search

orchestracities / boost

BOOST4.0 EIDS FIWARE CIM Connector
MIT License
0 stars 0 forks source link

Dynamic HTTP header for outbound traffic #24

Open c0c0n3 opened 4 years ago

c0c0n3 commented 4 years ago

See: https://github.com/istio/istio/issues/20602

c0c0n3 commented 4 years ago

This blog post:

https://istio.io/blog/2018/egress-monitoring-access-control/

seems to hint that in principle we should be able to have the adapter intercept outbound requests ...

c0c0n3 commented 4 years ago

PR #25 implements a stopgap solution. The various sore points listed there mean in general we're better off replacing PR #25's implementation with the one outlined in istio/istio#20602, if possible. If it turns out it can't be done, then we'll have to deal with the shortcomings of #25. But notice that if we move the whole adapter DAPS config to K8s secret volumes (not just the keys), most of those sore points will be non-issues. See #15.

c0c0n3 commented 4 years ago

So it doesn't look like there's a better solution to this, at least not for Istio 1.4 whereas from 1.5 onwards it can be done relatively easily with WASM, see what the Istio guys replied on 4 Aug 2020.