search

cloudfoundry / eirini

Pluggable container orchestration for Cloud Foundry, and a Kubernetes backend
Apache License 2.0
115 stars 30 forks source link

Allow plaintext http communication #95

Closed cwlbraa closed 4 years ago

cwlbraa commented 4 years ago

Description

OPI doesn't support plaintext clients. In cf-for-k8s, we have mTLS enabled everywhere via istio & envoy. When requests pass from envoy ingress to eirini, they must be decrypted twice- once at the envoy layer and again by the OPI server.

Steps to reproduce

Try to configure OPI without TLS certificates.

What was expected to happen

It successfully starts a plaintext http server.

What actually happened

It fails because there are no TLS certificates

Suggested fix (optional)

Run a plaintext http server when TLS certificates are not provided, perhaps with an additional "serve_plaintext" configuration that defaults to false.

cf-gitbot commented 4 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/172926704

The labels on this github issue will be updated when the story is started.