This package is a bundle of applications which create an OIDC proxy to provide SSO for other services running in the cluster.
Authservice is an implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Istio and Kubernetes. Authservice handles incoming authN/Z requests and delegates part of the OIDC token-granting workflow to the backend SSO provider.
How it works📜
First, Authservice must be enabled through the addons functionality of Big Bang. This will cause an instance of Authservice to be deployed into the
authservice namespace. For every workload in the cluster that is labeled with the value of the selector, the respective application will then redirect all requests through Authservice which will then validate a user through the backend SSO provider and then foward to the workload as normal. Each workload placed behind authservice must have a matching individual chain.
Please review the BigBang Architecture Document for more information about it’s role within BigBang.