search

microsoft / azure-container-apps

Roadmap and issues for Azure Container Apps
MIT License
355 stars 27 forks source link

Feature Request: Support for SSL/TLS -> TCP with Managed Certificates #1170

Open thorfi opened 1 month ago

thorfi commented 1 month ago

Issue Current ingress options do not have an option for SSL/TLS -> TCP with Managed Certificates

Description

The ideal solution would be to just be able to specify "transport" as "ssl" and then have everything work like it does for HTTPS, taking SNI from the hostname and managed certificate binding, then converting the stream to tcp to the running container(s).

e.g.:

          "ingress": {
            "allowInsecure": false,
            "exposedPort": 5432,
            "external": true,
            "targetPort": 5432,
            "traffic": [
              {
                "latestRevision": true,
                "weight": 100
              }
            ],
            "transport": "ssl"
          },

Alternatives The current option involves generating certificates and obtaining them inside the running container app securely and then running a sidecar or service inside each container to handle SSL. This is inefficient and difficult in comparison to being able to use a Managed Certificate and hostname binding.

anthonychu commented 4 weeks ago

Managed certs are only supported in the HTTP ingress and there are currently no plans to support this. Please upvote this issue if you need it too.