Authenticating microservices requests in Kubernetes #326
Conversation
There was a problem hiding this comment.
I feel like some of these comments are tiny, I can just amend them myself. I'm creating more work for you here.
I will raise a PR against your repo with some of the changes.
I think we could have saved the back and forth with a local branch.
Maybe next time.
Approving, but raising a PR on yours.
|
|
||
| How would the secret store decide to authenticate or deny the request? | ||
|
|
||
| A popular approach is to request and pass identity tokens to every call within services. So instead of |
There was a problem hiding this comment.
I know this sounds weird, but I have a single sentence per paragraph.
The content is spaced and easier to read.
There was a problem hiding this comment.
What if we have a linter rule to detect this? How do you want to cover multi-sentence items in a list?
|
|
||
| - You could use static tokens that don’t expire (and perhaps hardcoding them in the applications that | ||
| communicate with each other and removing the need for an authorisation server at all) | ||
| - You could use oAuth by setting up an internal oAuth server |
There was a problem hiding this comment.
All bullet points should terminate with a full stop.
|
|
||
| ## Setting up | ||
|
|
||
| You will need access to a Kubernetes cluster with the ServiceAccountVolume projection feature enabled. |
There was a problem hiding this comment.
ServiceAccountVolume projection -> link to the official docs.
Thanks, did you raise a PR already? I cannot see any. |
|
I did not. I think it's easier if you push a local branch and we work together on that |
|
Sure. Do you want to merge this PR? Then I can create a branch and push
where we can collaborate? Or did you mean something else?
…On Wed, 11 Nov 2020, 12:03 pm Daniele Polencic, ***@***.***> wrote:
I did not. I think it's easier if you push a local branch and we work
together on that
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#326 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD5EVU7MEMLPWYVMMCI5BTSPHPFJANCNFSM4TOENLUA>
.
|
|
We can merge this PR, but then I'm not sure how I will able to comment on it. |
|
On 11 Nov 2020, at 12:33 pm, Daniele Polencic ***@***.***> wrote:
We can merge this PR, but then I'm not sure how I will able to comment on it.
I think you could push the branch as a local branch.
If you can, add the amendments (which otherwise I will have to re-do).
How about I do this?
1. I push your suggested amendments to my fork’s branch (same as the PR)
2. (1) will update the PR automatically
Does that sound close to what you had in mind?
… —
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub <#326 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD5EVVEH3MEEIF35Z3WTKTSPHSXLANCNFSM4TOENLUA>.
|
|
that's ok. But once you have the changes, can you push the same branch to this repo as well? |
|
Closing this in favor of #327 |
This PR creates the content for the article "Authenticating microservices requests in Kubernetes".