Bug 1169977

Summary: [RFE] Support an option for Gear to GEAR communication to happen over SSL.
Product: OpenShift Container Platform Reporter: Eric Rich <erich>
Component: RFEAssignee: Mike Barrett <mbarrett>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1.0CC: bleanhar, erich, jofernan, jokerman, jolamb, kevensen, lmeyer, mepley, mmccomas, nicholas_schuetz, philfest
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1092005 Environment:
Last Closed: 2016-01-28 15:13:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1092005    
Bug Blocks:    

Description Eric Rich 2014-12-02 21:51:21 UTC 
+++ This bug was initially created as a clone of Bug #1092005 +++

The request here if for Gear to Gear communication to happen over SSL or some secured mechanism. 

Example: 

     +--https----------------------------------+                            
      |                                         |                            
      |                                         |                            
+Client+                            +Node------------+                       
|      |                            |httpd proxy|    |                       
|      |                            +----------------+                       
|      |                            |           v http[s] << If possible https                      
+------+                            |       +HAProxy++                       
                                    |       |       ||                       
                                    |       +--------|                       
                                    +-------+--------+                       
                                             ||                              
                                             ||                              
                                             ||                              
                                             ||                              
                                             ||                              
         +Node------------+                  ||            +Node------------+
         |                |                  ||            |                |
         +----------------+                  ||            +----------------+
         |                |                  ||            |                |
         |       +Gear---++                  ||            |       +Gear---++
         |       |       <-------------https-++-https-------------->       ||
         |       +--------|                                |       +--------|
         +-------+--------+                                +-------+--------+

In short the request here is for HAProxy to have an option (secure_routing) that allows for it to directly contact a gear hosting an SSL endpoint.
Comment 4 Dan McPherson 2016-01-28 15:13:54 UTC 
Closing as wontfix for v2.  Edge termination is now an option in v3:

https://docs.openshift.org/latest/dev_guide/routes.html