|
|
|
|
|
|
by ithkuil
3045 days ago
|
|
|
> the Kubernetes patterns here would mean we need to duplicate the secret data into each applications namespace, allowing a compromise of one to compromise the TLS of all yeah, this would be wrong indeed. Is there any requirement for an TLS terminating proxy acting as k8s ingress to actually store the TLS secrets in the same namespace where the requesting ingress object lives? |
|
|
There may be ways around this, however, I've never personally looked for them.