Kelon-Gateway (using Envoy) #82
Comments
|
@mkjoerg spec valid? |
|
@dcseifert see updates above |
|
After reading the latest Envoy Docs I suggest to use the "External Envoy" approach. This is mostly based on the fact that the Envoy Docs point out that: which means that, despite the fact that Envoy is written in C++11, Envoy can be not easily included into Kelon's binaries itself. For the external approach Envoy has to be set-up via a minimal static bootstrap-config which enables Envoy to gather all further dynamic configuration from Kelon afterwards. @mkjoerg Right now I'm afraid that we're only re-implementing the Envoy-Config into Kelon (which should definitely be weighted agains configuring Envoy itself!) Remember that Kelon is statically configured (such as Envoy would be) and already implements Envoy's External-Auth interface #34 |
|
The next step is to extend our example App-Store-Example so that is also includes a fully configured Envoy-Proxy. Afterwards we can make assumptions about the configuration overhead of keeping the envoy config separately from Kelon. |
|
@dcseifert confirmed, please change ticket description accordingly :) |
|
Created an issue with the current configuration problem of envoy here |
|
The latest version of Envoy ext Auth should be re-integrated into kelon to enable using it in a service mesh. |
|
There is also following Envoy-Plugin available for the OPA itself which might not be used directly but for inspirational purposes. |
Description
In order to make the usage of Kelon in business applications as easy as possible (i.e. solve OIDC-Authentification and configure global CORS-Settings) Kelon should be coupled with Envoy.
Therefore we need to:
This issue would also resolve #54 and #33
Resulting architecture after deciding to use Envoy as externally deployed gateway.
The text was updated successfully, but these errors were encountered: