You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.
Describe the solution you'd like
This property would be exposed and configurable to operators. This could either be through CCNG values or some kind of top-level/global configured property in the larger cf-for-k8s context, ie #@ data.values.ssl.skip_cert_verify
Can we just hardcode this to "false" for safety? All of our internal, previously mTLS'd communications should now be over envoy-mediated-and-encypted plaintext.
Is your feature request related to a problem? Please describe.
We noticed that currently, the
skip_cert_verify
property is hardcoded to true. See https://github.com/cloudfoundry/cf-for-k8s/blob/eb0e1b1e39900870d54dc3f1d47cf08049cf64fc/config/capi/_ytt_lib/capi-k8s-release/templates/ccng-config.lib.yml#L287. Our component would like to consume this property to toggle ssl validation.Describe the solution you'd like
This property would be exposed and configurable to operators. This could either be through CCNG values or some kind of top-level/global configured property in the larger cf-for-k8s context, ie
#@ data.values.ssl.skip_cert_verify
Thanks,
@belinda-liu && @weymanf
The text was updated successfully, but these errors were encountered: