Skip to content

Sni CRD #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shukitchan merged 5 commits into from
Dec 24, 2025
Merged

Sni CRD #320

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ce610b4
Added support for SNI CRD
saurabh-saraswat Nov 26, 2025
f3e00d3
Corrected docker image name. Fixed marshalling in handlerSni. Removed…
saurabh-saraswat Dec 2, 2025
0abeec9
Updated ats.go
saurabh-saraswat Dec 3, 2025
a81b84f
updated versions
saurabh-saraswat Dec 3, 2025
7cd0f60
Added documentation for how to use SNI
saurabh-saraswat Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ jobs:
eval $(minikube -p minikube docker-env)
docker build -t caching-app k8s/images/caching-app/

- name: Build App 3
run: |
eval $(minikube -p minikube docker-env)
docker build -t node-app-3 k8s/images/node-app-3/

- name: Build App 4
run: |
eval $(minikube -p minikube docker-env)
docker build -t node-app-4 k8s/images/node-app-4/

- name: Install dependencies
run: |
cd tests
Expand Down
6 changes: 6 additions & 0 deletions ats_caching/atscachingpolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,9 @@ spec:
pattern: ".*/cache-test"
action: cache
ttl: "12s"
- name: app3-endpoint
primarySpecifier:
type: url_regex
pattern: ".*/node-app3"
action: cache
ttl: "12s"
12 changes: 12 additions & 0 deletions ats_sni/ats-snipolicy-binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ats-snipolicy-binding
subjects:
- kind: ServiceAccount
name: default
namespace: trafficserver-test
roleRef:
kind: ClusterRole
name: ats-snipolicy-role
apiGroup: rbac.authorization.k8s.io
8 changes: 8 additions & 0 deletions ats_sni/ats-snipolicy-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ats-snipolicy-role
rules:
- apiGroups: ["trafficserver.apache.org"]
resources: ["atssnipolicies"]
verbs: ["get", "list", "watch"]
11 changes: 11 additions & 0 deletions ats_sni/atssnipolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
host_sni_policy: "PERMISSIVE"
verify_server_policy: "PERMISSIVE"
http2: "on"
verify_client: "MODERATE"
90 changes: 90 additions & 0 deletions ats_sni/crd-atssnipolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: atssnipolicies.trafficserver.apache.org
spec:
group: trafficserver.apache.org
names:
kind: ATSSniPolicy
plural: atssnipolicies
singular: atssnipolicy
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ["spec"]
properties:
spec:
type: object
properties:
sni:
type: array
items:
type: object
properties:
fqdn:
type: string
verify_client:
type: string
enum: ["NONE", "MODERATE", "STRICT"]
verify_client_ca_certs:
type: object
properties:
file:
type: string
dir:
type: string
verify_server_policy:
type: string
enum: ["DISABLED", "PERMISSIVE", "ENFORCED"]
verify_server_properties:
type: string
enum: ["NONE", "SIGNATURE", "NAME", "ALL"]
client_cert:
type: string
client_key:
type: string
client_sni_policy:
type: string
ip_allow:
type: array
items:
type: string
host_sni_policy:
type: string
enum: ["DISABLED", "PERMISSIVE", "ENFORCED"]
valid_tls_versions_in:
type: array
items:
type: string
enum: ["TLSv1", "TLSv1_1", "TLSv1_2", "TLSv1_3"]
http2:
type: string
enum: ["on", "off"]
http2_buffer_water_mark:
type: integer
http2_max_settings_frames_per_minute:
type: integer
http2_max_ping_frames_per_minute:
type: integer
http2_max_priority_frames_per_minute:
type: integer
http2_max_rst_stream_frames_per_minute:
type: integer
disable_h2:
type: boolean
tunnel_route:
type: string
forward_route:
type: string
partial_blind_route:
type: string
tunnel_alpn:
type: array
items:
type: string

8 changes: 8 additions & 0 deletions ats_sni/host-sni-policy/disabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
host_sni_policy: "DISABLED"
9 changes: 9 additions & 0 deletions ats_sni/host-sni-policy/enforced.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
host_sni_policy: "ENFORCED"
verify_client: "MODERATE"
9 changes: 9 additions & 0 deletions ats_sni/host-sni-policy/permissive.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
host_sni_policy: "PERMISSIVE"
verify_client: "MODERATE"
8 changes: 8 additions & 0 deletions ats_sni/http2/off.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
http2: "off"
8 changes: 8 additions & 0 deletions ats_sni/http2/on.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
http2: "on"
8 changes: 8 additions & 0 deletions ats_sni/verify-client/moderate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
verify_client: "MODERATE"
8 changes: 8 additions & 0 deletions ats_sni/verify-client/none.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
verify_client: "NONE"
8 changes: 8 additions & 0 deletions ats_sni/verify-client/strict.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: "test.edge.com"
verify_client: "STRICT"
8 changes: 8 additions & 0 deletions ats_sni/verify-server-policy/disabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: test.example.com
verify_server_policy: "DISABLED"
8 changes: 8 additions & 0 deletions ats_sni/verify-server-policy/enforced.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: test.example.com
verify_server_policy: "ENFORCED"
10 changes: 10 additions & 0 deletions ats_sni/verify-server-policy/permissive.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: trafficserver.apache.org/v1alpha1
kind: ATSSniPolicy
metadata:
name: my-sni-config
spec:
sni:
- fqdn: test.example.com
verify_server_policy: "PERMISSIVE"


Loading
Loading