Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Memberlist #4045

Closed
jtlisi opened this issue Apr 2, 2021 · 0 comments · Fixed by #4046
Closed

TLS Memberlist #4045

jtlisi opened this issue Apr 2, 2021 · 0 comments · Fixed by #4046
Assignees
@jtlisi
Labels
component/memberlist type/security

Comments

@jtlisi
Copy link
Contributor

jtlisi commented Apr 2, 2021

Is your feature request related to a problem? Please describe.

Gossip traffic in Cortex using memberlist is not secured on the transport level.

Describe the solution you'd like

We use a custom TCP based transport for our Memberlist client so it should be possible to use a standard set of TLS configs to secure memberlist traffic

Describe alternatives you've considered

UDP based Memberlist implementations trend towards using shared secrets to secure traffic. However, since we use TLS and TLS is used thoughout Cortex, it seems like a secondary system is not worth it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jtlisi jtlisi

Labels
component/memberlist type/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add memberlist TLS configuration options cortexproject/cortex
1 participant
@jtlisi