envoyproxy/gateway

RBAC Rules for users

Open

#7,154 opened on 2025年10月7日

GitHub で見る
 (10 comments) (2 reactions) (0 assignees)Go (802 forks)auto 404
area/conformancearea/installationhelp wanted

Repository metrics

Stars
 (2,871 stars)
PR merge metrics
 (PR metrics pending)

説明

The documentation here: https://gateway-api.sigs.k8s.io/concepts/security-model/#roles-and-personas references personas that can use the gateway api

But the chart does not deploy any RBAC rules enabling any users but a cluster-admin to use the gateway api. This makes it very hard to use.

https://github.com/envoyproxy/gateway/pull/4532 was a first stab at some rbac rules, but seems to have stalled, and did not use the personas or support all the modes defined by the gateway api.

We should add an option to the chart to select between no user rbac (existing behavior), 3-tier and 4-tier setups as described in:

コントリビューターガイド