You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As kourier is using envoyproxy as data plane, it makes it possible to use wide range of existing http filters. These just need to be provisioned by kourier to make things working.
I am thinking could kourier support something similar? crd that can be targeted to ksvc or domainmapping and then specify authentication configuration. Of course it would be useful to have CORS as well, when we play with these tokens.
The text was updated successfully, but these errors were encountered:
This can be useful to implement your own auth logic (e.g. validate a JWT), as you can write whatever you want behind the ext-authz service (configured with KOURIER_EXTAUTHZ_HOST).
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.
As kourier is using envoyproxy as data plane, it makes it possible to use wide range of existing http filters. These just need to be provisioned by kourier to make things working.
So I am kind of proposing to support new authentication mechanisms in kourier. These mechanisms could be like JWT and OIDC. Envoyproxy gateway uses crd to target policies to correct virtual host https://github.com/envoyproxy/gateway/blob/main/api/v1alpha1/securitypolicy_types.go#L26
I am thinking could kourier support something similar? crd that can be targeted to
ksvc
ordomainmapping
and then specify authentication configuration. Of course it would be useful to have CORS as well, when we play with these tokens.The text was updated successfully, but these errors were encountered: