How do you handle JWT validation in EKS? (Client-2-service / service-2-service)
I thought about 2 use cases:
(1) offload entire auth logic from app code (i.e jwt validation) to some 3rd party, e.g by using some service mesh vendor like itsio.
(2) keep using the in-house app logic for jwt validation, but instead of including it in every microservice, reuse it in the same way a default lambda authorizer is set in AWS API gateway. what’s the equivalent of that in Kubernetes?
11/06/2022, 5:36 PM
Hi, there's multiple ways to approach this. Introducing a service mesh when you only need JWT validation might be overkill (as it's an abstraction over kubernetes that needs understanding and maintentance as well). You could still use an API gateway with lambda authorizers in front of your services that run on EKS. But it may also depend on your application technology/framework, e.g. in the Java/Spring eco system JWT validation comes out of the box, so depending on what you're optimizing for it may not be an issue to include it in every micro service.
11/07/2022, 7:30 AM
An API Gateway might be the right option, here is an example of how it works with our open-source API Gateway: