Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add comment and validation about current unsupported configuration #848

Closed
nak3 opened this issue Aug 28, 2023 · 3 comments
Closed

Add comment and validation about current unsupported configuration #848

nak3 opened this issue Aug 28, 2023 · 3 comments

Comments

@nak3
Copy link
Contributor

nak3 commented Aug 28, 2023

dataplane-trust and controlplane-trust have many options but most of them are not supported. (And IIUC it will not supported in the near feature.)

networking/config/config-network.yaml

Lines 183 to 206 in 964322c

# dataplane-trust indicates the level of trust established in the knative data-plane.
# dataplane-trust = "disabled" (the default) - uses no encryption for internal data plane traffic
# Using any other value ensures that the following traffic is encrypted using TLS:
# - ingress to activator
# - ingress to queue-proxy
# - activator to queue-proxy
#
# dataplane-trust = "minimal" ensures data messages are encrypted, Kingress authenticate that the receiver is a Ksvc
# dataplane-trust = "enabled" same as "minimal" and in addition, Kingress authenticate that Ksvc is at the correct namespace
# dataplane-trust = "mutual" same as "enabled" and in addition, Ksvc authenticate that the messages come from the Kingress
# dataplane-trust = "identity" same as "mutual" with Kingress adding a trusted sender identity to the message
#
# NOTE: This flag is in an alpha state and is mostly here to enable internal testing for now. Use with caution.
dataplane-trust: "disabled"
# controlplane-trust indicates the level of trust established in the knative control-plane.
# controlplane-trust = "disabled" (the default) - uses no encryption for internal control plane traffic
# Using any other value ensures that control traffic is encrypted using TLS.
#
# controlplane-trust = "enabled" ensures control messages are encrypted using TLS (client authenticate the server)
# controlplane-trust = "mutual" ensures control messages are encrypted using mTLS (client and server authenticate each other)
#
# NOTE: This flag is in an alpha state and is mostly here to enable internal testing for now. Use with caution.
controlplane-trust: "disabled"

The comment and validation should be added to avoid confusion.
@nak3
Copy link
Contributor Author

nak3 commented Aug 28, 2023

ref knative/serving#13968

@ReToCode
Copy link
Member

I think this will be resolved with knative/serving#14368, right? The idea is, that we'll only add options if we are really supporting them.

@nak3
Copy link
Contributor Author

nak3 commented Sep 21, 2023

Yes, that's right. Closing as knative/serving#14368 can be tracked.

@nak3 nak3 closed this as completed Sep 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nak3 @ReToCode