external-dns icon indicating copy to clipboard operation
external-dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Add TLS Support for Metrics Server

Open eanveden opened this issue 1 year ago • 5 comments

What would you like to be added: I would like to request the addition of TLS support for the metrics server in ExternalDNS. Currently, there is no mention of HTTPS support in the documentation, and upon reviewing the code, I did not find any indication of TLS support for the /metrics or /healthz route. See https://github.com/kubernetes-sigs/external-dns/blob/7f3c10d65297ec1c4bcc8dd6f88c189b7f3e80d0/main.go#L495

Why is this needed: We have strict compliance requirements that mandate all E2E communications to services should be done over HTTPS. This includes metrics endpoints.

eanveden avatar Dec 15 '23 20:12 eanveden

Hello, our organization has a strict TLS requirement. Can we please get this looked into?

MikeKlebolt avatar Jan 11 '24 19:01 MikeKlebolt

/assign

Peac36 avatar Jan 29 '24 17:01 Peac36

Could you explain me why you can't put a sidecar "in front" or external dns and use that to handle ssl termination? This is a widespread approach to such type of requirements and wouldn't require any modification to external dns.

Raffo avatar Feb 11 '24 16:02 Raffo

You are suggesting a workaround, is that going to be the accepted way of getting full TLS support for external DNS? Should we consider adding support for that sidecar in the helm chart?

eanveden avatar Feb 14 '24 14:02 eanveden

@eanveden I think the suggestion is to create whatever you need for this outside of this repository. Thanks for your understanding.

szuecs avatar Feb 23 '24 12:02 szuecs

@szuecs we will go with the sidecar approach, thx.

eanveden avatar Feb 29 '24 15:02 eanveden

Closing this

eanveden avatar Feb 29 '24 15:02 eanveden