search

emissary-ingress / emissary

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
https://www.getambassador.io
Apache License 2.0
4.34k stars 681 forks source link

mTLS configuration per path prefix #1608

Closed cypherfox closed 4 years ago

cypherfox commented 5 years ago

I would like to configure the (m)TLS settings on a per path prefix basis.

This would allow supporting domain based protocols like ACME used by lets-encrypt RFC8555 for certificate renewal.

Ideally tls configuration would all be path prefix based, and the default path prefix being the root ('/'). This would allow activating mTLS enforcement for some paths (e.g. '/api') and turn of such enforcement of for others ('/.well_known')

The current alternative in Kubernetes is to place Ambassador behind a traditional nginx based ingress. But this increases complexity, attack-surface, resource use, but most of all latency.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

christianhuening commented 5 years ago

Ping!

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.