You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the current implementation, KongPluginInstallation can reference Secret from any namespace without explicitly granting permission. It imposes security risks and does not align with what K8s recommends.
Proposed Solution
Implement a similar mechanism with the required ReferenceGrant to reference Secrets from other namespaces as implemented for TLS in Gateway. Any required changes/adjustments of the KongPluginInstallation CRD are justifiable.
Acceptance Criteria
a ReferenceGrant is required for referencing Secret from another namespace than KongPluginInstallation
The text was updated successfully, but these errors were encountered:
Problem Statement
In the current implementation,
KongPluginInstallation
can referenceSecret
from any namespace without explicitly granting permission. It imposes security risks and does not align with what K8s recommends.Proposed Solution
Implement a similar mechanism with the required
ReferenceGrant
to referenceSecret
s from other namespaces as implemented for TLS in Gateway. Any required changes/adjustments of theKongPluginInstallation
CRD are justifiable.Acceptance Criteria
ReferenceGrant
is required for referencingSecret
from another namespace thanKongPluginInstallation
The text was updated successfully, but these errors were encountered: