envoyproxy/gateway

RBAC Rules for users

Open

#7.154 aberto em 7 de out. de 2025

Ver no GitHub
 (10 comments) (2 reactions) (0 assignees)Go (802 forks)auto 404
area/conformancearea/installationhelp wanted

Métricas do repositório

Stars
 (2.871 stars)
Métricas de merge de PR
 (Métricas PR pendentes)

Description

The documentation here: https://gateway-api.sigs.k8s.io/concepts/security-model/#roles-and-personas references personas that can use the gateway api

But the chart does not deploy any RBAC rules enabling any users but a cluster-admin to use the gateway api. This makes it very hard to use.

https://github.com/envoyproxy/gateway/pull/4532 was a first stab at some rbac rules, but seems to have stalled, and did not use the personas or support all the modes defined by the gateway api.

We should add an option to the chart to select between no user rbac (existing behavior), 3-tier and 4-tier setups as described in:

Guia do colaborador