From 336ab2efa2bebbffcef01457ef3bff0486ab37c7 Mon Sep 17 00:00:00 2001
From: Erki Aas <erki@veebkolm.ee>
Date: Tue, 30 Jul 2024 12:40:01 +0300
Subject: [PATCH] update readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 05b0192..155b43d 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ Jump to docs: [inventory-app](hackerspace/README.md) / [cameras](camtiler/README
 - [Slack bots](SLACK.md) and Kubernetes [CLUSTER.md](CLUSTER.md) itself.
 
 [^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns`](bind/README.md) out of the box.
-[^authz]: Applications should prefer `Remote-User` (`kind: OIDCGWMiddlewareClient`), which gates app exposure to the public internet. Where not applicable or possible, use OpenID Connect (`kind: OIDCClient`) for authentication.
+[^authz]: Applications should use OpenID Connect (`kind: OIDCClient`) for authentication, whereever possible. If not possible, use `kind: OIDCMiddlewareClient` client, which will provide authentication via a Traefik middleware (`traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd`). Sometimes you might use both for extra security.
 
 ### Databases / -stores:
 - KeyDB: `kind: KeydbClaim` (replaces Redis[^redisdead])