Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: FLP
Labels:
None

Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
service-deployment-model
Story Points:
None

Target Version:
None
Release Blocker:
None
Sprint:
NetObserv - Sprint 280

Set up TLS between agent and FLP

Note that mTLS cannot be configured through the openshift service annotations (Service CA operator https://github.com/openshift/service-ca-operator ), we we rely on at the moment.

To implement mTLS, an option would be to create our own signer & trust bubble, but that's out of scope for now (FTR: that's something https://github.com/openshift/library-go can help with, for instance etcd is doing something similar: https://github.com/openshift/cluster-etcd-operator/blob/3f2f972c990b132cd397034f2b17f55b913d7e48/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go )

links to

netobserv/flowlogs-pipeline#1146: NETOBSERV-2503: allow TLS/mTLS in grpc ingestor

netobserv/netobserv-ebpf-agent#843: NETOBSERV-2503: allow TLS/mTLS in grpc exporter

netobserv/network-observability-operator#2204: NETOBSERV-2503: use TLS by default in Service mode

Assignee:: Joel Takvorian

Reporter:: Joel Takvorian

Need Info From:: None

Contributors:: None

QA Contact:: Kapil Jain

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/11/25 2:13 PM

Updated:: 2025/12/01 1:44 PM