search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.61k stars 332 forks source link

Support regular kubernetes secrets and configmap in datasource #9186

Open lahabana opened 7 months ago

lahabana commented 7 months ago

Description

Currently to add a cert to a gateway listener you need a kuma secret: https://kuma.io/docs/2.6.x/using-mesh/managing-ingress-traffic/builtin-listeners/#server-certificate-secrets

This is not very practical if you use cert-manager or something like this to manage your certs. We should be able to use regular kubernetes tls secrets: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

I think this can be more generic configMap and all other k8s secrets should be feasible. For compat I guess you'd need to not validate in k8s and in universal zone the policy would just be invalid.

I think this would greatly improve UX for pure k8s use-cases.

jakubdyszkiewicz commented 7 months ago

Triage: use case for ConfigMap in Datasource - Kong Mesh uses data source for MeshOPA plugin

github-actions[bot] commented 4 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 1 month ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.