New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terminate API TLS with an ELB #234
Comments
I'm pretty sure we use client certificates and ELB doesn't support them. But I'll check! |
It wouldn't. I guess I was just not aware of how authentication and encryption were handled. If token or basic auth were used would we need TLS termination? |
Could do it in TCP mode instead of actually terminating things. |
Does this relate to #834 ? |
We now have ELB support for the API (and some refinements in #1268). Moving this particular issue (TLS offload / custom certs) to 1.5.1 though. |
Is this actually needed? We do this by simply creating a separate "External" service record with a cert via the annotation in TCP mode and let dns-controller create the DNS for it. |
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
It would be great if we could allow the API's TLS to be terminated by an ELB. This would allow us to reuse certificates we have and avoid distributing the certs/keys around to the nodes. It's likely we would want to be going through an ELB when everything is deployed into private subnets as well.
The text was updated successfully, but these errors were encountered: