Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require ReferenceGrant for cross-namepsace access to a Secret by KongPluginInstallation #610

Closed
1 task done
Tracked by #371
programmer04 opened this issue Sep 18, 2024 · 0 comments · Fixed by #615
Closed
1 task done
Tracked by #371

Require ReferenceGrant for cross-namepsace access to a Secret by KongPluginInstallation #610

programmer04 opened this issue Sep 18, 2024 · 0 comments · Fixed by #615
Assignees
@programmer04
Labels
enhancement New feature or request
Milestone
KGO v1.4.x

Comments

@programmer04
Copy link
Member

programmer04 commented Sep 18, 2024
edited
Loading

Problem Statement

In the current implementation, KongPluginInstallation can reference Secret from any namespace without explicitly granting permission. It imposes security risks and does not align with what K8s recommends.

Proposed Solution

Implement a similar mechanism with the required ReferenceGrant to reference Secrets from other namespaces as implemented for TLS in Gateway. Any required changes/adjustments of the KongPluginInstallation CRD are justifiable.

Acceptance Criteria

  • a ReferenceGrant is required for referencing Secret from another namespace than KongPluginInstallation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@programmer04 programmer04

Labels
enhancement New feature or request
Projects
None yet
Milestone
KGO v1.4.x
Development

Successfully merging a pull request may close this issue.

feat: require ReferenceGrant for Secrets referenced by KongPluginInstallation Kong/gateway-operator
1 participant
@programmer04