Provide more authentication mechanisms? #1189
Labels
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Comments
|
Hello 👋 Just in case you missed it, Kourier has support for ext-authz configuration, that is mapped to Envoy's This can be useful to implement your own auth logic (e.g. validate a JWT), as you can write whatever you want behind the ext-authz service (configured with |
|
This issue is stale because it has been open for 90 days with no |
github-actions
bot
added
the
lifecycle/stale
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As kourier is using envoyproxy as data plane, it makes it possible to use wide range of existing http filters. These just need to be provisioned by kourier to make things working.
So I am kind of proposing to support new authentication mechanisms in kourier. These mechanisms could be like JWT and OIDC. Envoyproxy gateway uses crd to target policies to correct virtual host https://github.com/envoyproxy/gateway/blob/main/api/v1alpha1/securitypolicy_types.go#L26
I am thinking could kourier support something similar? crd that can be targeted to
ksvcordomainmappingand then specify authentication configuration. Of course it would be useful to have CORS as well, when we play with these tokens.The text was updated successfully, but these errors were encountered: