y-eight
commented
3 weeks ago We need to focus on "Allow the target discovery to use HTTP". The possibility to use http communication will be a lot easier to configure in the current situation.
We could just write the targetmanager files at gitlab including the protocol https/http.
Is there an existing feature request for this?
Problem Description
Currently, the sparrow http server can only be exposed through http, without tls. This is a security and also kind of a UX issue, as exposing sparrow over https requires some form of reverse proxy. This isn't an issue when running in k8s, as the ingress will usually take care of it. It only becomes an issue when sparrow is deployed anywhere without a reverse proxy, like VMs etc.
There is also a second more annoying issue: Sparrows auto discovery always uses https, even when a target is configured as http, which makes circumventing the issue really annoying, requiring the user to setup a reverse proxy again, which we don't want.
Solution Description
Add a config flag allowing the api server to be served over https
This fixes the first issue, allowing user to deploy sparrow with https everywhere
Allow the target discovery to use http
This allows for scenarios where for some reason we want to be insecure and addresses the second point
Who can address the issue?
Any dev
Additional Context
No response