Closed shawn-hurley closed 6 years ago
We discussed this today and got a security analysis from @enj, who concluded that TLS is not helpful nor necessary in this case. It is apparently common for components to communicate (even with sensitive data) via localhost inside a pod, without using encryption. localhost within a pod is sufficiently isolated and restricted that adding TLS would not add value.
With the addition of TLS in the operator SDK, we should be able to generate a CA and serving certs to set up secure communication of the kubeconfig and the proxy if the user wanted this.