Summary
The Metacontroller sync webhook currently communicates over plain HTTP (http://integrationroute-webhook.keip/webhook/sync). Sync requests contain CR specs which may include secret references, so this traffic should be encrypted.
Context
Identified during PR #44 review. See operator/controller/composite-controller.yaml.
Requirements
- Generate or provision a TLS certificate for the webhook service
- Update the webhook deployment to serve HTTPS (likely via Uvicorn's
--ssl-certfile/--ssl-keyfile options or a sidecar)
- Update the CompositeController hook URL to
https://
- Consider using the existing cert-manager addon (
operator/controller/addons/certmanager/) for certificate provisioning
Summary
The Metacontroller sync webhook currently communicates over plain HTTP (
http://integrationroute-webhook.keip/webhook/sync). Sync requests contain CR specs which may include secret references, so this traffic should be encrypted.Context
Identified during PR #44 review. See
operator/controller/composite-controller.yaml.Requirements
--ssl-certfile/--ssl-keyfileoptions or a sidecar)https://operator/controller/addons/certmanager/) for certificate provisioning