Authservice📜
Overview📜
This package is a bundle of applications which create an OIDC proxy to provide SSO for other services running in the cluster.
Authservice📜
Authservice is an implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Istio and Kubernetes. Authservice handles incoming authN/Z requests and delegates part of the OIDC token-granting workflow to the backend SSO provider.
Redis📜
Redis is an in-memory data structure store, used as a database, cache, and message broker. It is optional to deploy and is used by Authservice to cache session data. See backup.md for more details.
Dependencies📜
This package depends on the istio-controlplane and istio-operator Big Bang packages.
How it works📜
First, Authservice must be enabled through
the addons functionality of Big Bang. This will cause an instance of Authservice
to be deployed into the authservice
namespace. For every workload in the
cluster that is labeled with the value of
the selector,
the respective application will then redirect all requests through Authservice
which will then validate a user through the backend SSO provider and then
forward to the workload as normal. Each workload placed behind authservice must
have a
matching individual chain.
Please review the BigBang Authservice Architecture Document for more information about its role within BigBang.