Skip to content

RFC - Consolidate use of insecure endpoints across controllers #3076

New issue
New issue
Closed
#3081
Closed
RFC - Consolidate use of insecure endpoints across controllers#3076
#3081
Assignees
aryan9600
Labels
area/rfcFeature request proposals in the RFC format
Milestone
Security
@pjbgf

Description

@pjbgf
pjbgf
opened on Sep 6, 2022

Across Flux controllers the use of non-TLS based connections is not consistent.

Controllers that deals only with http and https schemes have no way to block use of the http scheme at controller-level.
Some Flux objects provide an .Spec.Insecure field to enable the use of non-TLS based endpoints, but they don't clearly notify users when the option is not supported (e.g. Azure/GCP Buckets).

A new RFC should be created to establish:

  • Controller-level ways to block the use of HTTP endpoints. When enabled, the flag would not allow the use of the non-TLS based connections across all controller-level objects.
  • Consistent way to support insecure endpoints and to notify when they are not supported (or it has been blocked at controller level).
  • Naming conventions covering flags and object fields.

Related Implementations:

Metadata

Metadata

Assignees

Labels

area/rfcFeature request proposals in the RFC format

Type

No type

Projects

Maintainers' Focus

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions