Replies: 2 comments 1 reply
-
|
cc @candita |
Beta Was this translation helpful? Give feedback.
-
|
@youngnick helped answer this in the community meeting today, thanks !, rephrasing it - since the proxy cert isn't unique per backend, the configuration wasn't added to the BackendTLSPolicy, and if this needs to be added today, an out of band config makes more sense here |
Beta Was this translation helpful? Give feedback.
-
|
Do we need to know which backend service enforces client validation and which doesn't require it? Or is this not necessary because it doesn't hurt to add the client cert even though the server side doesn't want it? |
Beta Was this translation helpful? Give feedback.
-
The client in this case in the Gateway API Implementation (LoadBalancer/Proxy/Gateway) that is setting up a TLS connection with a Backend
The current API only allows the user to setup
caCertRefsto validate the peer's (backend) certSimilarly we need a way to specify
certificateRefsin this API so the gateway can configure the server cert and private kay in case the peer (backend) also needs to verify the clienthttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2.BackendTLSPolicyConfig
Beta Was this translation helpful? Give feedback.
All reactions