Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS for the containerd and registry cache communication #203

Open
1 of 2 tasks
ialidzhikov opened this issue Jun 3, 2024 · 2 comments
Open
1 of 2 tasks

TLS for the containerd and registry cache communication #203

ialidzhikov opened this issue Jun 3, 2024 · 2 comments
Assignees
Labels
area/ipcei IPCEI (Important Project of Common European Interest) area/security Security related ipcei/registry-cache-extension Registry Cache Extension kind/enhancement Enhancement, improvement, extension

Comments

@ialidzhikov
Copy link
Member

ialidzhikov commented Jun 3, 2024

How to categorize this issue?

/area security
/kind enhancement

What would you like to be added:
Right now the deployed registry caches server requests over plain http. We could potentially use https to prevent any Man-in-the-middle attacks.

The registry does not reload the certificates when they are changed on the file system: distribution/distribution#3712

Why is this needed:
See above.

Tasks:

@gardener-prow gardener-prow bot added area/security Security related kind/enhancement Enhancement, improvement, extension labels Jun 3, 2024
@JordanJordanov JordanJordanov added the area/ipcei IPCEI (Important Project of Common European Interest) label Sep 10, 2024
@JordanJordanov JordanJordanov changed the title Research TLS for the containerd and registry cache communication TLS for the containerd and registry cache communication Sep 11, 2024
@ialidzhikov ialidzhikov added the ipcei/registry-cache-extension Registry Cache Extension label Sep 18, 2024
@ialidzhikov
Copy link
Member Author

/reopen
for the e2e test

Copy link
Contributor

gardener-prow bot commented Dec 13, 2024

@ialidzhikov: Reopened this issue.

In response to this:

/reopen
for the e2e test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-prow gardener-prow bot reopened this Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ipcei IPCEI (Important Project of Common European Interest) area/security Security related ipcei/registry-cache-extension Registry Cache Extension kind/enhancement Enhancement, improvement, extension
Projects
None yet
Development

No branches or pull requests

3 participants