support tls termination for tcp traffic #1431
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tanujd11
force-pushed
the
feat/support-tls-termination
branch
2 times, most recently
from
dd09e06
to
26a6a21
Compare
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
tanujd11
force-pushed
the
feat/support-tls-termination
branch
from
26a6a21
to
e4b5666
Compare
Codecov Report
@@ Coverage Diff @@
## main #1431 +/- ##
==========================================
- Coverage 61.98% 61.94% -0.04%
==========================================
Files 79 79
Lines 11318 11388 +70
==========================================
+ Hits 7015 7054 +39
- Misses 3844 3874 +30
- Partials 459 460 +1
|
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
Xunzhuo
previously approved these changes
May 22, 2023
|
@tanujd11 is there any conformace test for this? |
arkodg
reviewed
May 23, 2023
internal/ir/xds.go
Outdated
| @@ -612,7 +612,9 @@ type TCPListener struct { | |||
| Port uint32 | |||
| // TLS information required for TLS Passthrough, If provided, incoming | |||
| // connections' server names are inspected and routed to backends accordingly. | |||
| TLS *TLSInspectorConfig | |||
| TLSInspectorConfig *TLSInspectorConfig | |||
There was a problem hiding this comment.
thoughts on making this
tls:
passthrough:
terminate:
?
There was a problem hiding this comment.
I feel in future we could use SNIs to route traffic in TCP terminate mode as well? Wdyt? Istio does it on the basis of gateway hostname. However at the moment it does not make sense as TCPRoute does not have any SNI based routing. Maybe I am missing something. Wdyt?
There was a problem hiding this comment.
that case is handled in the HTTPListener
Line 117 in 3344221
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
|
@arkodg PTAL |
arkodg
approved these changes
May 24, 2023
|
kubernetes-sigs/gateway-api#2060 for tracking conformance test related to this |
zirain
approved these changes
May 25, 2023
This was referenced Jul 10, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
Feature to provide TLS termination with TCP trafficWhat this PR does / why we need it:
Supports the following configuration:
Listener Protocol = TLS
TLS Mode = Terminate
Route Type =TCPRoute
Which issue(s) this PR fixes:
Fixes #1391