Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for TLS termination for TCP protocol? #686

Closed
gitanuj opened this issue Nov 3, 2022 · 4 comments
Closed

Support for TLS termination for TCP protocol? #686

gitanuj opened this issue Nov 3, 2022 · 4 comments
Labels
area/translator Issues related to Gateway's translation service, e.g. translating Gateway APIs into the IR. area/xds-server Issues related to the xDS Server used for managing Envoy configuration. help wanted Extra attention is needed kind/enhancement New feature or request priority/low Label used to express the "low" priority level
Milestone
Backlog

Comments

@gitanuj
Copy link

gitanuj commented Nov 3, 2022

Description:
Is it possible to support TLS termination for TCP protocol?

I'm trying to use envoy gateway as an API gateway which accepts TCP connection from a client and does SSL termination and then proxies the request down to a service in the cluster which also accepts TCP connection with SSL using a self signed cert. Is this something envoy gateway can support?

Currently TLS Termination is only supported for HTTPS protocols.
@arkodg
Copy link
Contributor

arkodg commented Nov 3, 2022
edited
Loading

thanks for raising this issue, based on the Gateway API Spec https://gateway-api.sigs.k8s.io/guides/tls/?h=tls#clientserver-and-tls, the downstream client TLS connection termination should be supported

@arkodg arkodg added this to the 0.3.0-rc.1 milestone Nov 3, 2022
@arkodg arkodg added kind/enhancement New feature or request help wanted Extra attention is needed area/translator Issues related to Gateway's translation service, e.g. translating Gateway APIs into the IR. area/xds-server Issues related to the xDS Server used for managing Envoy configuration. priority/low Label used to express the "low" priority level labels Nov 3, 2022
@danehans
Copy link
Contributor

danehans commented Nov 3, 2022

I'm trying to use envoy gateway as an API gateway which accepts TCP connection from a client and does SSL termination

Although I have not tested this with Envoy Gateway, it should be supported by setting the listener protocol type to TLS and supplying an appropriate TLS config.

and then proxies the request down to a service in the cluster which also accepts TCP connection with SSL using a self signed cert

The doc referenced in #686 (comment) details downstream TLS and TLS passthrough but does not cover upstream TLS. Upstream TLS in Gateway API is not supported until kubernetes-sigs/gateway-api#1067 is fixed.

@danehans danehans modified the milestones: 0.3.0-rc.1, Backlog Dec 1, 2022
@danehans
Copy link
Contributor

danehans commented Dec 1, 2022

Moved to backlog due to kubernetes-sigs/gateway-api#1067.

@arkodg
Copy link
Contributor

arkodg commented Feb 15, 2023

dupe of #837

@arkodg arkodg closed this as completed Feb 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/translator Issues related to Gateway's translation service, e.g. translating Gateway APIs into the IR. area/xds-server Issues related to the xDS Server used for managing Envoy configuration. help wanted Extra attention is needed kind/enhancement New feature or request priority/low Label used to express the "low" priority level
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@gitanuj @danehans @arkodg