Open NiJuFirenzia opened 1 day ago
BenTheElder
commented
12 hours ago /kind feature
Have you considered something like mTLS with istio / linkerd / ...?
I don't think we have a use case for the kubernetes project to add this complexity and we haven't seen this request from any other user so far, it's very common to use a loadbalancer or ingress for TLS termination to users.
NiJuFirenzia
commented
12 hours ago Hi Ben, we had a requirement come in from our organization that all ingresses must use an https backend protocol. I was thinking offering this option as well if anyone else using prow might run into similar requirements. I was able to get this working in my testing by modifying deck and hook to use the interrupts.ListenAndServeTLS() method. I plan to open a PR once everything is validated in the near future.
BenTheElder
commented
11 hours ago Please understand that prow has very limited maintainer bandwidth at the moment (I am not active as one, but I am keeping an eye on the repo as a lead of the sponsoring SIG), and the functionality we already have is essential to running the Kubernetes project itself.
Currently Pods such as Deck and Hook rely on the SSL connection being terminated after reaching Ingress. This only allows for a http backend protocol. We would like for the option to also allow Prow pods to talk to the ingress without terminating ssl so that ingresses can have an https backend protocol. This will allow for a more secure set up.