gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

Add support for disabling TLS for Routes in a Virtual Service

Open afro-coder opened this issue 2 years ago • 2 comments

Gloo Edge Product

Enterprise

Gloo Edge Version

1.14

Is your feature request related to a problem? Please describe.

Currently sslConfig is global for each VirtualService, I have a scenario where the customer has 8 routes, Gloo Edge routing is in mTLS mode. Two of these routes are HealthChecks and can be done via One Way TLS, however, this fails since GE directly only works in mTLS mode as this is set on the VirtualService Level.

Constraints

  • Cannot split VirtualService based on SNI since the domain is the same.

Describe the solution you'd like

Similar to disabling extauth per route, it would be nice to have the option to disable TLS completely/onewayTLS per route, /get,/healthcheck.

Describe alternatives you've considered

HybridGateway, however, the current matchers don't fit the requirements, the customer cannot specify different sniDomains for the same virtualservice. To add to this, I created two virtual services, one that has only OneWayTls and the other with mTLS, the routes for the OneWayTls never get created the config_dump is shared in the zip file below.

Additional Context

Attached are the configs I used to create this scenario. The guide is as per https://docs.solo.io/gloo-edge/1.7.23/guides/security/tls/server_tls/

Zip file added below. please rename it. files.txt

afro-coder avatar Oct 11 '23 12:10 afro-coder