Is there an existing issue already for this feature request/idea?

• I have searched for an existing issue, and could not find anything. I believe this is a new feature request to be evaluated.

What problem is this feature going to solve? Why should it be added?

Even if no sensitive data is sent in the status connection, using SSL/TLS in all HTTP connections is desirable.

Describe the solution you'd like

Both the end of the status connection are controlled by the CNPG code, so it should be possible to update an existing cluster without losing the connectivity. The status connection, however, is also used for the probes, so it will require recreating the pods to upgrade the protocol from HTTP to HTTPS.

Online upgrades of the instance manager will require particular attention to be supported. The new instance manager should continue to serve HTTP until the pod is recreated to avoid breaking the probes.

Describe alternatives you've considered

We could encrypt the connection using an external tool like Istio, but it would not be by default and would complicate the deployment.

Additional context

After implementing this feature, we should also consider adding TLS capabilities to the metrics exporter.

Backport?

No

Are you willing to actively contribute to this feature?

Yes

Code of Conduct

• I agree to follow this project's Code of Conduct