Add ssl to kolla
Kolla is lacking in the ssl department. This blueprint will serve to achieve the following:
Allow ssl cert for external services via haproxy to be provided (optionally generate this cert)
create and use a ca cert for internal ssl communication
Ideally the default deploy should be to use ssl everywhere. This will not affect external communication because that can still happen unencrypted if the user so chooses, its just the internal communication
Blueprint information
- Status:
- Complete
- Approver:
- Sam Yaple
- Priority:
- Essential
- Drafter:
- Sam Yaple
- Direction:
- Approved
- Assignee:
- Dave McCowan
- Definition:
- Approved
- Series goal:
- Accepted for mitaka
- Implementation:
-
Implemented
- Milestone target:
-
mitaka-3
- Started by
- Steven Dake
- Completed by
- Steven Dake
Related branches
Related bugs
Sprints
Whiteboard
Sam,
It would rock if you can fit this into Mitaka. --sdake
Could you fill out the work items please. --sdake
I think it is better to allow use existing certificates, or generate certificates from a existing CA certificates, instead of self-sign.
Gerrit topic: https:/
Addressed by: https:/
Use variables to specify http or https when constructing URLs
Addressed by: https:/
Change kolla_internal_
Gerrit topic: https:/
Addressed by: https:/
Add Ansible scripts to generate TLS certificates for testing
Gerrit topic: https:/
Addressed by: https:/
Add documentation for two-VIP and TLS blueprints
