Today the use of non-TLS based connections is inconsistent across Flux controllers.
Today the use of non-TLS based connections is inconsistent across Flux controllers.
Controllers that deal only with `http` and `https` schemes have no way to block use of the `http` scheme at controller-level.
Controllers that deal only with `http` and `https` schemes have no way to block use of the `http` scheme at controller-level.
Some Flux objects provide a `.spec.insecure` field to enable the use of non-TLS based endpoints, but they don't clearly notify users when the option is not supported (e.g. Azure/GCP Buckets).
Some Flux objects provide a `.spec.insecure` field to enable the use of non-TLS based endpoints, but they don't clearly notify
users when the option is not supported (e.g. Azure/GCP Buckets).
### Goals
### Goals
* Provide a flag across relevant Flux controllers which disables all outgoing HTTP connections.
* Provide a flag across relevant Flux controllers which disables all outgoing HTTP connections.
@ -26,26 +27,18 @@ Some Flux objects provide a `.spec.insecure` field to enable the use of non-TLS
### Non-Goals
### Non-Goals
* Break Flux's current behavior of allowing HTTP connections.
* Break Flux's current behavior of allowing HTTP connections.
* Change in behavior of communication between Flux components.
## Proposal
## Proposal
### Controllers
### Controllers
Flux users should be able to enforce that controllers are using HTTPS connections only.
Flux users should be able to enforce that controllers are using HTTPS connections only.
This shall be enabled by adding a new boolean flag `--allow-insecure-http` to the following controllers:
This shall be enabled by adding a new boolean flag `--insecure-allow-http` to the following controllers:
* source-controller
* source-controller
* notification-controller
* notification-controller
* image-automation-controller
* image-automation-controller
* image-reflector-controller
* image-reflector-controller
> Note: The flag shall not be added to the following controllers:
> * kustomize-controller: This flag is excluded from this controller, as the upstream `kubenetes-sigs/kustomize` project
> does not support disabling HTTP connections while fetching resources from remote bases. We can revisit this if the
> upstream project adds support for this at a later point in time.
> * helm-controller: This flag does not serve a purpose in this controller, as the controller does not make any HTTP calls.
> Furthermore although both controllers can also do remote applies, serving `kube-apiserver` over plain
> HTTP is disabled by default. While technically this can be enabled, the option for this configuration was also disabled
> quite a while back (ref: https://github.com/kubernetes/kubernetes/pull/65830/).
The default value of this flag shall be `true`. This would ensure that there is no breaking change with controllers
The default value of this flag shall be `true`. This would ensure that there is no breaking change with controllers
still being able to access non-TLS endpoints. To disable this behavior and enforce the use of HTTPS connections, users would
still being able to access non-TLS endpoints. To disable this behavior and enforce the use of HTTPS connections, users would
have to explicitly pass the flag to the controller:
have to explicitly pass the flag to the controller:
Sanskar Jaiswal
2 years ago