Disabling TLS

Question

Disabling TLS

FabioAntunes opened this issue 4 years ago · 5 comments

Hey folks, is there a way to disable tls on the pod level?
I want my aws load balancer to be responsible for the tls, terminating the tls and inside the cluster I just want to use http.

Answer 1 · 2020-08-03T17:44:14.000Z

Hi @FabioAntunes, disabling secure serving is not an option. You will need to either enable TCP pass through on your load balancer, or instead allow TLS communication from the LB -> Proxy.

Answer 2 · 2020-08-03T18:11:44.000Z

Thanks for the quick response, if disabling TLS is not an option is there a way to make this work with traefik?

I'm getting the following:

http: TLS handshake error from 10.50.58.251:49444: remote error: tls: bad certificate

That IP address is from one of my traefik pods. Any clues?

Thanks in advance

Answer 3 · 2020-08-12T15:39:41.000Z

Sorry for the slow reply!

You'll need to add the serving CA that kube-oidc-proxy is using, as a trusted CA to traefik.

Answer 4 · 2021-09-12T12:34:41.000Z

Hey @JoshVanL can I get a clarification.

You mentioned that disabling tls is not an option. Did you mean it is currently supported by the project, because the flags/options haven't been implemented or is it because there is an underlying technical reason the api can't be exposed through pure http (other than security of course) for an external proxy to handle tls like @FabioAntunes mentions. I think that case is a pretty typical scenario

Answer 5 · 2021-09-24T02:45:21.000Z

+1 for this option
it would be nice to use it with https ingress and terminate ssl on upper level