Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Option for Ingress to Reach pods through SSL #328

Open
Tracked by #301 ...
NiJuFirenzia opened this issue Nov 20, 2024 · 4 comments
Open
Tracked by #301 ...

Allow Option for Ingress to Reach pods through SSL #328

NiJuFirenzia opened this issue Nov 20, 2024 · 4 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@NiJuFirenzia
Copy link

Currently Pods such as Deck and Hook rely on the SSL connection being terminated after reaching Ingress. This only allows for a http backend protocol. We would like for the option to also allow Prow pods to talk to the ingress without terminating ssl so that ingresses can have an https backend protocol. This will allow for a more secure set up.

@BenTheElder
Copy link
Member

/kind feature

Have you considered something like mTLS with istio / linkerd / ...?

I don't think we have a use case for the kubernetes project to add this complexity and we haven't seen this request from any other user so far, it's very common to use a loadbalancer or ingress for TLS termination to users.

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 21, 2024
@NiJuFirenzia
Copy link
Author

Hi Ben, we had a requirement come in from our organization that all ingresses must use an https backend protocol. I was thinking offering this option as well if anyone else using prow might run into similar requirements. I was able to get this working in my testing by modifying deck and hook to use the interrupts.ListenAndServeTLS() method. I plan to open a PR once everything is validated in the near future.

@BenTheElder
Copy link
Member

Please understand that prow has very limited maintainer bandwidth at the moment (I am not active as one, but I am keeping an eye on the repo as a lead of the sponsoring SIG), and the functionality we already have is essential to running the Kubernetes project itself.

This was referenced Nov 22, 2024
@NiJuFirenzia
Copy link
Author

No worries, I would be happy to contribute this change and verify that it doesnt brake any current functionalities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

3 participants