Hi,
I have a case to resolve and try to figure it out for few days.
Case look simple I need safetly connect app working on virtualmachine with app in kubernetes cluster using autorization.
Flow look like this:
Vm app →send request → authentication (if ok) → allow acces to app on kuberntes cluster thru ingress.
My setup:
App on virtualmachine and curl for test
Kubernetes cluster with kuberntes v1.32
Ingress nginx controller
Istio mesh
External vault which is already connected to this cluster providing secrets for apps thru vault agent.
My goal is:
App connect to k8s app ingress for example app.example.com with JWT/Barrear token generate by vault.
What i already try:
- configure app role on vault
- use vault OIDC
- use vault JWT auth
- use vault as isuuer for istio RequestAuthentication but can’t config properly vault as jwksUri ans issuer.