gloo-mesh icon indicating copy to clipboard operation
gloo-mesh copied to clipboard

Published 20 hours ago verified publisher icon solo-io

API v2 - TLS configurations pointing to SDS cluster

Open nimrodoron opened this issue 2 years ago • 2 comments

When creating Virtual Gateway in API v2, we would like to able to configure TLS configuration pointing to a SDS cluster.

nimrodoron avatar Dec 19 '21 13:12 nimrodoron

Hi @nimrodoron thanks for raising this! Could you provide me some example for this? Is this something possible in Istio (I am not aware of) or Gloo Edge today?

linsun avatar Jan 03 '22 16:01 linsun

I'm not sure it's possible in Istio today. In Gloo Edge, the SSLConfig object seems to imply that it's possible to configure.

It's definitely possible in Envoy, and can be configured in Istio using EnvoyFilter objects.

I guess this makes the most sense in the context of Ingress gateways, where instead of providing a Secret which contains certificates (either server-side certificates or verification certificates for mutual TLS), the Gateway object could point to an SDS endpoint and dynamically retrieve these certificates.

liorokman avatar Jan 06 '22 15:01 liorokman