apisix-ingress-controller
apisix-ingress-controller copied to clipboard
feat: Support SNI based TLS Route
Now Apache APISIX supports to match the stream route with TLS SNI (https://github.com/apache/apisix/pull/4433), we can implement it in ApisixRoute
.
LGTM
Any ETA for this? At the moment we have to manually call the API and set SNI for stream routes to support TLS. It would be nice to use the ApisixRoute CRD without having to manually update the streamroute with SNI afterwards.
It will be added in the next version v1.5 at the earliest, and v1.6 at the latest.
@svendberg Is this feature of APISIX currently used in your production environment?
We use it in production to expose MQTT endpoints ( TCP ) with TLS for a multi-tenant solution. Right now, we use an ApisixRoute to create the upstream and a "dummy" stream_route in Apisix. Then we use the Apisix API to create a new stream_route with an SNI defined, reusing the upstream created by ApisixRoute.
WeOpen Star
I'd like to work on this issue.
thanks @mangoGoForward Assigned
Hi @tao12345666333 . On the implementation, I want to confirm a few things:
- We should add
sni
in types. https://github.com/apache/apisix-ingress-controller/blob/3cccd5666e098f374c262eb443de194d69d6a55e/pkg/types/apisix/v1/types.go#L331-L339 - When
ApisixRoute
translate toStreamRoute
, we should addsni
toStreamRoute
instance? https://github.com/apache/apisix-ingress-controller/blob/3cccd5666e098f374c262eb443de194d69d6a55e/pkg/kube/translation/apisix_route.go#L732 then create or update it. But I am confused about that which field inApisixRoute
we can use.
@mangoGoForward What about just using Host
or SNI
?
I prefer Host
I prefer
Host
But seems ApisixRouteSpec.Stream
doesn't have this property? If I'm missed the meaning, please correct me, thanks.
@mangoGoForward sorry for delay.
But seems
ApisixRouteSpec.Stream
doesn't have this property?
yes, since it's a new feature, we can add it
I prefer
Host
But seems
ApisixRouteSpec.Stream
doesn't have this property? If I'm missed the meaning, please correct me, thanks.
Yeah, that's the point that we need to implement it :).
I have been commit a PR #1051, if you have free time, please have a review~
Thanks
@svendberg #1051 has been merged. Thanks @mangoGoForward
This feature will be released in v1.6