Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question]Listen protocol of yurthub is http, why not https #361

Closed
luckymrwang opened this issue Jun 19, 2021 · 6 comments · Fixed by #386
Closed

[Question]Listen protocol of yurthub is http, why not https #361

luckymrwang opened this issue Jun 19, 2021 · 6 comments · Fixed by #386
Assignees
@luckymrwang
Labels
kind/question kind/question

Comments

@luckymrwang
Copy link
Member

luckymrwang commented Jun 19, 2021
edited
Loading

What happened:
The current listen protocol of yurthub is http, why not https?

What you expected to happen:
calico, kube-proxy and so on accessed apiserver using https by default. If they use yurthub will do many change.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:
What's the original purpose to use http?

Environment:

  • OpenYurt version: v0.4.0
  • Kubernetes version (use kubectl version): v1.20
  • OS (e.g: cat /etc/os-release): centos7
  • Kernel (e.g. uname -a):
  • Install tools:
  • Others:

others
/kind question
@luckymrwang luckymrwang added the kind/question kind/question label Jun 19, 2021
@qclc
Copy link
Member

qclc commented Jun 21, 2021

At present, the communication between yurthub and kube-apiserver uses https, and the communication between local components (such as kube-proxy, calico/flannel) and yurthub is http.

  • Original purpose: I think it's the communication between yurthub and internal components occurs locally, so the original design was http.
  • For network components, openyurt currently uses flannel by default, just configure the startup parameters of flannel to the listening address of yurthub to use flannel normally.

@qclc
Copy link
Member

qclc commented Jun 21, 2021

@rambohe-ch Hi, Does openyurt currently consider replacing the local communication with https to adapt to the components that use https communication by default?

@rambohe-ch
Copy link
Member

@luckymrwang Thank you for your question.
To be frankly, the original purpose of using http more simpler. and https is more useful and smoothly for edge workload to access yurthub. Would you like to take over to support https for yurthub?

@luckymrwang
Copy link
Member Author

luckymrwang commented Jun 21, 2021
edited
Loading

At present, the communication between yurthub and kube-apiserver uses https, and the communication between local components (such as kube-proxy, calico/flannel) and yurthub is http.

  • Original purpose: I think it's the communication between yurthub and internal components occurs locally, so the original design was http.
  • For network components, openyurt currently uses flannel by default, just configure the startup parameters of flannel to the listening address of yurthub to use flannel normally.

@qclc I got it. Thanks for your reply.

@luckymrwang
Copy link
Member Author

@luckymrwang Thank you for your question.
To be frankly, the original purpose of using http more simpler. and https is more useful and smoothly for edge workload to access yurthub. Would you like to take over to support https for yurthub?

@rambohe-ch Yes, I'd like to do it.

@rambohe-ch
Copy link
Member

/assign @luckymrwang

@wangchenglong01 wangchenglong01 mentioned this issue Jun 23, 2021
Closed
@luckymrwang luckymrwang mentioned this issue Jul 20, 2021
Merged
@luckymrwang luckymrwang mentioned this issue Jul 15, 2022
Merged
6 tasks
@luckymrwang luckymrwang mentioned this issue Apr 17, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@luckymrwang luckymrwang

Labels
kind/question kind/question
Projects
None yet
Milestone
No milestone
3 participants
@luckymrwang @qclc @rambohe-ch