Maksym Lushpenko
Maksym Lushpenko
Haha, great more people like OPA. We were thinking to use it after EAS instead of Istio authorization. Istio supports OPA as well, but we didn't see an exact benefit...
@travisghansen I think an interesting part for EAS could be this https://www.openpolicyagent.org/docs/latest/http-api-authorization/. It didn't work for us because we would have to rewrite many apps to call OPA agent from...
Thinking through your reply again, maybe you don't need to provide any OPA block, just allow possibility to call OPA for request validation like in the link I shared, like...
Sounds good. I was thinking something in the lines of [gatekeeper](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/) that rules themselves could be kubernetes objects but then realised that your project is not only kubernetes-specific, so having...
Indeed, lots of stuff =D `One of the items on the todo is to add features that determine if/when specific routes are authenticated or not` I'd think that this is...
That would be great, as I mentioned before we do have use-cases for such functionality and the workaround for now is to use separate endpoint not protected by EAS for...
hey, @travisghansen, it's been some time since our last discussion (not taking into account cookie settings). I've reviewed this thread a bit to refresh the memory and I can say...
One more cool thing, that colleague wrote some integration so that all tokens are configured in a json file like this (base shared config + overrides of clients):  and...
In my case I will workaround for now by using blackbox exporter to query endpoint, but that's not exactly the same as checking if process is up and in many...
Run into the same problem but the suggested fix didn't help - even the version command doesn't work: ``` kubectl testkube version error trying to reach service: Address is not...