Implement end-to-end TLS encryption between OpenStack services

Registered by Stanislaw Bogatkin on 2016-01-29

Currently we unwrap TLS on VIP and forward unencrypted traffic to service (sometimes to other node). Proposed to avoid this by switch load-balancer on VIP for OpenStack services to TCP mode and spawn one more TLS unwrapper as close to node as possible (besides service itself). It will lead us to unwrapping TLS on node with service itself, so end-to-end encryption will be achieved.

Blueprint information

Status:
Not started
Approver:
Vladimir Kuklin
Priority:
Undefined
Drafter:
Stanislaw Bogatkin
Direction:
Needs approval
Assignee:
Stanislaw Bogatkin
Definition:
New
Series goal:
Accepted for mitaka
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/end-to-end-ssl,n,z

Addressed by: https://review.openstack.org/274095
    End to end encryption for OpenStack endpoints

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.