Skip to content

Update security FAQs related to per-service enablement. #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 22, 2017
Merged

Update security FAQs related to per-service enablement. #726

merged 6 commits into from
Nov 22, 2017

Conversation

@diemtvu
Copy link
Contributor

@diemtvu diemtvu commented Nov 21, 2017

These are based on features that already checked in to head, and should be available in v0.3

istio/istio#1232

@diemtvu
Copy link
Contributor Author

diemtvu commented Nov 21, 2017

/assign @wattli @myidpt

myidpt
myidpt reviewed Nov 21, 2017
View reviewed changes
_docs/tasks/security/faq.md
periodSeconds: 5
```
* _Can I access the Kubernetes API Server with Auth enabled?_
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add an empty line.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

_docs/tasks/security/faq.md Outdated
* _How to disable Auth on clients to access the Kubernetes API Server (or any control services that don't have Istio sidecar)?_
(Require v0.3 or later) Edit the `mtlsExcludedServices` list in Istio config map to contain the fully-qualified name of the API server (and any other control services for that matter). The default value of `mtlsExcludedServices` already contains `kubernetes.default.svc.cluster.local`, which is the popular service name of the Kubernetes API server.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please indent by 2 spaces, like above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

_docs/tasks/security/faq.md Outdated
* _How to disable Auth on clients to access the Kubernetes API Server (or any control services that don't have Istio sidecar)?_
(Require v0.3 or later) Edit the `mtlsExcludedServices` list in Istio config map to contain the fully-qualified name of the API server (and any other control services for that matter). The default value of `mtlsExcludedServices` already contains `kubernetes.default.svc.cluster.local`, which is the popular service name of the Kubernetes API server.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

popular service name -> default service name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@myidpt
Copy link

myidpt commented Nov 22, 2017

/lgtm
/approve

myidpt
myidpt approved these changes Nov 22, 2017
View reviewed changes
Copy link

@myidpt myidpt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, Diem.

@myidpt
Copy link

myidpt commented Nov 22, 2017

@ldemailly can you approve this? Thanks.

@ldemailly ldemailly merged commit 21e3497 into istio:master Nov 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@myidpt myidpt myidpt approved these changes

@ldemailly ldemailly ldemailly approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diemtvu @myidpt @ldemailly