Skip to content

[FEATURE] Secure connections to Redfish APIs end-to-end #47

New issue
New issue
Open
Open
[FEATURE] Secure connections to Redfish APIs end-to-end#47
Labels
area/redfishFront-end protocol related and it's Redfishcomponent/agentRelevant to the virtualized BMCskind/featureNew feature proposed/asked
Milestone
 
Phase 3 - Support Redfish
@starbops

Description

@starbops
starbops
opened on Dec 22, 2024

Is your feature request related to a problem? Please describe.

Some might not want to add an ingress controller to their K8s cluster. They can manually have kube-vip deployed and modify each of the virtbmc Cluster-type Services they want to expose externally to become the LoadBalancer-type, much like #3 described. Nevertheless, the connection will be plain text (regarding Redfish). As a result, we need to take care of these people and enable KubeVirtBMC's agent to handle HTTPS connections directly. That is to say, users can expose Redfish APIs through LoadBalancer-type Services externally without needing an ingress controller, and the connections are fully encrypted, end to end.

Describe the solution you'd like

The Redfish emulator should be able to handle HTTPS connections natively, which implies managing its key and certificate.

Describe alternatives you've considered

Access the APIs through an ingress controller, much like we do currently.

Additional context

This is also one of the remaining items from #2.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/redfishFront-end protocol related and it's Redfishcomponent/agentRelevant to the virtualized BMCskind/featureNew feature proposed/asked

    Projects

    KubeVirtBMC project

    Status

    Backlog

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions