Skip to content

add ssl termination to log-api #724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 7, 2019
Merged

add ssl termination to log-api #724

merged 1 commit into from
Mar 7, 2019

Conversation

@MasslessParticle
Copy link
Contributor

@MasslessParticle MasslessParticle commented Feb 26, 2019

[#164176942]

Is this a PR to the develop branch of cf-deployment?

Only PR's to develop are accepted.

The RLP Gateway and the Loggregator Trafficcontroller now do ssl termination and register a secure route with the route_registrar

Describe the change.

This change is made to increase security by making sure all endpoints are secured

Understanding why this change is being made is fantastically helpful. Please do tell...

A security review of loggregator surfaced that the external-facing endpoints from RLP Gateway and Trafficcontroller weren't secured.

Include any links to other PRs, stories, slack discussions, etc... that will help establish context.

Has a cf-deployment including this change passed our cf-acceptance-tests?

  • YES
  • NO

How should this change be described in cf-deployment release notes?

Something brief that conveys the change and is written with the Operator audience in mind.
See previous release notes for examples.

Does this PR introduce a breaking change?

This PR will break loggregator until Loggregator Release 105.1 is available and merged into cf-d

Will this change increase the VM footprint of cf-deployment?

  • YES --- does it really have to?
  • NO

Does this PR make a change to an experimental or GA'd feature/component?

  • experimental feature/component
  • GA'd feature/component

What is the level of urgency for publishing this change?

  • Urgent - unblocks current or future work
  • Slightly Less than Urgent

Tag your pair, your PM, and/or team!

It's helpful to tag a few other folks on your team or your team alias in case we need to follow up later.

@jtuchscherer

@cfdreddbot
Copy link

cfdreddbot commented Feb 26, 2019

✅ Hey MasslessParticle! The commit authors and yourself have already signed the CLA.

@cf-gitbot
Copy link

cf-gitbot commented Feb 26, 2019

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/164255227

The labels on this github issue will be updated when the story is started.

@cdutra
Copy link
Contributor

cdutra commented Mar 5, 2019

Hi @MasslessParticle, thanks for the PR!
Do these changes introduce loggregator downtime on an upgrade deployment from 105.0 to 105.1?

@MasslessParticle
Copy link
Contributor Author

MasslessParticle commented Mar 5, 2019
edited
Loading

By default, the routers roll before the log-apis so the log-apis won't advertise/expect the new route until they're ready for it. There shouldn't be downtime.

@cdutra

@cdutra cdutra merged commit 5bbf31d into develop Mar 7, 2019
@davewalter davewalter deleted the add-ssl-to-log-api branch March 25, 2019 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

accepted

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MasslessParticle @cfdreddbot @cf-gitbot @cdutra