search

6_grove

import RemoteMarkdown from '@site/src/components/RemoteMarkdown';

circle-exclamation

🌿 GROVE ONLY

This section is only relevant to Grove's Portal authentication implementation.

If you are not using Grove's Portal authentication, you will likely not find anything of value here.

But feel free to take a look if you're curious.

hashtag
Overview

GUARD contains configurations to implement authentication for PATH in a way that is compatible with Grove's Portal.

This Grove-specific implementation utilizes Envoy Gateway's External Authorization feature, which wraps Envoy Proxy's ext_authz gRPC interface.

hashtag
🫛 PEAS - PATH External Auth Server

PEAS Repoarrow-up-right

PEAS is the Grove-specific implementation of Envoy Gateway's External Authorization feature.

  • This is a gRPC server that is responsible for checking if a request is authorized to access a specific service.

  • Connects to the Grove Portal database to get the auth data and stores in an in-memory cache.

hashtag
Architecture Diagram

hashtag
Enabling Grove Auth

To enable Grove Auth, you need to set the following values in the values.yaml file:

hashtag
PEAS Documentation

hashtag
Grove Portal Database

hashtag
README.md

chevron-rightPEAS README.mdhashtag

hashtag
Documentation References

Helm Charts

For the full GUARD Helm Chart documentation, see GUARD Helm Chart.

For the Grove Auth code in the Helm Charts repo, see:

Envoy External Docs

For an example walkthrough of implementing external authorization with Envoy Gateway, see:

For Envoy Proxy's ext_authz HTTP Filter documentation (how PEAS communicates with Envoy), see:

Was this helpful?