1.0.0 Release IaaS
This commit is contained in:
33
docs/adr/011-tls-communication.md
Normal file
33
docs/adr/011-tls-communication.md
Normal file
@@ -0,0 +1,33 @@
|
||||
# ADR 011 - TLS communication
|
||||
|
||||
## Date
|
||||
|
||||
- Mar/06/2026
|
||||
- First documentation
|
||||
|
||||
## Status
|
||||
|
||||
- Accepted
|
||||
|
||||
## Context
|
||||
|
||||
- To make administrational policy simple
|
||||
- Set the principle of TLS communication boundry
|
||||
|
||||
## Considerations
|
||||
|
||||
### Apply mTLS
|
||||
|
||||
- implementing mTLS needs both client certificate and server certificate
|
||||
- Managing a number of certificates makes a huge operational burden \(expiry date, revocation, etc ..\)
|
||||
|
||||
## Decisions
|
||||
|
||||
- Set TLS for all communication except 'lo' interface
|
||||
- When it is possible to activate TLS, apply it even in 'lo' interface
|
||||
|
||||
## Consequences
|
||||
|
||||
- The policy is set simple
|
||||
- The overhead is increased little
|
||||
- Exclude the exceptions on operation \(For the administrator\)
|
||||
Reference in New Issue
Block a user