You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kong gateway supports to create custom vaults (https://docs.konghq.com/gateway/3.5.x/kong-enterprise/secrets-management/) to store sensitive data and reference them by vault URI in plugin configurations. So we need to define a KongVault CRD to represent a custom Kong vault. This issue tracks the implementation of KongVault CRD.
Proposed Solution
Add a KongVault CRD in configuration.konghq.com/v1alpha1 group/version to represent a custom Kong vault.
Additional information
No response
Acceptance Criteria
Has the definition and basical CEL validation rules of KongVault CRD.
The text was updated successfully, but these errors were encountered:
Why v1alpha1? This feels like a low-risk change to me with a well defined schema.
Am I reading this correctly that we'd like to push it up to let's say v1beta1 group to give users a hint that it's a bit more stable/mature API than alpha?
I'd argue that we err on the safe side and release alpha first and after a reasonable soak time push it up to beta. WDYT?
Why v1alpha1? This feels like a low-risk change to me with a well defined schema.
Why CEL? We need to delegate validation to Gateway's validation endpoint anyway. The two validations could get out of sync
Why v1alpha1: I do not have the confidence that there will be no major changes on this API so I first add it in v1alpha1. If we have the common sense that there will be no major changes (say remove or change the semantic of existing fields) on the API, we may move it to v1beta1.
I think the major validation should happen on gateway side, but the CELs are for the most basic validations, like backend cannot be empty, prefix should be unique (This seems not to have a supporting CEL expression?)
As soon as this API is shipped, customers will adopt it. I'd prefer to spend extra cycles before shipping and provide something that we're confident with in v1beta1 than ship an alpha and potentially change it
Is there an existing issue for this?
Problem Statement
Split from #4559.
Kong gateway supports to create custom vaults (https://docs.konghq.com/gateway/3.5.x/kong-enterprise/secrets-management/) to store sensitive data and reference them by vault URI in plugin configurations. So we need to define a
KongVault
CRD to represent a custom Kong vault. This issue tracks the implementation ofKongVault
CRD.Proposed Solution
Add a
KongVault
CRD inconfiguration.konghq.com/v1alpha1
group/version to represent a custom Kong vault.Additional information
No response
Acceptance Criteria
KongVault
CRD.The text was updated successfully, but these errors were encountered: