Add minimal examples to make it easier to get started #252
Conversation
Signed-off-by: Ignasi Barrera <[email protected]>
|
I would suggest including a RequestAuthentication and ALLOW AuthorizationPolicy which verify the JWT in the example config. Maybe include a comment to inform users that the CUSTOM AuthorizationPolicy runs first and these run afterwards. Prior to #187 and #223, this was really the only way to deploy authservice safely: various requests would be allowed through authservice in undesired ways, mostly bypassing authentication. Having Istio perform JWT validation after authservice mitigated this and was the previous recommendation from the authservice developers: #140 (comment). I think all of those old issues have been resolved now, and this would now just be extra defense in depth. (If the official recommendation has changed and Istio validation of the JWT is no longer considered required, some updated documentation would be appreciated.) |
|
Sounds good. I'll add those examples! |
Signed-off-by: Ignasi Barrera <[email protected]>
|
Done |
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #252 +/- ##
=======================================
Coverage ? 90.64%
=======================================
Files ? 25
Lines ? 1603
Branches ? 0
=======================================
Hits ? 1453
Misses ? 107
Partials ? 43 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nacx, sergicastro The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The only configs we had are the
e2eones, but it may be hard to get there when you're just trying to get started.Having a minimal set of configs that are easy to copy/paste will be very helpful.