Merge branch 'master' of https://github.com/istio-ecosystem/authservice…

… into ingress-doc Signed-off-by: Jianfei Hu <[email protected]> Signed-off-by: Jianfei Hu <[email protected]>
istio-ecosystem · Aug 14, 2021 · b200744 · b200744
2 parents b6a1e53 + 1bc4289
commit b200744
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/bookinfo-example/README.md b/bookinfo-example/README.md
@@ -17,7 +17,7 @@ create one.
    export OIDC_CLIENT_SECRET="<your-client-secret>"
    ```
 
-1. Install Istio for 1.9 or later.
+1. Install Istio 1.9 or later.
 
    ```shell
    istioctl install -y
@@ -38,6 +38,8 @@ URI to be hosted on a protected endpoint.
    kubectl edit cm -n istio-system
    ```
 
+   Change the mesh config with the config below.
+
    ```yaml
    data:
    mesh: |-
@@ -50,7 +52,6 @@ URI to be hosted on a protected endpoint.
 
 1. Install authservice via Helm.
 
-
    ```shell
    helm template authservice \
       --set oidc.clientID=${OIDC_CLIENT_ID} \
@@ -73,10 +74,10 @@ can access specific apps, at specific paths. For example, you can apply the samp
 to only allow authenticated request to access productpage service.
 
 ```shell
-kubectl apply -f ./config/idtoken-authn-authz.yaml
+kubectl apply -f ./config/productpage-authn-authz.yaml
 ```
 
-## Configure OIDC at Ingress Gateway
+## Configure OIDC flow at Ingress Gateway
 
 TODO(incfly): write it up with sample config and setup.
 

diff --git a/bookinfo-example/authservice/templates/deployment.yaml b/bookinfo-example/authservice/templates/deployment.yaml
@@ -22,8 +22,7 @@ spec:
             name: authservice
       containers:
       - name: authservice # authservice needs to be deployed in the sample Pod as the productpage
-        # TODO(incfly): change to a proper project wide container registry.
-        image: gcr.io/jianfeih-images-pub/authservice/authservice:0.4.1 # Manually docker pull the latest authservice image from https://github.com/istio-ecosystem/authservice/packages and push it to your own image registry (e.g. Docker Hub), and use it here. (The Github Package Registry does not work with k8s yet until this issue is fixed and released: https://github.com/kubernetes-sigs/kind/issues/870)
+        image: {{ .Values.authservice.image }}
         imagePullPolicy: Always
         ports:
           - containerPort: 10003

diff --git a/bookinfo-example/authservice/values.yaml b/bookinfo-example/authservice/values.yaml
@@ -1,11 +1,13 @@
-image:
-  repository: gcr.io/jianfeih-images-pub/authservice/authservice:0.4.1
+authservice:
+  # TODO(incfly): change to a proper project wide container registry.
+  image: gcr.io/jianfeih-images-pub/authservice/authservice:0.4.1
 
 oidc:
   idpURL: https://account.google.com
   authorizationURI: "https://accounts.google.com/o/oauth2/v2/auth"
   tokenURI: "https://oauth2.googleapis.com/token"
   clientID: your-client-id
   clientSecret: your-client-secret
-  jwks: "json-string-to-bep-pasted-here"
+  # JSON string containing the identity provider's public key for validating id token.
+  # jwks: "<>"