Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ReferenceGrant from Gateway to SecretObjectReference #694

Closed
Tracked by #615
mpstefan opened this issue May 30, 2023 · 0 comments · Fixed by #791
Closed
Tracked by #615

ReferenceGrant from Gateway to SecretObjectReference #694

mpstefan opened this issue May 30, 2023 · 0 comments · Fixed by #791
Assignees
@kate-osborn
Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Milestone
v0.5.0

Comments

@mpstefan
Copy link
Collaborator

mpstefan commented May 30, 2023
edited
Loading

As a user of NKG
I want to allow my Gateway object to reference secrets in another namespace via a ReferenceGrant
So that I do not have to duplicate secrets and maintain them in multiple places.

Acceptance

  • When a secret is referenced in a Gateway Listener that does not have a corresponding ReferenceGrant, the status of that Listener is set to ResolvedRefs/False/RefNotPermitted
  • When a valid ReferenceGrant is created or updated within a namespace that the NKG control plane watches, the Gateway specified is able to reference secrets in other namespaces NKG is present.
  • No secrets in other namespaces can be referenced by any Gateway that does not have a corresponding ReferenceGrant.
  • No information is ever exposed about resources in another namespace that do not have a valid ReferenceGrant.
  • Update the documentation
    • Update the compatibility doc
    • Add an example for how to reference a secret from another namespace in your Gateway config.
@mpstefan mpstefan converted this from a draft issue May 30, 2023
This was referenced May 30, 2023
Closed
Closed
@mpstefan mpstefan added this to the v0.5.0 milestone May 30, 2023
@mpstefan mpstefan added the refined Requirements are refined and the issue is ready to be implemented. label May 31, 2023
@mpstefan mpstefan added the enhancement New feature or request label Jun 9, 2023
@kate-osborn kate-osborn self-assigned this Jun 22, 2023
@kate-osborn kate-osborn moved this from 🆕 New to 🏗 In Progress in NGINX Gateway Fabric Jun 22, 2023
@kate-osborn kate-osborn mentioned this issue Jun 26, 2023
Merged
6 tasks
@kate-osborn kate-osborn moved this from 🏗 In Progress to 👀 In Review in NGINX Gateway Fabric Jun 26, 2023
@github-project-automation github-project-automation bot moved this from 👀 In Review to ✅ Done in NGINX Gateway Fabric Jun 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kate-osborn kate-osborn

Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Projects
NGINX Gateway Fabric
Archived in project
Milestone
v0.5.0
Development

Successfully merging a pull request may close this issue.

ReferenceGrant from Gateway to Secret kate-osborn/nginx-gateway-fabric
2 participants
@mpstefan @kate-osborn