At the minute all Routes created by the Kogito Operator expose a HTTP endpoint. This Feature Request is to support the creation of TLS secured Routes/Ingress and enforce redirection of plain HTTP to the HTTPS endpoint.
For BAaaS, we will have the requirement of mutual TLS between the Kubernetes Routers and the Pod hosting the KogitoRuntime. Therefore we should be able to specify either `ReEncrypt` or `PassThrough` as the TLS mechanism. In either of these cases, it would be ideal for the KogitoRuntime to have the TLS certificates generated for us, so we don't have to do it ourselves. For Openshift based environments, we may wish to consider the
service.beta.openshift.io/serving-cert-secret-name annotation:
Unsure of the best approach here to bring support to non-Openshift environments.
Acceptance Criteria
- A KogitoRuntime can be configured with a TLS secured Route
- As a user, I can decide whether or not to support HTTP traffic in addition to HTTPS traffic. If I only support HTTPS traffic, all HTTP traffic is redirected to the HTTPS endpoint
- As a user, I can chose the TLS mechanism e.g edge, passthrough or reencrypt
- If I choose any mechanism that relies on the generation of a TLS certificate, that is automatically handled for me by the Kogito Operator
- is blocked by
-
KOGITO-1940 Use services instead routes to inner communication between Kogito services
-
- Resolved
-
-
KOGITO-4854 Research Spike: TLS
-
- Open
-
- is duplicated by
-
KOGITO-1596 Operator: TLS support for created routes
-
- Closed
-
