[chatbot] Start building a KF assistant - who owns this label? #142
Description
To continue to reduce toil, I'd like to experiment with build a virtual assistant using Dialogflow to
answer common queries.
To get some of the scaffolding in place, I'd like to start by answering a very simple query: who owns this label?
To answer this query we just need to load label-owners.yaml and map the area to the list of owners.
We can do this using a custom fulfillment in Dialogflow using a webhook.
I was expecting it to be pretty straightforward to write a server (in go or python) and then deploy it on my Kubeflow GKE clusters.
It turns out the networking piece is a bit involved.
On GCP we expose an endpoint secured with IAP. I'd like to reuse this endpoint rather than provision a new IP address, host name, and certificate.
Dialogflow can't attach an OIDC token for IAP. So we need to create a networking path that bypasses IAP. For authorization, we can still use a signed JWT that can be validated using ISTIO. Dialogflow allows us to attach a header to the webhook so we can just generate a JWT using our own public/private key and then have Dialgoflow attach it to the requests.
With ISTIO 1.4 (ASM) I was able to configure the ISTIO ingress policy to accept both IAP and non IAP JWTs.
With ISTIO 1.1.6 I couldn't make this work. I kept getting origin authentication issues. Given we want to upgrade to ASM and a newer ISTIO I'm not going to spend more time troubleshooting 1.1. Instead I'm going to focus on getting a new code-intelligence cluster spun up with ASM (#141).
Opening this issue to track progress and collect feedback.