I am trying to secure internal EKS services with a valid JWT token.
I wanted to validate token(basic things like signature and issuer) with provided openid configuration at ingress level with out implementing the logic at application code. I wanted to support internal EKS service to service calls without any authorization.
From google, the options provided are either using NGINX Plus or setup a proxy service. Since, we are using open source NGINX the plus features is not a option.
The reference i found using proxy service is https://github.com/IvanJosipovic/ingress-nginx-validate-jwt. My starting concerns with it is, it adds another hop in the validation and I prefer to use NodeJs to be in our tech stack.
Any thoughts or suggestions ? I think my ask is very basic not sure what i am missing ? I am not a EKS expert as well.
I am looking for implementation references and best available solutions.