The design doc explains that meshes are namespace-scoped for tenant isolation, but doesn't cover what happens at the trust layer when multiple meshes share a trust root.
Two scenarios where this matters:
- Two meshes in the same namespace referencing the same Issuer
- Any mesh referencing a ClusterIssuer (shared by definition)
In both cases the meshes share a trust root, which means cross-mesh mTLS succeeds.
This may be intentional (single-org deployments) or a misconfiguration (multi-tenant).
The design doc should explain this in the "Cluster Selection and Multi-Tenancy" section so admins can make an informed decision.
Triggered by #149 adding ClusterIssuer support.
The design doc explains that meshes are namespace-scoped for tenant isolation, but doesn't cover what happens at the trust layer when multiple meshes share a trust root.
Two scenarios where this matters:
In both cases the meshes share a trust root, which means cross-mesh mTLS succeeds.
This may be intentional (single-org deployments) or a misconfiguration (multi-tenant).
The design doc should explain this in the "Cluster Selection and Multi-Tenancy" section so admins can make an informed decision.
Triggered by #149 adding ClusterIssuer support.