search

kubernetes-sigs / kubespray

Deploy a Production Ready Kubernetes Cluster
Apache License 2.0
16.16k stars 6.48k forks source link

Full TLS for cluster components #822

Closed bogdando closed 5 years ago

bogdando commented 7 years ago

Users want option to deploy K8s clusters by Kargo with nothing using unsecure HTTP connections, even to localhost:port. Related http://kubernetes.io/docs/admin/kube-apiserver/ and https://github.com/kubernetes/kubernetes/issues/10159

sandys commented 7 years ago

+1 - also, I believe that kargo should setup secure by default for the control plane. The only situation where this may have a challenge is when an external etcd cluster is used : in which case --etcd-cafile=/var/lib/kubernetes/ca.pem and --etcd-servers=https://10.240.0.10:2379,https://10.240.0.11:2379,https://10.240.0.12:2379 can anyways be used.

bugs to consider - https://github.com/kubernetes/kubernetes/issues/14977, https://github.com/kubernetes/kubernetes/issues/15056, https://github.com/kubernetes/kubernetes/issues/29330 , https://github.com/kubernetes/kubernetes/issues/27343, https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/153

there seems to be a hardcoding issue - https://github.com/kubernetes/kubernetes/issues/27343#issuecomment-226137088

ant31 commented 6 years ago

which pieces are missing ? I think only the localhost:8080 nginx for HA masters ?

fejta-bot commented 5 years ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten

fejta-bot commented 5 years ago

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /close

k8s-ci-robot commented 5 years ago

@fejta-bot: Closing this issue.

In response to [this](https://github.com/kubernetes-sigs/kubespray/issues/822#issuecomment-491461825): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen`. >Mark the issue as fresh with `/remove-lifecycle rotten`. > >Send feedback to sig-testing, kubernetes/test-infra and/or [fejta](https://github.com/fejta). >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.