Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-983

Support for ExternalAuthFilter as an Istio extension to Gateway API

    XMLWordPrintable

Details

    • Story
    • Resolution: Duplicate
    • Major
    • None
    • None
    • None
    • None
    • False
    • False

    Description

      What

      To support adding external auth to your application when using Gateway API via Istio as the provider, we should look to add an Istio specific extension to the HTTPFilter that allows an external auth service to use to be specified. This is effectively leveraging the same behaviour as the CUSTOM AuthorizationPolicy but reducing the amount of configuration needed by the developer

       

      Example use case

      As a developer leveraging gateway API to manage ingress and routing rules, I would like to specify an Auth provider to use that has been configured by my cluster administrator as a envoyExtAuthzGrpc provider. I would like the context of my HTTPRoute to be used to reduce the amount of configuration I have to manage (IE what workloads to use, which routes/paths to apply the external auth call).  

       

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. OSSM-2890 Support k8s Gateway API

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              cbrookes@redhat.com Craig Brookes
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: