opensergo
Add optional config for TLS support
Issue Description
Type: feature request
Describe what feature you want
Add optional config for supporting TLS which user can enable the TLS transport
@123liuziming has assigned to you, and looking forward to your contribution 😃
How can users configure the TLS certificate? There are a number of ways to do this, for example:
- Use K8s secret
- Just injecting the certificate into the environment variable of OpenSergo control plane
- Like what Istio does, OpenSergo manage the certificate itself. For example we can send a CSR to K8s and generate the key pair for the TLS connection of OpenSergo, or we can use the CA that users provide. In this way, user do not need to configure the certificate explicitly
How can users configure the TLS certificate? There are a number of ways to do this, for example:
- Use K8s secret
- Just injecting the certificate into the environment variable of OpenSergo control plane
- Like what Istio does, OpenSergo manage the certificate itself. For example we can send a CSR to K8s and generate the key pair for the TLS connection of OpenSergo, or we can use the CA that users provide. In this way, user do not need to configure the certificate explicitly
@123liuziming First, I prefer to plan 3 which means we provide a mechanism to manage the certificate. But now, for convenient we can only implement this by plan 2,through System-Env,Config-Params, or File-Volume(like k8s ConfigMap...).
And then,we can improve it by generate OpenSergo key pairs and inject into plan 2
@sczyh30 What do you think about?
We can try plan 2 first, later we may integrate the project into Istio, at that time we can reuse plan 3!
Go CI seems timeout?
Go CI seems timeout?
I have re-run the CI, but it looks was blocked. So can you force-push it again