Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.

Allow skip_cert_verify to be configurable so operators can decide if they want to skip ssl validation #58

Closed
belinda-liu opened this issue Jul 23, 2020 · 3 comments

Comments

@belinda-liu
Copy link

belinda-liu commented Jul 23, 2020

Is your feature request related to a problem? Please describe.
We noticed that currently, the skip_cert_verify property is hardcoded to true. See https://github.com/cloudfoundry/cf-for-k8s/blob/eb0e1b1e39900870d54dc3f1d47cf08049cf64fc/config/capi/_ytt_lib/capi-k8s-release/templates/ccng-config.lib.yml#L287. Our component would like to consume this property to toggle ssl validation.

Describe the solution you'd like
This property would be exposed and configurable to operators. This could either be through CCNG values or some kind of top-level/global configured property in the larger cf-for-k8s context, ie #@ data.values.ssl.skip_cert_verify

Thanks,
@belinda-liu && @weymanf

@cf-gitbot
Copy link
Collaborator

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/173974998

The labels on this github issue will be updated when the story is started.

@cwlbraa
Copy link
Contributor

cwlbraa commented Jul 24, 2020

Can we just hardcode this to "false" for safety? All of our internal, previously mTLS'd communications should now be over envoy-mediated-and-encypted plaintext.

@cwlbraa
Copy link
Contributor

cwlbraa commented Sep 25, 2020

hardcoded this to false.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants