Add more details in guideline for Auth Istio&Apisix #485
Conversation
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
for more information, see https://pre-commit.ci
|
@ckhened Please help to have a review~ |
authN-authZ/auth-istio/README.md
Outdated
| First export the router service through istio ingress gateway. | ||
|
|
||
| ```bash | ||
| kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_router_gateway.yaml |
There was a problem hiding this comment.
This file is only used for option: via JWT token generated by OIDC providers with curl
Why it is defined in the prerequisite section?
There was a problem hiding this comment.
I think this has no relationship with the token generation way. It is just from istio gateway, and should be added for all megaservices if you want to do authentication.
There was a problem hiding this comment.
Well, understand. But for authentication with the oauth service, another gateway configuration needs to get applied since there are some extra configuration. Applying both of them might introduce conflicts or complexity. So if you want to set the gateway anyway, please put the steps in each section, instead of putting the step in the Prerequisite section.
There was a problem hiding this comment.
Thanks for your suggestion. Putting the steps in each section will be duplicated. Thus I add "Optional" to this part and add a suggestion for this, do you think it's work?
There was a problem hiding this comment.
Thanks for your suggestion. Putting the steps in each section will be duplicated. Thus I add "Optional" to this part and add a suggestion for this, do you think it's work?
Well. I think it is a must for all options to find the ingress port and ip address, but for the step kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_router_gateway.yaml, it is ONLY used for the first two options of authentication, and NOT needed(instead of optional) for the third option, as it shall only use kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_router_gateway_oauth.yaml instead.
There was a problem hiding this comment.
Thanks for your explanation!! I have just move this part to "Perform authentication and authorization via JWT tokens generated by OIDC provider" section as your original sequence, please have a check~
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
for more information, see https://pre-commit.ci
authN-authZ/auth-istio/README.md
Outdated
| First export the router service through istio ingress gateway. | ||
|
|
||
| ```bash | ||
| kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_router_gateway.yaml |
There was a problem hiding this comment.
Well, understand. But for authentication with the oauth service, another gateway configuration needs to get applied since there are some extra configuration. Applying both of them might introduce conflicts or complexity. So if you want to set the gateway anyway, please put the steps in each section, instead of putting the step in the Prerequisite section.
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
Signed-off-by: Xinyao Wang <xinyao.wang@intel.com>
for more information, see https://pre-commit.ci
Description
Add more details in guideline for Auth Istio&Apisix
Issues
List the issue or RFC link this PR is working on. If there is no such link, please mark it as
n/a.Type of change
List the type of change like below. Please delete options that are not relevant.
Dependencies
List the newly introduced 3rd party dependency if exists.
Tests
Describe the tests that you ran to verify your changes.