Uploaded image for project: 'Knative Serving'
  1. Knative Serving
  2. SRVKS-289

Enable TLS/HTTPS support for Knative Services

XMLWordPrintable

    • 8
    • Serverless Sprint 174, Serverless Sprint 182

      As a developer I want my endpoints to have TLS enabled by default. 

      We are aligning Knative Route template in OpenShift to match the OpenShift default of 

      {{.Name}}-{{.Namespace}}.{{.Domain}}

      instead of the Knative default of

       {{.Name}}.{{.Namespace}}.{{.Domain}}

      This enables OpenShift wildcard TLS certificates working out of the box (we get TLS support for all Knative Services in the cluster out of the box), working Katacoda (it can't handle multiple subdomains), and general consistency in the URL space for OpenShift applications. The caveat is we need to handle the possible routing conflicts.

      This will require changes in Kourier, serverless-operator for GA and we will be shipping a webhook to improve developer experience post-GA.

      No intervention is necessary from end users perspective, though there will be a breaking change when upgrading from 1.6.0 as all requests to the old host will be dropped. We will be tracking release note changes in SRVKS-525.

          1.
          		 Change domain template to Openshift's default template Sub-task Closed Blocker Kenjiro Nakayama (Inactive)
          2.
          		 Add an E2E test that sends a HTTPS request and verifies it works Sub-task Closed Blocker Markus Thömmes (Inactive)
          3.
          		 Add an E2E test that verifies conflict behavior Sub-task Closed Blocker Markus Thömmes (Inactive)

              rhn-support-knakayam Kenjiro Nakayama (Inactive)
              woliveir@redhat.com William Oliveira (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: