-
Notifications
You must be signed in to change notification settings - Fork 681
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWKS Async Fetch #6524
Comments
Hey @aikoven! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace |
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
I haven't had the chance to look at this further, but it seems like a useful feature. I’m curious if it could be enabled by default without requiring the user to select it. Just for future reference, the Envoy project PR that added JwksAsyncFetch was envoyproxy/envoy#16298. |
We use JWT validation in our
HTTPProxy
via remote JWKS that points to OIDC provider endpoint located in a different region. Requests to JWKS endpoint take about 1 second. This means that when the JWKS cache expires we get extra latency to requests running through thatHTTPProxy
.Envoy has the JWKS Async Fetch feature that would help to mitigate this.
Would it be possible to enable it in Contour? Or add a new flag to
HTTPProxy
CRD?The text was updated successfully, but these errors were encountered: