New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify openstack metadata endpoint to be HTTPS #56892

Closed
bputt opened this Issue Dec 6, 2017 · 4 comments

Comments

Projects
None yet
4 participants
@bputt

bputt commented Dec 6, 2017

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind feature

What happened: The openstack cloud-provider plugin doesn't allow you to update the metadata url to use HTTPS. The HTTP option is not available for me.

I'm not able to use the config drive, so the metadata url is my only option: #47392

You can see the url is statically set:

https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/metadata.go

metadataUrlTemplate = "http://169.254.169.254/openstack/%s/meta_data.json"

What you expected to happen:

I'd like to be able to configure the ability to use HTTPS and specify a ca-cert

Anything else we need to know?:
Self signed certs

Environment:

  • Kubernetes version (use kubectl version): 1.8.4
  • Cloud provider or hardware configuration: openstack
  • OS (e.g. from /etc/os-release): CentOS 7.4
  • Kernel (e.g. uname -a): Linux 3.10
  • Install tools:
  • Others:
@bputt

This comment has been minimized.

Show comment
Hide comment
@bputt

bputt Dec 6, 2017

/sig openstack

bputt commented Dec 6, 2017

/sig openstack

@dims

This comment has been minimized.

Show comment
Hide comment
@dims

dims Dec 22, 2017

Member

@bputt i have a fix in progress for kubeadm+config_drive (and a tip about privileged containers) over at kubernetes/kubeadm#588

I am not familiar with this pattern of a https:// based metadata url, is this a public cloud provider? can you name names? :)

Thanks,
Dims

Member

dims commented Dec 22, 2017

@bputt i have a fix in progress for kubeadm+config_drive (and a tip about privileged containers) over at kubernetes/kubeadm#588

I am not familiar with this pattern of a https:// based metadata url, is this a public cloud provider? can you name names? :)

Thanks,
Dims

@bputt

This comment has been minimized.

Show comment
Hide comment
@bputt

bputt Dec 25, 2017

@dims thanks for working on the other issue. I can't provide information about the provider, but I was able to modify the source code and add some https logic to get everything working. I may submit a PR in January.

bputt commented Dec 25, 2017

@dims thanks for working on the other issue. I can't provide information about the provider, but I was able to modify the source code and add some https logic to get everything working. I may submit a PR in January.

@dims

This comment has been minimized.

Show comment
Hide comment
@dims

dims Feb 13, 2018

Member

/close

Member

dims commented Feb 13, 2018

/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment