From d2e7a37eb4040be1c8e67640958dadc892197384 Mon Sep 17 00:00:00 2001 From: Sanskar Jaiswal Date: Thu, 8 Sep 2022 09:54:52 +0530 Subject: [PATCH] add user stories and alternatives for insecure HTTP RFC Signed-off-by: Sanskar Jaiswal --- rfcs/0004-insecure-http/README.md | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/rfcs/0004-insecure-http/README.md b/rfcs/0004-insecure-http/README.md index 73bc2058..5f463ab4 100644 --- a/rfcs/0004-insecure-http/README.md +++ b/rfcs/0004-insecure-http/README.md @@ -89,3 +89,50 @@ Similarly, an object can have `.spec.insecure` as `true` only if the Saas/Cloud For example, using a `Bucket` with its `.spec.provider` set to `azure` would be invalid since Azure doesn't allow HTTP connections. + +### User Stories + +#### Story 1 +> As a cluster admin of a multi-tenant cluster, I want to ensure all controllers access endpoints using only HTTPS +> regardless of tenants' object definitions. + +Apply a `kustomize` patch which prevents the use of HTTP connections: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - gotk-components.yaml + - gotk-sync.yaml +patches: + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --allow-insecure-http=false + target: + kind: Deployment + name: "(kustomize-controller|helm-controller|source-controller|notification-controller)" +``` + +#### Story 2 +> As an application developer, I'm trying to debug a new image pushed to my local registry which +> is not served over HTTPS. + +Modify the object spec to use HTTP connections explicitly: +```yaml +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImageRepository +metadata: + name: podinfo + namespace: flux-system +spec: + image: kind-registry:5000/stefanprodan/podinfo + interval: 1m0s + insecure: true +``` + +### Alternatives +Instead of adding a flag, we can instruct users to make use of Kyverno policies to enforce that +all objects have `.spec.insecure` as `false` and any URLs present in the definition don't have `http` +as the scheme. This is less attractive, as this would ask users to install another software and prevent +Flux multi-tenancy from being standalone.