Dear Alexander,

Thank you for your thoughtful feedback on my article. You're absolutely right about the CSP.ini configuration - I made a mistake in how I represented the Web Gateway configuration. I've updated the article to correctly show:

1. The proper format for CSP Gateway configuration with [SYSTEM] and [APP_PATH] sections
2. The fact that web application security settings like AutheEnabled and LockCSPName are typically configured in IRIS itself, not in CSP.ini

Regarding the IAM deployment, you made a good observation. In our implementation, IAM is indeed specified in the IrisCluster definition, but we manage it as a separate StatefulSet after deployment. I've clarified the implementation steps to better reflect this relationship - deploying the IrisCluster first (which includes IAM in the specification), then performing additional configuration on the IAM component afterward.

Thank you for helping improve the accuracy of the article. Your expertise and attention to detail are much appreciated!

Best regards, Roy

@Anastasia Dyubaylo 
I noticed that the point bonus for covering Kubernetes was not included for my article "Orchestrating secure management access to InterSystems IRIS on AWS EKS and ALB":

https://community.intersystems.com/post/orchestrating-secure-management-access-intersystems-iris-aws-eks-and-alb
 

Please review and let me know if the bonus points can be added. Thank you!

Thank you for sharing the information. I'm currently facing difficulties in establishing a connection with the sidecar web gateway and I'm uncertain about the process of obtaining the URL for its management portal. Furthermore, I would appreciate guidance on enabling external connections to the Kubernetes network, specifically for the sidecar web gateway.