search

emissary-ingress / emissary

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
https://www.getambassador.io
Apache License 2.0
4.33k stars 682 forks source link

Feature Request - TLS Support for TracingService #5493

Open eanveden opened 7 months ago

eanveden commented 7 months ago

Please describe your use case / problem. Our organization has a strict compliance requirement that mandate all end-to-end communications with services to be conducted over HTTPS. Presently, we utilize cluster-wide OTLP collectors exposing trace endpoints over TLS. However, there is currently no way to customize TracingService for exporting traces using TLS.

Describe the solution you'd like An additional field under TracingService that supports TLS. Something similar to

tls:
  ca_file: /some/path/trusted-ca.crt
  cert_file: /some/path/tls.crt
  key_file: /some/path/tls.key
service:
driver:
config: 
custom_tags:
tag_headers: 
propagation_modes:

Describe alternatives you've considered Haven't been able to come up with anything unfortunately. Putting a proxy to handle the TLS negotiation wouldn't be a viable alternative since we require E2E TLS.

MikeKlebolt commented 7 months ago

Hello, can we please get some traction on this so we can remain TLS compliant within our organization?