Description
Is your feature request related to a problem? Please describe.
Kubernetes access guide using Pomerium JWT method describes setting jwt_issuer_format to uri (because kubelet indeed requires it to be a valid URI), but there seems to be no way to do that when Pomerium itself runs on Kubernetes.
Describe the solution you'd like
Any useful way to set this on per-route basis.
With Gateway API this can be implemented by adding a CRD for per-route configuration bits and referencing it from HTTPRoute via ExtensionRef filter (i.e., same way the route policies are provided).
Describe alternatives you've considered
Patching Pomerium to always set jwt_issuer_format if the route sets Authorization header. I'm running this in my home setup right now, but would prefer a cleaner solution.
Explain any additional use-cases
All other per-route configuration can go into the same CRD, allowing a lot of customization.