Closed cypherfox closed 4 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Ping!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I would like to configure the (m)TLS settings on a per path prefix basis.
This would allow supporting domain based protocols like ACME used by lets-encrypt RFC8555 for certificate renewal.
Ideally tls configuration would all be path prefix based, and the default path prefix being the root ('/'). This would allow activating mTLS enforcement for some paths (e.g. '/api') and turn of such enforcement of for others ('/.well_known')
The current alternative in Kubernetes is to place Ambassador behind a traditional nginx based ingress. But this increases complexity, attack-surface, resource use, but most of all latency.