Draft: Envoy Gateway: Optionally manage ClientTrafficPolicy and SecurityPolicy
What does this MR do?
Envoy Gateway: Optionally manage ClientTrafficPolicy and SecurityPolicy
These can be useful e.g. to configure IP allow/denylisting and proxy protocol behaviour:
- https://gateway.envoyproxy.io/docs/tasks/security/restrict-ip-access/#create-a-securitypolicy
- https://gateway.envoyproxy.io/contributions/design/client-traffic-policy/#features--api-fields
Relates https://gitlab.com/gitlab-com/gl-infra/software-delivery/operate/team-tasks/-/issues/15
Related issues
Author checklist
For general guidance, please follow our Contributing guide.
Required
For anything in this list which will not be completed, please provide a reason in the MR discussion.
- Merge Request Title and Description are up to date, accurate, and descriptive.
- MR targeting the appropriate branch.
- MR has a green pipeline.
- Documentation created/updated.
- Tests added/updated, and test plan for scenarios not covered by automated tests.
- Equivalent MR/issue for omnibus-gitlab opened.
Reviewers checklist
- MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
- Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.
Edited by Clemens Beck