Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Epic] TLS configuration enhancements #168

Open
1 task
andrewazores opened this issue Jul 9, 2024 · 4 comments
Open
1 task

[Epic] TLS configuration enhancements #168

andrewazores opened this issue Jul 9, 2024 · 4 comments
Labels
feat New feature or request

Comments

@andrewazores
Copy link
Member

andrewazores commented Jul 9, 2024

Describe the feature

End users should have the following new options for TLS:

  1. If using OpenShift, enable the serving-cert feature. This is implemented now, but only in a way where it is tied to deployment of the openshift-oauth-proxy
  2. Supply their own custom certs
  3. Configure the auth proxy (OpenShift or OAuth2) to use custom certs
  4. Auto-configure the auth proxy (OpenShift or OAuth2) to use OpenShift serving-cert, if serving-cert is enabled and no custom certs are supplied

Anything other information?

No response

@andrewazores andrewazores added the feat New feature or request label Jul 9, 2024
@andrewazores andrewazores moved this to Backlog in 4.0.0 release Jul 9, 2024
@andrewazores
Copy link
Member Author

Some discussion here: #167 (comment)

@tthvo
Copy link
Member

tthvo commented Jul 9, 2024

I guess there is one small thing to note is that the oauth proxy seems not to set some X-Forwarded-* header so redirect will likely fail. When ingress or route is available, those headers are set and forwarded correctly.

https://github.com/mwangggg/cryostat3/blob/35f8a9eff8a3080d2c004ac65efab6c2749ac2f3/compose/auth_proxy_alpha_config_https.yaml#L29-L35

@andrewazores
Copy link
Member Author

The proxy seems not to set those headers on its own, but that configuration adds them in so that it does set them. So long as the relevant environment variables get set then it should work out, I think.

@andrewazores
Copy link
Member Author

#115 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feat New feature or request
Projects
Status: Backlog
Development

No branches or pull requests

2 participants