You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When deploying Argo Events in a cluster with a service mesh such as Linkerd or Istio, we would want to use our internal x.509 certificate infrastructure and not the one bootstrapped via Argo Events.
While we can double-layer TLS fairly easily, this causes unnecessary overhead. Instead, we would prefer to have an easy mechanism to disable TLS globally for the Argo Events deployment, so that we can simply use the TLS of our injected service mesh sidecars.
Describe the solution you'd like
An option in the main events-controller for deploying NATS without TLS enabled.
Describe alternatives you've considered
We were able to disable TLS in NATs via startArgs = ["--tls=false"] in the EventBus specification.
However, there is no way to disable TLS in the EventSource or Sensor clients and they fail to launch.
As a result, there is currently no way to disable TLS without having to introduce something like a custom mutating webhook to override the pod specs that the event-controller creates.
Additional context
None
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
When deploying Argo Events in a cluster with a service mesh such as Linkerd or Istio, we would want to use our internal x.509 certificate infrastructure and not the one bootstrapped via Argo Events.
While we can double-layer TLS fairly easily, this causes unnecessary overhead. Instead, we would prefer to have an easy mechanism to disable TLS globally for the Argo Events deployment, so that we can simply use the TLS of our injected service mesh sidecars.
Describe the solution you'd like
An option in the main events-controller for deploying NATS without TLS enabled.
Describe alternatives you've considered
We were able to disable TLS in NATs via
startArgs = ["--tls=false"]
in the EventBus specification.However, there is no way to disable TLS in the EventSource or Sensor clients and they fail to launch.
As a result, there is currently no way to disable TLS without having to introduce something like a custom mutating webhook to override the pod specs that the event-controller creates.
Additional context
None
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered: