Larger description in the Feature Track document
Summary:
The queue-proxy should support TLS serving if a certificate is mounted to the correct location on the filesystem. It's expected this would be managed and exposed by the cluster administrator for alpha, and automatically created and managed at a later stage.
If the certificates are present, the queue-proxy should enable a port for TLS serving -- this could either be the existing port, or a second newly-defined port (implementer's choice -- they should document the choice and reason).
Recommended configuration extension for the queue-proxy Deployment for alpha to enable mounting secrets if they exist:
spec:
template:
spec:
containers:
- ...
volumeMounts:
- name: tls
mountPath: /tls/server
- readOnly: true
volumes:
- name: tls
secret:
# Note that this secret is namespaced, so administrators would need to create per-namespace certs!
secretName: knative-tls
optional: true
Larger description in the Feature Track document
Summary:
The queue-proxy should support TLS serving if a certificate is mounted to the correct location on the filesystem. It's expected this would be managed and exposed by the cluster administrator for alpha, and automatically created and managed at a later stage.
If the certificates are present, the queue-proxy should enable a port for TLS serving -- this could either be the existing port, or a second newly-defined port (implementer's choice -- they should document the choice and reason).
Recommended configuration extension for the queue-proxy Deployment for alpha to enable mounting secrets if they exist: