This would give the user more control over the networking policies and security.
Peers and orderers have to be exposed to the peers and orderers of the other organizations (either over a VPN or over the internet), but Certificate Authorities and the Console can usually stay private. And would be more secure to keep private. One way to manage it is to use two ingress controllers; one private and one public (or at least 'network public') - each of which exposed through a different loadbalancer with its own networking and firewall.
As far as I can tell it's not supported by the operator though; currently the ingressClass is hardcoded as nginx. Would it be possible (and feasible and desirable ;)) to make it configurable per component (e.g. supplying it in the config when deploying a peer)?
This would give the user more control over the networking policies and security.
Peers and orderers have to be exposed to the peers and orderers of the other organizations (either over a VPN or over the internet), but Certificate Authorities and the Console can usually stay private. And would be more secure to keep private. One way to manage it is to use two ingress controllers; one private and one public (or at least 'network public') - each of which exposed through a different loadbalancer with its own networking and firewall.
As far as I can tell it's not supported by the operator though; currently the ingressClass is hardcoded as
nginx. Would it be possible (and feasible and desirable ;)) to make it configurable per component (e.g. supplying it in the config when deploying a peer)?