I’m playing with Consul Connect and I don’t really understand what is the correct way to inject configuration in a proxy service definition.
I have a use case where I would need to setup OAuth2 Authentication in front of a Kube service. Envoy has an OAuth2 Filter, so I thought maybe I could use that. Does this make sense?
I understand that I would probably have to use one of the escape-hatch override presented here. It looks like these overrides can’t be configured through Service Defaults CRD, only through Proxy Defaults, but those are global. Am I right? This seems weird…
In this case, since I obviously don’t want OAuth2 everywhere, I think I need to modify the service definition directly. But if I want to use Connect-Inject, which looks great for when most of your services live in Kube, how can I modify the
proxy.config key? It looks like there are Inject annotations from pretty much everything but that. So what would be the correct way to do it?
I’m very new to Connect, so please point out any misunderstanding or misconception I have!
Thanks a lot.