ No newline at end of file