Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Support for FXCC #428

Closed
13 tasks
strekm opened this issue Oct 23, 2023 · 2 comments
Closed
13 tasks

[WIP] Support for FXCC #428

strekm opened this issue Oct 23, 2023 · 2 comments
Labels
Epic kind/feature Categorizes issue or PR as related to a new feature. wontfix This will not be worked on

Comments

@strekm
Copy link
Collaborator

strekm commented Oct 23, 2023

Description
TBD

ACs:

  • POC
  • TBD

Decision:

  • should this conf be exposed to end user

Reasons

DoD:

  • Create a follow-up issue.
  • Provide unit tests.
  • Provide integration tests.
  • Provide documentation.
  • Test on a production-like environment.
  • Check the outcome of all related pipelines.
  • Verify resource limits.
  • As a PR reviewer, verify code coverage and evaluate if it is acceptable.
  • Create a release and bump in Kyma.
  • Add release notes and What's New notes for Kyma customers.

Attachments

https://istio.io/latest/docs/ops/configuration/traffic-management/network-topologies/#configuring-x-forwarded-client-cert-headers
@strekm strekm added kind/feature Categorizes issue or PR as related to a new feature. Epic labels Oct 23, 2023
@kyma-bot
Copy link
Contributor

This issue or PR has been automatically marked as stale due to the lack of recent activity.
Thank you for your contributions.

This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 7d of inactivity since lifecycle/stale was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Close this issue or PR with /close

If you think that I work incorrectly, kindly raise an issue with the problem.

/lifecycle stale

@kyma-bot kyma-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 22, 2023
@strekm strekm removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 28, 2023
@strekm
Copy link
Collaborator Author

strekm commented Apr 17, 2024

As stated in Istio docu no additional configuration is needed for XFCC. Default value for forwardClientCertDetails is SANITIZE_SET, which should be sufficient to cover most cases.

There's API Gateway module docu on how to secure a workload with certificate.

Finally there's feature request filed in API Gateway module to make that flow part of APIRule.

@strekm strekm closed this as completed Apr 17, 2024
@strekm strekm added the wontfix This will not be worked on label Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Epic kind/feature Categorizes issue or PR as related to a new feature. wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@strekm @kyma-bot