You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there any plans to support tls for the route registrared endpoints?
I attempted to configure the autoscaler api to route_registrar using tls_port and specifying the ca_cert, server_cert and server_key (see https://gist.github.com/cweibel/f222664f3c7aabddc5e95242285b3e3e for a stub of the ops file I was using). That failed with SSL Certificate Required errors.
On a hunch, I retrieved the user/pass for the eventgenerator health endpoints from credhub. I was able to
Upon digging into the commit that added support for defining the ca_cert, server_cert and server_key (#2303) it appears that support was added for mTLS but not TLS like the routing release is expecting.
Am I missing something? To me it looks like configuring the tls_port for the route_register jobs doesn't work in autoscaler and I've heard that the routing team is moving towards only allowing TLS (https) route_register configurations at some point in the future.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Is there any plans to support tls for the route registrared endpoints?
I attempted to configure the autoscaler api to route_registrar using
tls_port
and specifying theca_cert
,server_cert
andserver_key
(see https://gist.github.com/cweibel/f222664f3c7aabddc5e95242285b3e3e for a stub of the ops file I was using). That failed withSSL Certificate Required
errors.On a hunch, I retrieved the user/pass for the eventgenerator health endpoints from credhub. I was able to
And get a 200 back.
When I configured route_registrar for this health endpoint to use tls_port, ca_cert, server_cert and server_key with:
and deploy, this time when I curl:
I get back:
Upon digging into the commit that added support for defining the ca_cert, server_cert and server_key (#2303) it appears that support was added for mTLS but not TLS like the routing release is expecting.
Am I missing something? To me it looks like configuring the tls_port for the route_register jobs doesn't work in autoscaler and I've heard that the routing team is moving towards only allowing TLS (https) route_register configurations at some point in the future.
Beta Was this translation helpful? Give feedback.
All reactions