Open OmegaVVeapon opened 11 months ago
Hi @OmegaVVeapon , thanks for attending our help session today. As we discussed, the endpoint is hard-coded as HTTP. You might consider a service mesh to make this work. Also, we’re open to contributions as long as they don’t introduce breaking changes. You could join our #emissary-dev channel in our Slack (a8r.io/slack) to discuss further and we have a monthly contributors meeting you're welcome to join,.
Please describe your use case / problem. Due to compliance reasons, we have a requirement to call every SVC in our Kubernetes cluster using HTTPS. I didn't see any mention of HTTPS support in the docs https://www.getambassador.io/docs/emissary/latest/topics/running/statistics/8877-metrics and I poked a bit in the code and didn't see anything either in the
/metrics
route. https://github.com/emissary-ingress/emissary/blob/master/python/ambassador_diag/diagd.py#L1242C40-L1242C40 Seems to be further confirmed in the downstream call to the Envoy process's/stats/prometheus
endpoint on HTTP. https://github.com/emissary-ingress/emissary/blob/master/python/ambassador/diagnostics/envoy_stats.py#L273C13-L273C13Describe the solution you'd like We'd like a way to provide a cert to Emissary to use in TLS negotiations to the
/metrics
endpointDescribe alternatives you've considered Haven't been able to come up with anything unfortunately. Even putting a proxy in between us and Emissary to handle the TLS negotiation to
/metrics
wouldn't be a viable alternative since we require E2E TLS.