Created
January 13, 2019 14:58
-
-
Save rinormaloku/df5bdd7908898c98e51497ce6ee7f48b to your computer and use it in GitHub Desktop.
[Authentication Policy] istio policy for the series https://rinormaloku.com/istio-an-introduction/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: authentication.istio.io/v1alpha1 | |
| kind: Policy | |
| metadata: | |
| name: auth-policy | |
| spec: | |
| targets: | |
| - name: sa-web-app | |
| - name: sa-feedback | |
| origins: | |
| - jwt: | |
| issuer: "https://{YOUR_DOMAIN}/" | |
| jwksUri: "https://{YOUR_DOMAIN}/.well-known/jwks.json" | |
| principalBinding: USE_ORIGIN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@rinormaloku: We just discussed about JWKS and potential caching. It looks like there is an option available:
https://github.com/istio/api/blob/2b2fabd451530ae28003830c52f0ca43ca63be14/envoy/config/filter/http/jwt_auth/v2alpha1/config.proto#L89
Maybe you can add this to your example :)