Support TLS Credentials in gRPC Probe

kubernetes / enhancements

Enhancements tracking repo for Kubernetes

Apache License 2.0

3.45k stars 1.49k forks source link

Support TLS Credentials in gRPC Probe #4939

Open kkoch986 opened 3 weeks ago

kkoch986 commented 3 weeks ago

Enhancement Description

One-line enhancement description (can be used as a release note): Adds the ability to configure client side TLS on the gRPC probe
Kubernetes Enhancement Proposal:
Discussion Link:
Primary contact (assignee):
Responsible SIGs: sig-node
Enhancement target (which target equals to which milestone):
- Alpha release target (x.y):
- Beta release target (x.y):
- Stable release target (x.y):
[ ] Alpha
- [ ] KEP (k/enhancements) update PR(s):
- [ ] Code (k/k) update PR(s):
- [ ] Docs (k/website) update PR(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

kkoch986 commented 3 weeks ago

/sig node

saschagrunert commented 1 week ago

I'd be in favor of this, what do @kubernetes/sig-node-proposals folks think?

kkoch986 commented 1 week ago

havent contributed before but im happy to take a crack at implementing it and progressing the KEP. may need a little guidance though

SergeyKanzhelev commented 6 days ago

yes. I think ignoring certificate issues may not even need a KEP. Need to think thru scenarios, but I doubt we will break anybody if we will enable it. I tried once, but didn't push thru: https://github.com/kubernetes/kubernetes/pull/124522

kkoch986 commented 3 days ago

@SergeyKanzhelev yea i think we would need to provide an option since if the server is not accepting TLS and you include the TLS transport credentials itll fail to connect.

my thought was to just add the ability to just provide a cert, but maybe it would be helpful to also be able to disable the verification as well.

i can start putting my ideas together in the KEP and see what everyone thinks if that seems like the right next steps