Knative dispatch event messages over HTTPS

Question

I have a Knative trigger configured. Events should be handled by a service running over HTTPS.

apiVersion: eventing.knative.dev/v1
kind: Trigger
metadata:
  name: my-trigger
  namespace: my-ns
spec:
  broker: my-broker
  filter:
    attributes:
      type: dev.knative.sources.ping
  subscriber:
    ref:
      apiVersion: v1
      kind: Service
      namespace: event-handler-ns
      name: event-handler-service
    uri: /handle/event
---

kind: Service
apiVersion: v1
metadata:
  name: event-handler-service
  namespace: event-handler-ns
spec:
  selector:
    app: event-handler
  ports:
    - protocol: TCP
      port: 443
      targetPort: 8443

If I look at the logs of the broker filter, I can see the events are sent via HTTP. And I can't find any documentation how to POST them via HTTPS. The only documentation I can find is to configure the knative services to run on HTTPS (not my custom service that does the event handling).

{
  "level": "error",
  "ts": "2022-10-12T08:05:13.202Z",
  "logger": "mt_broker_filter",
  "caller": "filter/filter_handler.go:216",
  "msg": "failed to send event",
  "commit": "e825770",
  "error": "failed to dispatch message: Post \"http://event-handler-service.event-handler-ns.svc.cluster.local/handle/event\": EOF",
  "stacktrace": "knative.dev/eventing/pkg/broker/filter.(*Handler).send\n\tknative.dev/eventing/pkg/broker/filter/filter_handler.go:216\nknative.dev/eventing/pkg/broker/filter.(*Handler).ServeHTTP\n\tknative.dev/eventing/pkg/broker/filter/filter_handler.go:209\ngo.opencensus.io/plugin/ochttp.(*Handler).ServeHTTP\n\[email protected]/plugin/ochttp/server.go:92\nknative.dev/pkg/network/handlers.(*Drainer).ServeHTTP\n\tknative.dev/[email protected]/network/handlers/drain.go:110\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2879\nnet/http.(*conn).serve\n\tnet/http/server.go:1930"
}

Is it possible to specify the protocol in the trigger for the subscriber?

Answer 1

The uri can be an absolute URL with a non-empty scheme and non-empty host that points to the target (or a relative URI). From the docs

So you should be able to specify the protocol when using only the uri:

subscriber:
  uri: https://event-handler-service.event-handler-ns/handle/event

Answer 2

Correct, the URI can be a HTTPS endpoint, but the actual implementation depends on the dispatcher code in the broker. Generally it does work by providing the custom TLS certificates, if any, similar to this approach for tag resolution.

Which broker are you using?