envoyproxy/gateway

RBAC Rules for users

Open

#7,154 创建于 2025年10月7日

在 GitHub 查看
 (10 评论) (2 反应) (0 负责人)Go (802 fork)auto 404
area/conformancearea/installationhelp wanted

仓库指标

Star
 (2,871 star)
PR 合并指标
 (PR 指标待抓取)

描述

The documentation here: https://gateway-api.sigs.k8s.io/concepts/security-model/#roles-and-personas references personas that can use the gateway api

But the chart does not deploy any RBAC rules enabling any users but a cluster-admin to use the gateway api. This makes it very hard to use.

https://github.com/envoyproxy/gateway/pull/4532 was a first stab at some rbac rules, but seems to have stalled, and did not use the personas or support all the modes defined by the gateway api.

We should add an option to the chart to select between no user rbac (existing behavior), 3-tier and 4-tier setups as described in:

贡献者指南