Open hairishhanda opened 9 months ago
@rooftopcellist is there a limitation for TLS with nodeport?
Since Service is not for HTTP but for TCP/UDP, so there is no built-in feature to terminate TLS. Therefore, if we support HTTPS over NodePort, it is necessary to allow Nginx in awx-web pod to receive HTTPS directly.
Since Service is not for HTTP but for TCP/UDP, so there is no built-in feature to terminate TLS. Therefore, if we support HTTPS over NodePort, it is necessary to allow Nginx in awx-web pod to receive HTTPS directly.
Hello, Is there any method to do this? or will it be introduced in future releases ?
@hairishhanda I added help wanted label. The best chance of this getting implemented soon is if a community member can open up a PR for it
There is very ugly way (== that I do NOT recommend) for exposing the HTTPS from web container - modifying the nginx_conf
in cm/<instance_name>-awx-configmap
to use ssl on port 8052/tcp - problem is that you need to give it some certificate to work or miss-use some that is around if you don't care about security but just ability to use HTTPS.
Better approach is really a change in awx-operator. I have created the PR #1688 that is doing exactly that, so feel free to have a look if that would fit your use case. It works for me - my goal being need to use awx.awx ansible modules that insists on HTTPS.
Please confirm the following
Feature type
Enhancement to Existing Feature
Feature Summary
Document Refrence - https://github.com/ansible/awx-operator/blob/devel/docs/user-guide/network-and-tls-configuration.md
There is not option to enable SSL for while using NodePort.
Select the relevant components
Steps to reproduce
apiVersion: v1 kind: Service metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","kind":"Service","metadata":{"labels":{"app.kubernetes.io/component":"awx","app.kubernetes.io/managed-by":"awx-operator","app.kubernetes.io/operator-version":"2.1.0","app.kubernetes.io/part-of":"awx"},"name":"awx-service","namespace":"awx"},"spec":{"ports":[{"name":"http","nodePort":30080,"port":80,"protocol":"TCP","targetPort":8052}],"selector":{"app.kubernetes.io/component":"awx","app.kubernetes.io/managed-by":"awx-operator","app.kubernetes.io/name":"awx-web"},"type":"NodePort"}}' labels: app.kubernetes.io/component: awx app.kubernetes.io/managed-by: awx-operator app.kubernetes.io/operator-version: 2.1.0 app.kubernetes.io/part-of: awx name: awx-service namespace: awx ownerReferences:
Current results
ports:
Sugested feature result
HTTPS support with NodePort.
Additional information
No response