Comments (2)
Thanks for this! You are welcome to join improbable-eng slack to discuss this (:
Link: https://join.slack.com/t/improbable-eng/shared_invite/enQtMzQ1ODcyMzQ5MjM4LWY5ZWZmNGM2ODc5MmViNmQ3ZTA3ZTY3NzQwOTBlMTkzZmIxZTIxODk0OWU3YjZhNWVlNDU3MDlkZGViZjhkMjc and @bplotka
slack user.
From an initial look, it looks simple enough but I wonder about certain features:
- Does it support something else than mTLS? What about human -> service traffic? Some OAuth2 vs OIDC auth would be very nice here.
- How are routes configured? Automatically by Istio, right?
- The gateway is implemented by what? Did you implement something custom? Because it sounds like the same thing can be done by pure envoy. (in the same way -> by kedge)
Rest logic seems to be kind of similar to winch -> kedge and actually envoy egress -> envoy ingress flow as well. TBH we are slowly moving towards pure envoy right now. π
from kedge.
Gateway is just a config spec. All proxies in istio (sidecar or gateway) run Envoy.
You can expose the gateway to end users (see istio docs on gateway ingress, where users access bookinfo via gateway). It doesnβt have fancy stuff like oauth and oidc yet. But it supports the full gamut of Envoy features.
The routing rules you configure in istio get translated into Envoy configs by istio pilot. Pilot then updates envoys dynamically via Envoy xDS protocol.
from kedge.
Related Issues (18)
- winch: Consider ignoring not found auth source (from kube config) on startup -> check it only when used.
- winch: Large file downloads might time and therefore give an `ERR_EMPTY_RESPONSE`
- Sometimes cannot run kubectl logs for longer than couple of minutes (EOF) HOT 1
- kedge: Implement IPAdhoc and PodAdhoc.
- resolvers: Use DNS resolution that supports TTL instead of arbitrary ttl.
- Questions: would it be able to access RTSP connections in another cluster? HOT 1
- Update github.com/rs/cors to at least v1.5.0
- kedge: Add graceful shutdown in case of SIGTERM HOT 1
- kedge: Add example kube configs, showing how to deploy kedge
- winch: Cache kedge DNS resolution to optimize winch HOT 3
- kedge: Implement auth per route logic
- kedge: Add support for advanced TLS configuration for backends HOT 1
- kedge: Add gRPC adhoc rules
- *: Add support for HTTP CONNECT proxy method.
- *: Refactor error wraps (reduce redundant info)
- kedge: Spam of grpc: reset Transport log lines.
- winch: Add CORS support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kedge.