Fix authn-policy task: add missing cleanup and a dependent lib (#4410)

* add missing cleanup step for authn policy task section 1 The "*.local" rule created in "Globally enabling Istio mutual TLS" was not removed during the cleanup section, leading to unexpected 503s for users continuing on to the next section (enabling per-namespace). * Note that jwcrypto needs to be present to run gen_jwt.py * Apply suggestions from code review Co-Authored-By: Rigs Caballero <grca@google.com>
2019-06-17 12:44:13 -07:00 · 2019-06-17 12:44:13 -07:00 · fe3de42870
parent 0c936f92f5
commit fe3de42870
2 changed files with 7 additions and 0 deletions
--- a/.spelling
+++ b/.spelling
@ -263,6 +263,7 @@ jason
 Jog
 json
 JSON-formatted
+jwcrypto
 JWT
 jwt.io
 JWTs
--- a/content/docs/tasks/security/authn-policy/index.md
+++ b/content/docs/tasks/security/authn-policy/index.md
@ -266,6 +266,7 @@ Remove global authentication policy and destination rules added in the session:
 $ kubectl delete meshpolicy default
 $ kubectl delete destinationrules httpbin-legacy -n legacy
 $ kubectl delete destinationrules api-server -n istio-system
+$ kubectl delete destinationrules default -n istio-system
 {{< /text >}}

 ## Enable mutual TLS per namespace or service
@ -590,6 +591,11 @@ You also need the `key.pem` file:
 $ wget {{< github_file >}}/security/tools/jwt/samples/key.pem
 {{< /text >}}

+{{< tip >}}
+Download the [jwcrypto](https://pypi.org/project/jwcrypto) library,
+if you haven't installed it on your system.
+{{< /tip >}}
+
 For example, the command below creates a token that
 expires in 5 seconds. As you see, Istio authenticates requests using that token successfully at first but rejects them after 5 seconds: