Professional Documents
Culture Documents
io/
Use helm charts to deploy apps(contour, envoy, Kubernetes-dashboard, exemplar, etc) on the
Kubernetes cluster. You can find it here https://helm.sh/
You can find the contour helm chart here https://artifacthub.io/packages/helm/bitnami/contour
You can find the Kubernetes-dashboard helm chart here
https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard
You can find the envoy helm chart here https://artifacthub.io/packages/helm/slamdev/envoy
The Envoy proxy in green should act like a proxy forwarder to the chained Envoy proxy(red) the envoy
http filters ( https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/http_filters )
Implement the logic on Envoy to perform a null check for incoming request header(example header
name : x-trace-id = null or “” then fail the API call and return a 400 bad request to client. If X-tace-
id=”abcd” then forward the call to dummy backend.
This document may help you to quickly set up local Contour development environment.(I have gathered
the info but never tried this setup)
Initial Setup
https://github.com/projectcontour/contour/blob/main/CONTRIBUTING.md#building-from-source
The fastest way to spin up a complete Contour on Kind cluster with the local code is through command
make install-contour-working
Next step is to add an application that sits behind envoy as a testing application. To do this, we are going
to use the application httpbin from Contour Getting started documentation
https://projectcontour.io/getting-started/.
Now, we don't want the app to go through the ingress. Instead, we want to use an httpProxy to have the
Contour control of the envoy proxy.
Remote JWKS
When it comes to remoteJWKS. We have an endpoint we can utilize to hit to check against:
https://raw.githubusercontent.com/istio/istio/release-1.6/security/tools/jwt/samples/jwks.json
We need to use port 443 or else payload will cause this issue: OPENSSL_internal:WRONG_VERSION
NUMBER
Bearer
eyahbGci0i3sUzI1NiISImtpZCI6IKRIRm3wb01VCX3ZOHyenBBMFYZKNtcjVWTzVaRXIOUnpIV8tZWS2d1EiLC
J0eXAiOi3KV1QifQ.ey31eHAiOjMIMZCZOTEXHDOSImdyb3
Now to test, if you include the token, response should be 200, If exclude the token, response should be
401.