Introduction to stable Istio-based APIRule v1 #322
Comments
strekm
added
kind/feature
|
This issue or PR has been automatically marked as stale due to the lack of recent activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /lifecycle stale |
kyma-bot
added
the
lifecycle/stale
strekm
removed
the
lifecycle/stale
|
This issue or PR has been automatically marked as stale due to the lack of recent activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /lifecycle stale |
kyma-bot
added
the
lifecycle/stale
strekm
removed
the
lifecycle/stale
|
This issue or PR has been automatically marked as stale due to the lack of recent activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /lifecycle stale |
kyma-bot
added
the
lifecycle/stale
|
This issue or PR has been automatically closed due to the lack of activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /close |
|
@kyma-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
strekm
removed
the
lifecycle/stale
|
At this moment we are focusing on introduction of APIRule v1beta2, progress can be tracked #939. |
Description
Provide stable version of APIRule CRD based on istio. It should include reworked JWT handler based on Istio RequestAuthentication and AuthorizationPolicy CRs and reworked oauth2 flows based on Istio extension provider and oauth2proxy component. Introduced API won't be fully backward compatible.
Early adopters
To accommodate customers is making that shift firstly feature toggle will be introduced to allow early adopters for testing. There will be documentation provided describing CRD and incompatibilities. OS back and internal backlog should be used to report feedback. Team will provide support on best effort.
Introducing v1beta2
To simplify quick adoption and shift into v1 direction v1beta2 will be introduced. API design should be promoted to v1 without significant changes allowing users to start migrating and getting familiar with changes.
Introducing v1
For reasonable amount of time both versions of APIRule CRD will be available to make transition smoother. Tutorial will showcase v1 version but previous version also be available. Migration script will be provided for upgrades.
Tasks
Reasons
Provide stable API for workloads exposure based on Istio. Introduce reliable and simple way for users to expose and secure their workload. Unify all handler by utilising Istio features. Reduce not necessary hops by eliminating ORY oathkeeper pushing responsibilities to Istio itself. Promote security good practices that are easy utilised by using APIRule CR.
Attachments
https://istio.io/latest/docs/reference/config/security/request_authentication/
https://istio.io/latest/docs/reference/config/security/authorization-policy
https://istio.io/latest/docs/tasks/security/authorization/authz-custom/
The text was updated successfully, but these errors were encountered: