JWKS Async Fetch

[aikoven]

trafficstars

We use JWT validation in our HTTPProxy via remote JWKS that points to OIDC provider endpoint located in a different region. Requests to JWKS endpoint take about 1 second. This means that when the JWKS cache expires we get extra latency to requests running through that HTTPProxy.

Envoy has the JWKS Async Fetch feature that would help to mitigate this.

Would it be possible to enable it in Contour? Or add a new flag to HTTPProxy CRD?