Open
Description
At a recent maintainer meeting we discussed what the path forward is for the Contour project providing support for OIDC in Contour and the contour-authserver repos.
Our end goal here is to have a story for external auth OIDC integration and provide some guidance for how to do things in production. We will provide deployment examples with a specific provider (e.g. https://github.com/dexidp/dex) but generally Contour should work with any with an appropriate shim/provider that can speak over grpc with Envoy.
Some steps we must complete for this are:
- Mark this repo as experimental
- It currently should not be treated as a production-ready piece of software as it was initially created for integration testing Contour
- Initial OIDC support will also be experimental
- Merge OIDC module for contour-authserver #13 which adds OIDC to this repo
- Provide documentation for how contour-authserver can be used to initially experiment with OIDC and Contour
- Investigate what state of art is in this area, see if we want to contribute/invest in another project for production use cases
- e.g. contribute ability to connect to the Envoy grpc interface etc. to an OIDC provider
- This is so we do not have to have the burden as projectcontour of owning another piece of production-grade software
- Maybe productionize/harden contour-authserver repo as needed (depending on outcome of previous step)