You are viewing a plain text version of this content. The canonical link for it is here.
Posted to custos@airavata.apache.org by Goutham Gopal <go...@gmail.com> on 2020/04/10 07:13:43 UTC
Regarding TLS authentication in Custos
Hi,
I was going through the custos implementation, especially the custos way of
implementing service mesh. I went through the yaml files used for deploying
the envoy sidecar setup for each service, but could not understand whether
each of the requests going from service to service and such have mTLS
authentication being done.
It would be helpful if anyone could point me in the direction to know
whether these are implemented or not, and if they are, how is it being
managed if not present inside the envoy yaml files.
Thanks and regards,
Goutham
Re: Regarding TLS authentication in Custos
Posted by Goutham Gopal <go...@gmail.com>.
Hi Isuru,
Thanks for pointing that out. I will check these out and contact you if
I have any more questions regarding the implementation.
Regards,
Goutham
On Fri, Apr 10, 2020 at 8:34 AM Isuru Ranawaka <ir...@gmail.com> wrote:
> Hi Goutham,
>
> External traffic into the Custos K8 cluster is SSL/TLS encrypted. But, K8
> Ingress controller terminates the external SSL traffic. You can see
> K8 secret is been used [1]. Afterward, Linkered
> Service Mesh[2] initiates SSL traffic in between services within the
> Cluster.
>
> [1]
>
> https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/ingress.yaml
> [2]
>
> https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/deployment.yam
> <
> https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/deployment.yaml
> >
>
> thanks
> Isuru
>
> On Fri, Apr 10, 2020 at 3:14 AM Goutham Gopal <go...@gmail.com>
> wrote:
>
> > Hi,
> >
> > I was going through the custos implementation, especially the custos way
> of
> > implementing service mesh. I went through the yaml files used for
> deploying
> > the envoy sidecar setup for each service, but could not understand
> whether
> > each of the requests going from service to service and such have mTLS
> > authentication being done.
> >
> > It would be helpful if anyone could point me in the direction to know
> > whether these are implemented or not, and if they are, how is it being
> > managed if not present inside the envoy yaml files.
> >
> >
> > Thanks and regards,
> > Goutham
> >
>
>
> --
> Research Software Engineer
> Indiana University, IN
>
Re: Regarding TLS authentication in Custos
Posted by Isuru Ranawaka <ir...@gmail.com>.
Hi Goutham,
External traffic into the Custos K8 cluster is SSL/TLS encrypted. But, K8
Ingress controller terminates the external SSL traffic. You can see
K8 secret is been used [1]. Afterward, Linkered
Service Mesh[2] initiates SSL traffic in between services within the
Cluster.
[1]
https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/ingress.yaml
[2]
https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/deployment.yam
<https://github.com/apache/airavata-custos/blob/develop/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/helm/templates/deployment.yaml>
thanks
Isuru
On Fri, Apr 10, 2020 at 3:14 AM Goutham Gopal <go...@gmail.com>
wrote:
> Hi,
>
> I was going through the custos implementation, especially the custos way of
> implementing service mesh. I went through the yaml files used for deploying
> the envoy sidecar setup for each service, but could not understand whether
> each of the requests going from service to service and such have mTLS
> authentication being done.
>
> It would be helpful if anyone could point me in the direction to know
> whether these are implemented or not, and if they are, how is it being
> managed if not present inside the envoy yaml files.
>
>
> Thanks and regards,
> Goutham
>
--
Research Software Engineer
Indiana University, IN