Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for nginx-ingress controller #282

Closed
mktelos opened this issue Jun 11, 2024 · 2 comments
Closed

support for nginx-ingress controller #282

mktelos opened this issue Jun 11, 2024 · 2 comments

Comments

@mktelos
Copy link

mktelos commented Jun 11, 2024

Hello, I'm setting up a Kubernetes cluster with the Ingress Nginx controller from https://github.com/kubernetes/ingress-nginx. My aim is to create a custom Nginx Ingress Controller supporting quantum-safe keys. Specifically, I want to use p384_kyber768 as the default Key Encapsulation Mechanism (KEM) algorithm. However, I'm facing challenges in building the image for this custom controller. The default Nginx image provided here works perfectly. IBM made a custom ingress controller a while back, but it's outdated now and doesn't work anymore! https://github.com/IBM/qsc-ingress/tree/main/kubernetes/nginx. So, if you have any tips or tricks, I'd be super grateful!
@baentsch
Copy link
Member

Looks like a worthwhile and achievable goal. But again, I've been pretty alone working on these integrations and thus somewhat put them on the back burner (I'm motivated by cooperation and that's hard being the only guy :-). From a first glance-over of the IBM code, it might benefit from a resolution of #182 as it still uses the no longer supported OpenSSL111 code base. As you noticed I've been updating nginx and curl to use openssl3 with oqs-provider (primarily for testing that code base and making available our interop test server) but there seem to be more moving parts in the IBM project. So I'm afraid, you should ask for help there (and/or suggest them contributing to OQS and maintaining this ingress integration for the benefit of the wider community here: I'm personally not very motivated to work for free on code owned by a multi-billion-$ profit company :-)

So the best advice to you that I can give is that you try to merge the Dockerfile logic in our nginx integration with the kubernetes code. If you'd then consider contributing this to this project via PR (and/or ask here concrete questions if sth fails), I'd be very glad to provide support & guidance as and when necessary. From experience, this is a tedious piece of work but clearly achievable, so please give this invitation to contribute a thought.

@mktelos
Copy link
Author

mktelos commented Jun 12, 2024

Thanks for the detailed response. I understand your hesitation to contribute to the IBM project—it’s just the only example I found that does what I need. I'll do my best to merge the Dockerfile logic from your nginx integration with the Kubernetes one. Once I'm successful, I’ll be happy to contribute here. Thanks again, and I’ll reach out if I face any issues.

@mktelos mktelos closed this as completed Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baentsch @mktelos