kube-oidc-proxy icon indicating copy to clipboard operation
kube-oidc-proxy copied to clipboard

Published 20 hours ago verified publisher icon jetstack

Disabling TLS

Open FabioAntunes opened this issue 4 years ago • 5 comments

Hey folks, is there a way to disable tls on the pod level? I want my aws load balancer to be responsible for the tls, terminating the tls and inside the cluster I just want to use http.

FabioAntunes avatar Aug 03 '20 17:08 FabioAntunes

Hi @FabioAntunes, disabling secure serving is not an option. You will need to either enable TCP pass through on your load balancer, or instead allow TLS communication from the LB -> Proxy.

JoshVanL avatar Aug 03 '20 17:08 JoshVanL

Thanks for the quick response, if disabling TLS is not an option is there a way to make this work with traefik?

I'm getting the following:

http: TLS handshake error from 10.50.58.251:49444: remote error: tls: bad certificate

That IP address is from one of my traefik pods. Any clues?

Thanks in advance

FabioAntunes avatar Aug 03 '20 18:08 FabioAntunes

Sorry for the slow reply!

You'll need to add the serving CA that kube-oidc-proxy is using, as a trusted CA to traefik.

JoshVanL avatar Aug 12 '20 15:08 JoshVanL

Hey @JoshVanL can I get a clarification.

You mentioned that disabling tls is not an option. Did you mean it is currently supported by the project, because the flags/options haven't been implemented or is it because there is an underlying technical reason the api can't be exposed through pure http (other than security of course) for an external proxy to handle tls like @FabioAntunes mentions. I think that case is a pretty typical scenario

tete17 avatar Sep 12 '21 12:09 tete17

+1 for this option it would be nice to use it with https ingress and terminate ssl on upper level

artazar avatar Sep 24 '21 02:09 artazar