Spike - investigate SSL termination in the sidecar
Description
Environment
None
Potential Workaround
None
defines
is continued by
is defined by
Checklist
hideTestRail: Results
Activity
Show:
Taras SpashchenkoFebruary 19, 2024 at 12:54 PM
Done
Details
Assignee
Taras SpashchenkoTaras SpashchenkoReporter
Craig McNallyCraig McNallyPriority
P2Story Points
0Sprint
NoneDevelopment Team
EurekaTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Taras SpashchenkoReporter
Craig McNallyPriority
P2Story Points
0
Sprint
None
Development Team
Eureka
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created January 23, 2024 at 10:53 PM
Updated March 8, 2024 at 10:48 PM
Resolved March 8, 2024 at 10:48 PM
Overview
One requirement for FedRAMP compliance is end-to-end encryption using FIPS 140-2 compliant cryptography algorithms/etc. The FIPS 140-2 compliant bouncy castle library has already been incorporated into the sidecars, but we now need to allow for optional SSL termination at the sidecar for ingress requests.
Scope
Investigate how to setup SSL termination in the sidecar (quarkus)
Configuration
System operator/automation/hosting concerns (e.g. certificate management, etc.)
Document potential pitfalls, e.g. potentially related to use of cloud-generated hostnames not aligning with the certificate's domain, etc.
Acceptance Criteria
Spike findings are documented on the wiki and presented to the team/SAs.
Pros/Cons and relative effort and complexity are identified for each option/approach
After discussion with the team/SAs, the preferred approach is identified and a decision is logged on the wiki