Allow configuring TLS settings for OIDC upstream

envoyproxy / gateway

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway

https://gateway.envoyproxy.io

Apache License 2.0

1.55k stars 334 forks source link

Allow configuring TLS settings for OIDC upstream #3774

Open benediktwerner opened 2 months ago

benediktwerner commented 2 months ago

Our OIDC provider doesn't support Envoy's default ECDH curves so we currently have to configure additional curves via a patch policy.

It looks like EG v1.1 will already add a default BackendTLSConfig for the EnvoyProxy which seems good enough but at first glance, it looks like it currently isn't applied to the OIDC provider cluster?

zhaohuabing commented 2 months ago

We have discussed the TLS setting for external services such as OIDC provider, ext auth, ext proc in the EG meeting. The current agreement is that these services can be modeled as the EG Backend resources and be associated with a BackendTLSConfig.

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.