gateway icon indicating copy to clipboard operation
gateway copied to clipboard

Published 20 hours ago verified publisher icon envoyproxy

TLS Passthrough support

Open chauhanshubham opened this issue 3 years ago • 1 comments

This commit adds a tlsroute controller which is further used to configure tls passthrough in envoy.

[draft] Resolves #168 Signed-off-by: Shubham Chauhan [email protected]

chauhanshubham avatar Sep 21 '22 13:09 chauhanshubham

Codecov Report

Merging #402 (88d2df3) into main (b8f234b) will decrease coverage by 0.22%. The diff coverage is 63.64%.

@@            Coverage Diff             @@
##             main     #402      +/-   ##
==========================================
- Coverage   62.72%   62.49%   -0.23%     
==========================================
  Files          42       45       +3     
  Lines        4496     5301     +805     
==========================================
+ Hits         2820     3313     +493     
- Misses       1532     1798     +266     
- Partials      144      190      +46
Impacted Files Coverage Δ
internal/cmd/server.go 7.75% <0.00%> (-0.14%) :arrow_down:
internal/ir/infra.go 67.41% <ø> (ø)
internal/ir/zz_generated.deepcopy.go 0.00% <0.00%> (ø)
internal/provider/kubernetes/kubernetes.go 53.48% <0.00%> (-4.02%) :arrow_down:
internal/status/status.go 0.00% <0.00%> (ø)
internal/gatewayapi/helpers_v1alpha2.go 28.88% <28.88%> (ø)
internal/gatewayapi/helpers.go 67.52% <40.00%> (+0.85%) :arrow_up:
internal/gatewayapi/runner/runner.go 53.77% <42.85%> (-0.78%) :arrow_down:
internal/xds/translator/translator.go 72.04% <60.00%> (-2.65%) :arrow_down:
internal/provider/kubernetes/tlsroute.go 60.56% <60.56%> (ø)
... and 13 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Sep 22 '22 11:09 codecov-commenter

This requires ~two~ ~one more~ no thing

  1. ~adding tlsroute status updates to be implemented, similar to httproutes in #395~
  2. ~update tlsroute controller to listen and validate gateway parent #403~ ~I can take these up separately if this PR is getting too long~

Above tasks were added as part of this PR Minor pending action items include,

  1. including tlsroute in demo profile
  2. doc updates

chauhanshubham avatar Sep 24 '22 06:09 chauhanshubham

thanks for addressing the comments ! the xds config looks good, have some minor suggestions, mainly to simplify the life of the dev adding TCPRoute support, but not blockers. @skriss @AliceProxy can you please review the Gateway API Translator changes ?

arkodg avatar Oct 07 '22 20:10 arkodg

@chauhanshubham when possible can you also attach a working example, there doesnt seem to be an existing conformance test for TLS passthrough yet

arkodg avatar Oct 07 '22 20:10 arkodg

can you also attach a working example, there doesnt seem to be an existing conformance test for TLS passthrough yet

@arkodg updated the description with the details, I would prefer adding the sample in the demo profile, quickstart guide etc. in a subsequent PR.

chauhanshubham avatar Oct 08 '22 06:10 chauhanshubham