Enable Https using TLS

[appu-sm]

Why HTTPS support is not provided, from the pod logs i can see "TLS settings not fond, defaulting to http" but i couldn't find any option or document to enable HTTPS. Will this feature be included or not?

[szuecs]

I don't understand what you mean:

% bin/skipper -h 2>&1 | grep -i tls
  -client-tls-cert string
        TLS certificate files for backend connections, multiple keys may be given comma separated - the order must match the keys
  -client-tls-key string
        TLS Key file for backend connections, multiple keys may be given comma separated - the order must match the certs
        ignore the verification of TLS certificates for etcd
        flag indicating to ignore the verification of the TLS certificates of the backend services
  -tls-cert string
  -tls-key string
  -tls-timeout-backend duration
        sets the TLS handshake timeout for backend connections (default 1m0s)

You have to provide certificates and keys if you want to use TLS termination in skipper or if you want to connect with client certs to some backend.

[szuecs]

@appu-sm do you mean TLS from skipper to pods in kubernetes?

[arnisoph]

I think @appu-sm means the tls secret name set in the ingress resource. See my comment in #851 (comment)

[szuecs]

@arnisoph the spec.tls can be done if we can do in process cert/key rotation. secrets in a projected volume could be used to deliver the secrets as files to skipper process, but we need to update the https listener and right now we don't do this.