Open aikoven opened 3 months ago
Hey @aikoven! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack
I haven't had the chance to look at this further, but it seems like a useful feature. I’m curious if it could be enabled by default without requiring the user to select it.
Just for future reference, the Envoy project PR that added JwksAsyncFetch was envoyproxy/envoy#16298.
We use JWT validation in our
HTTPProxy
via remote JWKS that points to OIDC provider endpoint located in a different region. Requests to JWKS endpoint take about 1 second. This means that when the JWKS cache expires we get extra latency to requests running through thatHTTPProxy
.Envoy has the JWKS Async Fetch feature that would help to mitigate this.
Would it be possible to enable it in Contour? Or add a new flag to
HTTPProxy
CRD?