Implement end-to-end TLS encryption between OpenStack services
Registered by
Stanislaw Bogatkin
Currently we unwrap TLS on VIP and forward unencrypted traffic to service (sometimes to other node). Proposed to avoid this by switch load-balancer on VIP for OpenStack services to TCP mode and spawn one more TLS unwrapper as close to node as possible (besides service itself). It will lead us to unwrapping TLS on node with service itself, so end-to-end encryption will be achieved.
Blueprint information
- Status:
- Not started
- Approver:
- Vladimir Kuklin
- Priority:
- Undefined
- Drafter:
- Stanislaw Bogatkin
- Direction:
- Needs approval
- Assignee:
- Stanislaw Bogatkin
- Definition:
- New
- Series goal:
- Accepted for mitaka
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
End to end encryption for OpenStack endpoints
(?)