authservice

Overview

authservice helps delegate the OIDC Authorization Code Grant Flow to the Istio mesh. authservice is compatible with any standard OIDC Provider as well as other Istio End-user Auth features, including Authentication Policy and RBAC. Together, they allow developers to protect their APIs and web apps without any application code required.

To get more information about the image, please visit the GitHub repository.

Download this Image

The image is available on cgr.dev:

docker pull cgr.dev/chainguard-private/authservice:latest

Usage

There are different ways to use the authservice image. You can try to run the image with the following docker-compose file:

version: "3.9"

services:
  envoy:
    image: cgr.dev/chainguard/envoy:latest
    command: -c /etc/envoy/envoy-config.yaml --log-level warning
    ports:
      - "8080:80"
    volumes:
      - type: bind
        source: envoy-config.yaml
        target: /etc/envoy/envoy-config.yaml

  ext-authz:
    image: cgr.dev/chainguard-private/authservice:latest
    volumes:
      - type: bind
        source: authz-config.json
        target: /etc/authservice/config.json

Note: You need to create the envoy-config.yaml and authz-config.json files in the same directory as the docker-compose.yaml file. You could find the contents of the files in the GitHub repository.

Then you should start the services:

docker-compose up -d

Once your services are up and running, you can access the authservice service by sending a request to the envoy service. The envoy service will forward the request to the authservice service.

curl http://localhost:8080

You should see the response from the authservice service:

Access allowed