TLS¶
A Kuadrant TLSPolicy custom resource:
Targets Gateway API networking resources Gateways to provide tls for gateway listeners by managing the lifecycle of tls certificates using CertManager
.
How it works¶
The TLSPolicy custom resource¶
Overview¶
The TLSPolicy
spec includes the following parts:
- A reference to an existing Gateway API resource (
spec.targetRef
)
High-level example and field definition¶
apiVersion: kuadrant.io/v1
kind: TLSPolicy
metadata:
name: my-tls-policy
spec:
# reference to an existing networking resource to attach the policy to
# it can only be a Gateway API Gateway resource
# it can only refer to objects in the same namespace as the TLSPolicy
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: mygateway
Check out the API reference for a full specification of the TLSPolicy CRD.
Using the TLSPolicy¶
Targeting a Gateway networking resource¶
When a TLSPolicy targets a Gateway, the policy will be enforced on all gateway listeners that have a valid TLS section.
Target a Gateway by setting the spec.targetRef
field of the TLSPolicy as follows:
apiVersion: kuadrant.io/v1
kind: TLSPolicy
metadata:
name: <TLSPolicy name>
spec:
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: <Gateway Name>
Examples¶
Check out the following user guides for examples of using the Kuadrant TLSPolicy: