search

aws-controllers-k8s / community

AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
https://aws-controllers-k8s.github.io/community/
Apache License 2.0
2.41k stars 254 forks source link

ElastiCache redis: Support TransitEncryptionMode 'preferred' #1912

Open jdnurmi opened 1 year ago

jdnurmi commented 1 year ago

Is your feature request related to a problem? While transitioning our clusters to encrypted transport, a middle-step is often required - where transit encryption is enabled, but not mandatory. Fortunately, with elasticache there is a solution: "TransitEncryptionMode: preferred". This is, however, not supported by the elasticache ACK.

Describe the solution you'd like I would love to see that feature exposed - only valid if TransportEncryption: true, and with available values "required" and "preferred"; Mutable at runtime.

Describe alternatives you've considered Manually adjusting the cluster works, and because the ACK is oblivious to this knob, it's not otherwise disruptive. But it does mean bringing up a new cluster with optional encryption is a two step process (creating with ACK, modifying outside of ACK), which is less than ideal.

a-hilaly commented 1 year ago

/cc @aws-controllers-k8s/elasticache-maintainer

ack-bot commented 7 months ago

Issues go stale after 180d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 60d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale

ack-bot commented 1 month ago

Issues go stale after 180d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 60d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale