envoyproxy/gateway

Ability to change caCertificateRefs ca.crt key

Open

#7,567 建立於 2025年11月19日

在 GitHub 查看
 (12 留言) (0 反應) (0 負責人)Go (802 fork)auto 404
help wanted

倉庫指標

Star
 (2,871 star)
PR 合併指標
 (PR 指標待抓取)

描述

When creating a BackendTLSPolicy, the caCertificateRefs key is statically set to ca.crt. When using cluster-api to bootstrap workload clusters, the created $CLUSTER-ca secret will have the following keys: tls.crt and tls.key.

Having the ability to set the CA key to tls.crt would support these resources without having to use something like kyverno to add the ca.crt field to the secret.

Similar issue on Gateway API: https://github.com/kubernetes-sigs/gateway-api/issues/4196

貢獻者指南