[BUG] Operator is not Istio Servicemesh Bulletproof

Question

[BUG] Operator is not Istio Servicemesh Bulletproof

Closed this issue 4 months ago · 1 comments

Crazyigor1987 commented 4 months ago

I am trying to get an Opensearch cluster running in combination with the Istio Servicemesh. The Servicemesh takes over the encryption for me. While pure TCP stream (i.e. port 9300) can be double-encrypted and thus has no effect on the transport layer, I fail at http port 9200. The operator generates a security configupdate job at bootstrap, which necessarily requests https://opensearch.{namespace}:9200. I have no option here to either set it to http or to set an annotation for this job.

Answer 1 · 2024-05-16T07:44:22.000Z

Hi @Crazyigor1987. The securityconfig-update-job uses client certificates, so it always needs to connect with its own https/tls connection.
As I see you've already filed a specific issues for the annotations, I'm closing this issue. If you have specific issues/ideas to make the operator work (better) with istio, please feel free to file separate issues for them.