[Feature]: The communication between the operator and the instance manager should be encrypted #4441
Closed
2 tasks done
Comments
mnencia
added a commit
that referenced
this issue
May 6, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 13, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
armru
pushed a commit
that referenced
this issue
May 21, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 22, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 23, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
gbartolini
added
enhancement 🪄
mnencia
added a commit
that referenced
this issue
May 27, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 28, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
litaocdl
pushed a commit
that referenced
this issue
May 29, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 29, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 30, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
May 30, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
Jun 4, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
Jun 5, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
Jun 6, 2024
Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
mnencia
added a commit
that referenced
this issue
Jun 7, 2024
) This patch enhances security by enabling TLS communication between the operator and the instance manager. Key changes include: - Supporting TLS on the instance status port - Ensuring a graceful upgrade without losing communication with non-upgraded pods - Waiting to update the protocol until the instance pod is recreated for other reasons when online upgrades are enabled Closes #4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com> Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com> Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com> Co-authored-by: Jaime Silvela <jaime.silvela@enterprisedb.com>
dougkirkley
pushed a commit
to dougkirkley/cloudnative-pg
that referenced
this issue
Jun 11, 2024
…oudnative-pg#4442) This patch enhances security by enabling TLS communication between the operator and the instance manager. Key changes include: - Supporting TLS on the instance status port - Ensuring a graceful upgrade without losing communication with non-upgraded pods - Waiting to update the protocol until the instance pod is recreated for other reasons when online upgrades are enabled Closes cloudnative-pg#4441 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com> Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com> Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com> Co-authored-by: Jaime Silvela <jaime.silvela@enterprisedb.com> Signed-off-by: Douglass Kirkley <dkirkley@eitccorp.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue already for this feature request/idea?
What problem is this feature going to solve? Why should it be added?
Even if no sensitive data is sent in the status connection, using SSL/TLS in all HTTP connections is desirable.
Describe the solution you'd like
Both the end of the status connection are controlled by the CNPG code, so it should be possible to update an existing cluster without losing the connectivity. The status connection, however, is also used for the probes, so it will require recreating the pods to upgrade the protocol from HTTP to HTTPS.
Online upgrades of the instance manager will require particular attention to be supported. The new instance manager should continue to serve HTTP until the pod is recreated to avoid breaking the probes.
Describe alternatives you've considered
We could encrypt the connection using an external tool like Istio, but it would not be by default and would complicate the deployment.
Additional context
After implementing this feature, we should also consider adding TLS capabilities to the metrics exporter.
Backport?
No
Are you willing to actively contribute to this feature?
Yes
Code of Conduct
The text was updated successfully, but these errors were encountered: