OIDC support in contour and contour-authserver

[robinfoe]

At a recent maintainer meeting we discussed what the path forward is for the Contour project providing support for OIDC in Contour and the contour-authserver repos.

Our end goal here is to have a story for external auth OIDC integration and provide some guidance for how to do things in production. We will provide deployment examples with a specific provider (e.g. https://github.com/dexidp/dex) but generally Contour should work with any with an appropriate shim/provider that can speak over grpc with Envoy.

Some steps we must complete for this are:

• Mark this repo as experimental
  • It currently should not be treated as a production-ready piece of software as it was initially created for integration testing Contour
  • Initial OIDC support will also be experimental
• Merge OIDC module for contour-authserver #13 which adds OIDC to this repo
• Provide documentation for how contour-authserver can be used to initially experiment with OIDC and Contour
• Investigate what state of art is in this area, see if we want to contribute/invest in another project for production use cases
  • e.g. contribute ability to connect to the Envoy grpc interface etc. to an OIDC provider
  • This is so we do not have to have the burden as projectcontour of owning another piece of production-grade software
• Maybe productionize/harden contour-authserver repo as needed (depending on outcome of previous step)

[youngnick]

xref #13