Allow Option for Ingress to Reach pods through SSL #328
Comments
|
/kind feature Have you considered something like mTLS with istio / linkerd / ...? I don't think we have a use case for the kubernetes project to add this complexity and we haven't seen this request from any other user so far, it's very common to use a loadbalancer or ingress for TLS termination to users. |
k8s-ci-robot
added
the
kind/feature
|
Hi Ben, we had a requirement come in from our organization that all ingresses must use an https backend protocol. I was thinking offering this option as well if anyone else using prow might run into similar requirements. I was able to get this working in my testing by modifying deck and hook to use the interrupts.ListenAndServeTLS() method. I plan to open a PR once everything is validated in the near future. |
|
Please understand that prow has very limited maintainer bandwidth at the moment (I am not active as one, but I am keeping an eye on the repo as a lead of the sponsoring SIG), and the functionality we already have is essential to running the Kubernetes project itself. |
|
No worries, I would be happy to contribute this change and verify that it doesnt brake any current functionalities |
Currently Pods such as Deck and Hook rely on the SSL connection being terminated after reaching Ingress. This only allows for a http backend protocol. We would like for the option to also allow Prow pods to talk to the ingress without terminating ssl so that ingresses can have an https backend protocol. This will allow for a more secure set up.
The text was updated successfully, but these errors were encountered: