Skip to content

[batch] Add internal ssl certs to worker server #14581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

[batch] Add internal ssl certs to worker server #14581

wants to merge 3 commits into from
+290 −94

Conversation

@daniel-goldstein
Copy link
Contributor

@daniel-goldstein daniel-goldstein commented Jun 12, 2024
edited
Loading

Internal communication within the Hail Batch system uses TLS using self-signed certificates except the Batch Driver -> Worker communication and Worker -> Internal Gateway communication. This PR fixes the former to use TLS.

@daniel-goldstein daniel-goldstein mentioned this pull request Jul 17, 2024
Draft
@daniel-goldstein
Copy link
Contributor Author

daniel-goldstein commented Jul 22, 2024

This should be functioning (or very close) in GCP but is basically unimplemented in Azure. Azure needs a secret store like how we use Google Secret Manager that workers can access when they start up to load certificates. Azure Key Vault seems reasonable and can be created through terraform. The structure should mirror that in GCP, where we need a client that can upload the certs to Azure in create_certs and download them in the azure CloudWorkerAPI.

I would leave this unimplemented in TerraAzure until an overall secrets story is established.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@daniel-goldstein