@josh — Wanted to get your opinion on how to integrate auth into the helm chart. What I’m planning is to allow the chart to take configuration for extra containers in the apollo and ui pods, which could run auth proxies, and fiddle with the port options so that we could bypass auth internally. (Forwarding scopes around, etc I guess I can wait on. :)). I would try to configure with louketo-proxy, as we have keycloak running, but should be possible to run other proxies as well. Does that sound like a good idea, or would you suggest something else?

I personally don’t have any auth recommendations - everyone has differing expectations and requirements for auth, so in general we’d rather not provide any advice or recommendations there. Prefect Cloud really is our recommended implementation of auth and other than that we leave it up to the user to use a solution that best fits their organization/needs.

Ok — very good. Are you ok with extra pod injection option in the chart? Seems like a relatively innocuous change, as long as the default still works without it. I could also try configuring with something like istio… but … would add way to much complexity. Keycloak seems to work pretty well — if only I had the budget for someone to babysit it! 🙂 … when I get 1/2 the budget for that maybe you’ll get me as a Cloud customer after all 😉 ….