juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat: add authz-adapter service and Envoy ext_authz integration

Browse Source 
- Implemented authz-adapter deployment and service for Envoy gRPC authorization.
- Created PowerShell script to generate JWK for JWT authentication.
- Documented the integration of ext_authz with user-rpc.ValidateToken in ENVOY_EXT_AUTHZ_ADAPTER.md.
- Added comprehensive Envoy Gateway configuration guide with JWT authentication and access control in ENVOY_GATEWAY_GUIDE.md.
This commit is contained in:
wwweww
2026-02-26 06:08:35 +08:00
parent 60b6f40f9f
commit 659168fe32
30 changed files with 2093 additions and 3527 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/k8s/service/authz/authz-adapter.yaml
+69
View File
@@ -0,0 +1,69 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: authz-adapter
namespace: juwan
labels:
app: authz-adapter
spec:
replicas: 2
revisionHistoryLimit: 5
selector:
matchLabels:
app: authz-adapter
template:
metadata:
labels:
app: authz-adapter
spec:
serviceAccountName: find-endpoints
containers:
- name: authz-adapter
image: 103.236.53.208:4418/library/authz-adapter@sha256:84dd29596f94dd38d3a7a7924f4d5ed71b661b6d2a78d65c1741b11c2d8eea98
ports:
- containerPort: 9002
name: grpc
env:
- name: LISTEN_ON
value: "0.0.0.0:9002"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan.svc.cluster.local:9001"
readinessProbe:
tcpSocket:
port: 9002
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 9002
initialDelaySeconds: 15
periodSeconds: 20
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: timezone
mountPath: /etc/localtime
volumes:
- name: timezone
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
---
apiVersion: v1
kind: Service
metadata:
name: authz-adapter-svc
namespace: juwan
spec:
selector:
app: authz-adapter
ports:
- name: grpc
port: 9002
targetPort: 9002
type: ClusterIP