Jobs ignore DisableHTTP option #285
Assignees
Comments
|
Also, one should keep in mind that working with HTTPS also requires the appropriate CA certs to be passed to the Job pod. |
koct9i
added a commit
to koct9i/ytsaurus-k8s-operator
that referenced
this issue
Jun 19, 2024
koct9i
added a commit
to koct9i/ytsaurus-k8s-operator
that referenced
this issue
Oct 17, 2024
This options enforces internal clients to use secure connections and validates that related servers are ready to handle TLS. Also it forces TLS-only mode for native bus transport and HTTPS-only for default role of HTTP proxies. I.e. if it is enabled - only non-default HTTP proxies and any RPC proxies could be not strictly TLS-only. Issue: ytsaurus#285
koct9i
added a commit
to koct9i/ytsaurus-k8s-operator
that referenced
this issue
Oct 18, 2024
This options enforces internal clients to use secure connections and validates that related servers are ready to handle TLS. Also it forces TLS-only mode for native bus transport and HTTPS-only for default role of HTTP proxies. I.e. if it is enabled - only non-default HTTP proxies and any RPC proxies could be not strictly TLS-only. Issue: ytsaurus#285
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I want all traffic within cluster to be encrypted. And I want to forbid non-TLS on http-proxies.
Fortunately, there is the needed option:
As I see, cluster works fine with this option. The problem is with the operator Jobs: they ignore this option and try to connect to a closed 80 port.
At the first glance, I didn't find a decent quick solution. I assume that the operator should have some shared logic for yt client creation. At the moment, each component has its own which makes it difficult to fix in a single place.
The text was updated successfully, but these errors were encountered: