Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support TLS Credentials in gRPC Probe #4939

Open
4 tasks
kkoch986 opened this issue Oct 31, 2024 · 5 comments
Open
4 tasks

Support TLS Credentials in gRPC Probe #4939

kkoch986 opened this issue Oct 31, 2024 · 5 comments
Labels
kind/design Categorizes issue or PR as related to design. sig/node Categorizes an issue or PR as relevant to SIG Node.

Comments

@kkoch986
Copy link

Enhancement Description

  • One-line enhancement description (can be used as a release note): Adds the ability to configure client side TLS on the gRPC probe
  • Kubernetes Enhancement Proposal:
  • Discussion Link:
  • Primary contact (assignee):
  • Responsible SIGs: sig-node
  • Enhancement target (which target equals to which milestone):
    • Alpha release target (x.y):
    • Beta release target (x.y):
    • Stable release target (x.y):
  • Alpha
    • KEP (k/enhancements) update PR(s):
    • Code (k/k) update PR(s):
    • Docs (k/website) update PR(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Oct 31, 2024
@kkoch986
Copy link
Author

/sig node

@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 31, 2024
@saschagrunert
Copy link
Member

I'd be in favor of this, what do @kubernetes/sig-node-proposals folks think?

@k8s-ci-robot k8s-ci-robot added the kind/design Categorizes issue or PR as related to design. label Nov 11, 2024
@kkoch986
Copy link
Author

kkoch986 commented Nov 11, 2024

havent contributed before but im happy to take a crack at implementing it and progressing the KEP. may need a little guidance though

@SergeyKanzhelev
Copy link
Member

SergeyKanzhelev commented Nov 15, 2024

yes. I think ignoring certificate issues may not even need a KEP. Need to think thru scenarios, but I doubt we will break anybody if we will enable it. I tried once, but didn't push thru: kubernetes/kubernetes#124522

@kkoch986
Copy link
Author

@SergeyKanzhelev yea i think we would need to provide an option since if the server is not accepting TLS and you include the TLS transport credentials itll fail to connect.

my thought was to just add the ability to just provide a cert, but maybe it would be helpful to also be able to disable the verification as well.

i can start putting my ideas together in the KEP and see what everyone thinks if that seems like the right next steps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/design Categorizes issue or PR as related to design. sig/node Categorizes an issue or PR as relevant to SIG Node.
Projects
None yet
Development

No branches or pull requests

4 participants