design: Add Secure Communication design doc #1186
Conversation
Updates projectcontour#881 Updates projectcontour#862 Signed-off-by: Nick Young <ynick@vmware.com>
youngnick
added
kind/design
design/secure-communication.md
Outdated
|
|
||
| ## Security Considerations | ||
|
|
||
| In the current design, these certs require the rolling of the deployment to change, they should be long-lived certs (days, weeks, or months), not short-lived (minutes or hours). The CA Keypair should be very long-lived and very tightly controlled, as Contour/Envoy connection security is only as secure as the CA keypair. |
There was a problem hiding this comment.
s/these certs require the rolling of the deployment to change/the process must be restarted to pick a change to these certs/
|
|
||
| This applies both to Contour and Envoy. | ||
|
|
||
| To accomplish this, we will add the following new command line options: |
There was a problem hiding this comment.
Might be nice to also plan about configuring these in the configuration file (#1130)
There was a problem hiding this comment.
Good catch. I think a note about which flags might move the config file is worth noting.
IMO not all of these flags will move to the config file, at the moment I'm only expecting that will be for things we pass to contour serve. Some of those flags go to contour bootstrap and will probably stay there as I'm not super keen in co-mingling contour bootstrap configuration cli/flags with contour serves because the former is just an optional helper.
There was a problem hiding this comment.
I did have a think about this, but figured that we'll just add them to the list of things that go in there when it gets started.
Signed-off-by: Nick Young <ynick@vmware.com>
Signed-off-by: Nick Young <ynick@vmware.com>
Signed-off-by: Nick Young <ynick@vmware.com>
Updates #881
Updates #862
Signed-off-by: Nick Young ynick@vmware.com