Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6217

Reencrypt routes to implement mTLS on both frontend and backend haproxy

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • openshift-4.14, openshift-4.15, openshift-4.16
    • Network Edge
    • None
    • Proactive Architecture

      1. Proposed title of this feature request

      Reencrypt routes to implement mTLS on both frontend and backend haproxy.

       

      2. What is the nature and description of the request?

      Customer would like a method to implement a Reencrypt route where mTLS would occur between client and ingress controller, and then a second mTLS session would occur between ingress controller and backend pod.

       

      3. Why does the customer need this? (List the business requirements here)

      Customer is using path based routing, and all services make use of the same URI.  Customer would like mTLS from client through to the pod.  Initially they were using passthrough routes, but this cannot be used when they implement multiple services on the same URI, and switch to using path based routes to differentiate endpoints because SNI is specific to the URI only. 

      4. List any affected packages or components.

      openshift-ingress-operator

      openshift-ingress

      haproxy

              mcurry@redhat.com Marc Curry
              rhn-support-jocolema John Coleman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: