Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add optional config for TLS support #53

Open
jnan806 opened this issue Feb 9, 2023 · 7 comments · May be fixed by #56
Open

Add optional config for TLS support #53

jnan806 opened this issue Feb 9, 2023 · 7 comments · May be fixed by #56
Assignees
@123liuziming
Labels
kind/feature Category issues or PRs related to feature request.

Comments

@jnan806
Copy link
Collaborator

jnan806 commented Feb 9, 2023

Issue Description

Type: feature request

Describe what feature you want

Add optional config for supporting TLS which user can enable the TLS transport
@123liuziming
Copy link
Contributor

Maybe I can try this?

@jnan806
Copy link
Collaborator Author

jnan806 commented Feb 9, 2023
edited

@123liuziming has assigned to you, and looking forward to your contribution 😃

@jnan806 jnan806 added the kind/feature Category issues or PRs related to feature request. label Feb 9, 2023
@123liuziming
Copy link
Contributor

How can users configure the TLS certificate? There are a number of ways to do this, for example:

  1. Use K8s secret
  2. Just injecting the certificate into the environment variable of OpenSergo control plane
  3. Like what Istio does, OpenSergo manage the certificate itself. For example we can send a CSR to K8s and generate the key pair for the TLS connection of OpenSergo, or we can use the CA that users provide. In this way, user do not need to configure the certificate explicitly

@jnan806
Copy link
Collaborator Author

jnan806 commented Feb 13, 2023
edited

How can users configure the TLS certificate? There are a number of ways to do this, for example:

  1. Use K8s secret
  2. Just injecting the certificate into the environment variable of OpenSergo control plane
  3. Like what Istio does, OpenSergo manage the certificate itself. For example we can send a CSR to K8s and generate the key pair for the TLS connection of OpenSergo, or we can use the CA that users provide. In this way, user do not need to configure the certificate explicitly

@123liuziming
First, I prefer to plan 3 which means we provide a mechanism to manage the certificate.
But now, for convenient we can only implement this by plan 2,through System-Env,Config-Params, or File-Volume(like k8s ConfigMap...).

And then,we can improve it by generate OpenSergo key pairs and inject into plan 2

@sczyh30 What do you think about?

@123liuziming
Copy link
Contributor

We can try plan 2 first, later we may integrate the project into Istio, at that time we can reuse plan 3!

@123liuziming 123liuziming linked a pull request Feb 17, 2023 that will close this issue
Open
@123liuziming
Copy link
Contributor

image
Go CI seems timeout?

@jnan806 jnan806 linked a pull request Mar 3, 2023 that will close this issue
feat: Add tls support on port 10248 #56
Open
@jnan806
Copy link
Collaborator Author

jnan806 commented Mar 3, 2023

Go CI seems timeout?

I have re-run the CI, but it looks was blocked. So can you force-push it again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@123liuziming 123liuziming

Labels
kind/feature Category issues or PRs related to feature request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add tls support on port 10248 123liuziming/opensergo-control-plane
2 participants
@123liuziming @jnan806