Extracted from Krzysztof 's requirement:

• If you are exposing outside of the cluster
  • HTTPS only
  • at least basic auth with credentials defined in you helm charts
  • If you need more users you should use AAF user store (can be own store
    if you face an issue that cannot be fixed due to AAF maintenance mode)

• If you are only inside a cluster:
  • having at least basic auth if recommended however not really enforcing
    as we are seeking for a new access control solution (aka service mesh)