Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Most Secure place for storing TLS-certificates and Gateway #3694

Closed
matrix-root opened this issue Jun 28, 2024 · 2 comments
Closed

Most Secure place for storing TLS-certificates and Gateway #3694

matrix-root opened this issue Jun 28, 2024 · 2 comments
Labels
stale triage

Comments

@matrix-root
Copy link

matrix-root commented Jun 28, 2024
edited
Loading

Description:
If my setup will have only one gateway, is it better to create separate envoy namepsace for it and store TLS secrets here or I can store this Gateway with TLS secrets inside envoy-gateway-system namespace?

Also by some reason I'm unable to join Slack community - it allows to join only if you have lyft or linuxfoundation email
@matrix-root matrix-root changed the title Single-namespace RBAC and secure place for storing TLS-certificates and Gateway Secure place for storing TLS-certificates and Gateway Jun 28, 2024
@matrix-root matrix-root changed the title Secure place for storing TLS-certificates and Gateway Most Secure place for storing TLS-certificates and Gateway Jun 28, 2024
@matrix-root matrix-root reopened this Jun 28, 2024
@matrix-root matrix-root closed this as not planned Won't fix, can't repro, duplicate, stale Jun 28, 2024
@matrix-root matrix-root reopened this Jun 28, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

@github-actions github-actions bot added the stale label Jul 28, 2024
@arkodg
Copy link
Contributor

arkodg commented Aug 16, 2024

@matrix-root the TLS certs are usually configured by the platform owner or app owner, so I'd put it in a namespace that they own, and not the envoy-gateway-system namespace, access to this ns should be treated with more scrutiny

you can follow theses steps to join the EG slack community https://github.com/envoyproxy/gateway?tab=readme-ov-file#contact

@arkodg arkodg closed this as completed Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arkodg @matrix-root