Article: Authenticating microservices requests in Kubernetes

[amitsaha]

Preview: https://deploy-preview-327--learnk8s.netlify.app/microservices-authentication-kubernetes

[amitsaha]

@danielepolencic it looks like you have made most of the changes you were thinking of - I made a few more edits.

I am not sure why the article isn't showing up in the preview.

[danielepolencic]

A few general notes:

• there are three components: API, data store and secret store. However, the tutorial covers only 2: API + secret store. I think we should remove the data store. Or (even better), we could remove the data store and rename the secret store to data store. At the moment there's a lot of "secret" in the article. Sometimes it's the secret store, sometimes it's kubernetes. If we remove the word secret from the apps, there's no doubt about what secrets we are talking about.
• ca.crt, system:auth-delegator need clarifications. I don't have those in my minikube.
• We ask to open 3 terminal windows, but we do nothing with them. I think from the current copy, two are enough.
• I'd like to figure out why the "projected volume" is called as such.
• I will add some background (and picture) about Role/ClusterRole.
• ClusterRoleBindings use an old API which displays an error in 1.19
• Authentication is not authorization, but the article seems to use the terms interchagably. I think the TokenReview API is authentication, but when you use to verify the audience you are implementing custom authorization.

[amitsaha]

I think the TokenReview API is authentication, but when you use to verify the audience you are implementing custom authorization.

Completely agree with this. So should we just use authentication throughout?

[danielepolencic]

Completely agree with this. So should we just use authentication throughout? I think we need to pay more attention, particularly at the beginning. It's ok to say authorization where we do auth.

[amitsaha]

@danielepolencic i made a few updates related to authn/authz what do you think?