Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Full TLS for cluster components #822

Closed
bogdando opened this issue Dec 27, 2016 · 5 comments
Closed

Full TLS for cluster components #822

bogdando opened this issue Dec 27, 2016 · 5 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. security

Comments

@bogdando
Copy link
Contributor

Users want option to deploy K8s clusters by Kargo with nothing using unsecure HTTP connections, even to localhost:port. Related http://kubernetes.io/docs/admin/kube-apiserver/ and kubernetes/kubernetes#10159
@bogdando bogdando mentioned this issue Dec 27, 2016
Closed
@sandys
Copy link

sandys commented Dec 27, 2016

+1 - also, I believe that kargo should setup secure by default for the control plane. The only situation where this may have a challenge is when an external etcd cluster is used : in which case --etcd-cafile=/var/lib/kubernetes/ca.pem and --etcd-servers=https://10.240.0.10:2379,https://10.240.0.11:2379,https://10.240.0.12:2379 can anyways be used.

bugs to consider - kubernetes/kubernetes#14977, kubernetes/kubernetes#15056, kubernetes/kubernetes#29330 , kubernetes/kubernetes#27343, https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/153

there seems to be a hardcoding issue - kubernetes/kubernetes#27343 (comment)

@bogdando bogdando added this to the v2.2.0 milestone Jan 10, 2017
@ant31
Copy link
Contributor

ant31 commented Aug 15, 2018

which pieces are missing ? I think only the localhost:8080 nginx for HA masters ?

@ant31 ant31 modified the milestones: v2.2, 2.7 Aug 15, 2018
@Atoms Atoms added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 21, 2018
@woopstar woopstar removed this from the 2.7 milestone Sep 28, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 10, 2019
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Atoms @sandys @ant31 @bogdando @woopstar @k8s-ci-robot @fejta-bot