tetragon icon indicating copy to clipboard operation
tetragon copied to clipboard
verified publisher icon cilium

Implement Authentication for the Tetragon gRPC endpoint similar to Hubble

Open ashishkurmi opened this issue 2 years ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

What happened?

I am currently working in a multi-tenant Kubernetes environment and want to ensure that only authorized Kubernetes workloads have access to the Tetragon GRPC endpoint. I am collecting Tetragon events from a different pod running on the same node. While deploying Tetragon, I expose the gRPC endpoint on the network by passing --set=tetragon.grpc.address=":54321". I have a daemonset that collects Tetragon events from the local Tetragon pod instance using the gRPC endpoint. Is there a way to enforce authentication/authorization at the network level? For example, Hubble supports TLS mutual authentication.

Tetragon Version

All versions

Kernel Version

All versions

Kubernetes Version

All versions

Bugtool

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

ashishkurmi avatar May 04 '23 05:05 ashishkurmi

Hi,

TLS support would definitely be a useful feature, but it is not currently supported.

kkourt avatar May 04 '23 06:05 kkourt