-
Notifications
You must be signed in to change notification settings - Fork 665
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
internal/dag: Set SNI on upstream externalName type clusters for TCPProxy #3291
Conversation
//cc @moderation |
Codecov Report
@@ Coverage Diff @@
## main #3291 +/- ##
==========================================
+ Coverage 75.69% 75.74% +0.05%
==========================================
Files 98 98
Lines 6405 6410 +5
==========================================
+ Hits 4848 4855 +7
+ Misses 1449 1447 -2
Partials 108 108
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks OK to me. It'd be nice to have an integration test case for this too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks OK to me. It'd be nice to have an integration test case for this too.
thinking out loud how this might work, maybe deploy a TLS echo app/service and an external name service that points to it, and use the SNI enforcement endpoint to check it works
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, and agree that some integration testing around this would be great.
dc2dc98
to
030ce97
Compare
needs a rebase |
…roxy Sets the SNI on any TCPProxy.Service which references an externalName type service as well as having the upstream protocol of "tls". Updates projectcontour#2517 Signed-off-by: Steve Sloka <slokas@vmware.com>
030ce97
to
908c014
Compare
@stevesloka I got #3342 merged, hopefully that helps with adding a test for this. Happy to walk through it if you want. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK with me to merge this now and file a follow-up for an integration test.
…roxy (projectcontour#3291) Sets the SNI on any TCPProxy.Service which references an externalName type service as well as having the upstream protocol of "tls". Updates projectcontour#2517 Signed-off-by: Steve Sloka <slokas@vmware.com> Signed-off-by: iyacontrol <gaohj2015@yeah.net>
Sets the SNI on any TCPProxy.Service which references an externalName type service
as well as having the upstream protocol of "tls".
Updates #2517
Signed-off-by: Steve Sloka slokas@vmware.com