-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature]: The communication between the operator and the instance manager should be encrypted #4441
Open
2 tasks done
Comments
mnencia
added a commit
that referenced
this issue
May 6, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 13, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
armru
pushed a commit
that referenced
this issue
May 21, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 22, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 23, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
gbartolini
added
enhancement 🪄
New feature or request
security 👮
and removed
triage
Pending triage
labels
May 25, 2024
mnencia
added a commit
that referenced
this issue
May 27, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 28, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
litaocdl
pushed a commit
that referenced
this issue
May 29, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 29, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 30, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
May 30, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
mnencia
added a commit
that referenced
this issue
Jun 4, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue already for this feature request/idea?
What problem is this feature going to solve? Why should it be added?
Even if no sensitive data is sent in the status connection, using SSL/TLS in all HTTP connections is desirable.
Describe the solution you'd like
Both the end of the status connection are controlled by the CNPG code, so it should be possible to update an existing cluster without losing the connectivity. The status connection, however, is also used for the probes, so it will require recreating the pods to upgrade the protocol from HTTP to HTTPS.
Online upgrades of the instance manager will require particular attention to be supported. The new instance manager should continue to serve HTTP until the pod is recreated to avoid breaking the probes.
Describe alternatives you've considered
We could encrypt the connection using an external tool like Istio, but it would not be by default and would complicate the deployment.
Additional context
After implementing this feature, we should also consider adding TLS capabilities to the metrics exporter.
Backport?
No
Are you willing to actively contribute to this feature?
Yes
Code of Conduct
The text was updated successfully, but these errors were encountered: