envoyproxy/gateway

RBAC Rules for users

Open

#7 154 ouverte le 7 oct. 2025

Voir sur GitHub
 (10 commentaires) (2 réactions) (0 assignés)Go (802 forks)auto 404
area/conformancearea/installationhelp wanted

Métriques du dépôt

Stars
 (2 871 stars)
Métriques de merge PR
 (Métriques PR en attente)

Description

The documentation here: https://gateway-api.sigs.k8s.io/concepts/security-model/#roles-and-personas references personas that can use the gateway api

But the chart does not deploy any RBAC rules enabling any users but a cluster-admin to use the gateway api. This makes it very hard to use.

https://github.com/envoyproxy/gateway/pull/4532 was a first stab at some rbac rules, but seems to have stalled, and did not use the personas or support all the modes defined by the gateway api.

We should add an option to the chart to select between no user rbac (existing behavior), 3-tier and 4-tier setups as described in:

Guide contributeur