Skip to content

Configure Mutual TLS Termination in a Gateway #2110

@frankbu

Description

@frankbu

What would you like to be added:

GatewayTLSConfig should support 3 variants of Terminate mode:

  1. Simple TLS
  2. Mutual (mTLS)
  3. Mesh (Terminate mTLS managed by a mesh) - GAMMA only

Why this is needed:

The required certificateRef depends on which of the above Terminate modes is used.

This can currently be supported using an implementation-specific option. Istio, for example, has:

    tls:
      mode: Terminate
      certificateRefs:
      - name: example-credential
      options:
        gateway.istio.io/tls-terminate-mode: MUTUAL

Providing a standard API for this would be much better.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions