Skip to content

implement localJWKS documented in JWT verification design#7502

Open
nissy-dev wants to merge 1 commit into
projectcontour:mainfrom
nissy-dev:feature/httpproxy-jwt-local-jwks-secret
Open

implement localJWKS documented in JWT verification design#7502
nissy-dev wants to merge 1 commit into
projectcontour:mainfrom
nissy-dev:feature/httpproxy-jwt-local-jwks-secret

Conversation

@nissy-dev
Copy link
Copy Markdown

@nissy-dev nissy-dev commented Mar 29, 2026
edited
Loading

Resolve #7501

@nissy-dev nissy-dev force-pushed the feature/httpproxy-jwt-local-jwks-secret branch from 2424dea to 8f46e73 Compare March 29, 2026 07:18
@nissy-dev nissy-dev changed the title Feature/httpproxy jwt local jwks secret implement localJWKS documented in JWT verification design Mar 29, 2026
@nissy-dev
implement localJWKS documented in JWT verification design
1b2ebf8 
Add LocalJWKS backed by a Kubernetes Opaque Secret (secretName and key) so
HTTPProxy JWT providers can supply JWKS without embedding JSON in the spec.

Contour loads and validates the Secret during DAG build (type and JWKS shape),
then configures Envoy jwt_authn with inline local JWKS bytes. JWKS Secrets do
not use TLS certificate delegation.

Includes CRD and API reference updates, DAG/cache/secret handling, listener
construction, status and unit tests, xdscache expectations, and featuretests.

Signed-off-by: nissy-dev <nd.12021218@gmail.com>
@nissy-dev nissy-dev force-pushed the feature/httpproxy-jwt-local-jwks-secret branch from 8f46e73 to 1b2ebf8 Compare March 29, 2026 07:20
@nissy-dev nissy-dev marked this pull request as ready for review March 29, 2026 08:19
@nissy-dev nissy-dev requested a review from a team as a code owner March 29, 2026 08:19
@nissy-dev nissy-dev requested review from sunjayBhatia and tsaarni and removed request for a team March 29, 2026 08:19
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 30d of inactivity, lifecycle/stale is applied
  • After 60d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions Bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 29, 2026
@nissy-dev
Copy link
Copy Markdown
Author

nissy-dev commented May 3, 2026

I also asked for a review on Slack, but unfortunately I haven’t received any response yet.
What would be the best way to move this PR forward?

@github-actions github-actions Bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tsaarni tsaarni Awaiting requested review from tsaarni tsaarni is a code owner automatically assigned from projectcontour/maintainers

@sunjayBhatia sunjayBhatia Awaiting requested review from sunjayBhatia sunjayBhatia is a code owner automatically assigned from projectcontour/maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: implement localJWKS documented in JWT verification design

1 participant

@nissy-dev