envoyproxy/gateway

RBAC Rules for users

Open

#7,154 建立於 2025年10月7日

在 GitHub 查看
 (10 留言) (2 反應) (0 負責人)Go (802 fork)auto 404
area/conformancearea/installationhelp wanted

倉庫指標

Star
 (2,871 star)
PR 合併指標
 (PR 指標待抓取)

描述

The documentation here: https://gateway-api.sigs.k8s.io/concepts/security-model/#roles-and-personas references personas that can use the gateway api

But the chart does not deploy any RBAC rules enabling any users but a cluster-admin to use the gateway api. This makes it very hard to use.

https://github.com/envoyproxy/gateway/pull/4532 was a first stab at some rbac rules, but seems to have stalled, and did not use the personas or support all the modes defined by the gateway api.

We should add an option to the chart to select between no user rbac (existing behavior), 3-tier and 4-tier setups as described in:

貢獻者指南