search

solo-io / gloo

The Cloud-Native API Gateway and AI Gateway
https://docs.solo.io/
Apache License 2.0
4.09k stars 446 forks source link

Support Opaque secrets for sslConfig #8689

Open bdecoste opened 1 year ago

bdecoste commented 1 year ago

Gloo Edge Product

Enterprise

Gloo Edge Version

1.13.x

Is your feature request related to a problem? Please describe.

I would like to be able to use kubectl to generate mTLS secrets for use in sslConfig. However, kubectl create secret tls does not support creating a secret with the root CA cert needed to verify the signature of the downstream client vert or the upstream server cert.

Good: glooctl create secret tls certauth --rootca CA.pem --privatekey decoste.com.key --certchain decoste.com.crt

Insufficient (no CA cert): kubectl -n gloo-system create secret tls certauth --key decoste.com.key --cert decoste.com.crt

Fails: kubectl -n gloo-system create secret generic certauth --from-file=tls.crt=decoste.com.crt --from-file=tls.key=decoste.com.key --from-file=ca.crt=myCA.pem

with name:"certauth-test" namespace:"gloo-system" is not a TLS secret as the type is Opaque not kubernetes.io/tls

Describe the solution you'd like

Support properly formatted Opaque secrets for sslConfig

Describe alternatives you've considered

No response

Additional Context

No response

github-actions[bot] commented 4 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.