[GitHub] [incubator-pinot] apucher commented on pull request #6418: TLS-support for client-pinot and pinot-internode connections

Mon, 18 Jan 2021 14:26:46 -0800 


apucher commented on pull request #6418:
URL: https://github.com/apache/incubator-pinot/pull/6418#issuecomment-762496331


   @mcvsubbu here's the results of the manual TLS-upgrade test from fully 
unsecured, over multi-ingress, to 2-way TLS without global cluster downtime:
   
   **Unsecured - defaults**
   HTTP
   Add a table - pass
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   No HTTPS ingress - pass
   
   **Unsecured - TLS configured, not enabled**
   Set keystore and truststore paths via TLS defaults, but don’t enable 
https/nettytls
   
   HTTP
   Add a table - pass
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   No HTTPS ingress - pass (not reachable)
   
   **Unsecured - TLS active via multi-ingress**
   Enable TLS ingress via alternate ports, still use insecure egress
   
   HTTP
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   
   HTTPS
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   
   **Secured - TLS active via multi-ingress**
   Enable TLS ingress and egress via alternate ports, still allow insecure 
ingress too
   
   HTTP
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   
   HTTPS
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   
   **Secured - TLS active only, 2-way TLS internode**
   Enable TLS ingress and egress via alternate ports only
   
   No HTTP access - pass
   
   HTTPS
   Add a segment - pass
   Query broker - pass
   Query controller - pass
   Query tablesize - pass
   Delete the segment - pass
   Delete the table - pass
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to