Fix TLS support in private API server (!822) · Merge requests · GitLab.org / cluster-integration / GitLab Agent for Kubernetes

Mikhail Mazurskiy requested to merge ash2k/tls-private-api into master Dec 28, 2022

Instead of reusing private API server with the in-memory listener, this MR uses a new gRPC server.

I tried to use the existing server to optimize resource usage. Unfortunately, it doesn't work because if kas is configured with TLS for private API server, then in-memory client is still talking to the server over a cleartext connection. We can either encrypt the traffic (i.e. reconfigure the client in-memory connection) or use a separate server and always use cleartext traffic. This MR takes the second approach to avoid paying the encryption/decryption cost.

Fix TLS support in private API server

Merge request reports