Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Generating a Default Wildcard Certificate #75

Closed
danehans opened this issue Feb 11, 2020 · 2 comments
Closed

Add Support for Generating a Default Wildcard Certificate #75

danehans opened this issue Feb 11, 2020 · 2 comments
Assignees
@bowei
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@danehans
Copy link
Contributor

What would you like to be added:
The ability for Gateway to support generating a wildcard certificate.

Why is this needed:
To simplify the user experience, it's beneficial for Gateway to generate a default wildcard certificate for use by a listener. If the listener specifies one or more certificates, those certificates are used for authenticating requests and SNI-based routing. If the listener does not specify any certificates, then a wildcard certificate is generated and used by the listener to authenticate the request and perform SNI-based routing. A couple approaches are presented here for generating the wildcard certificate subdomain:

  1. Constructing the subdomain from the listener's Name. For example:
kind: Gateway
spec:
  listeners: 
  - name: foo.example.com
     protocol: HTTPS
     # no TLS config

The above spec would cause the Gateway to generate a wildcard certificate for *.example.com.

  1. Adding a Domain field to Gateway as specified in Add Domain Support #62.
kind: Gateway
spec:
  domain: example.com
  listeners: 
  - name: foo.example.com
     protocol: HTTPS
     # no TLS config

The above spec would cause the Gateway to generate a wildcard certificate for *.example.com.

/assign @bowei
/cc @jpeach @ironcladlou @Miciah
@danehans danehans added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 11, 2020
@danehans
Copy link
Contributor Author

xref: #49

@danehans danehans mentioned this issue Feb 11, 2020
Closed
@danehans danehans changed the title Add Support for Generating a Default Wildcard Certificate Add Wildcard Certificate Support Feb 11, 2020
@danehans danehans changed the title Add Wildcard Certificate Support Add Support for Generating a Default Wildcard Certificate Feb 11, 2020
@danehans
Copy link
Contributor Author

Closing as generating a default wildcard certificate is not supported by the general ingress controller community. Generating a wildcard certificate for use by a gateway listener should be explicit and not generated by default.

jaison-tiu pushed a commit to jaison-tiu/gateway-api that referenced this issue Apr 14, 2022
@boredabdel
Merge pull request kubernetes-sigs#75 from GoogleCloudPlatform/featur…
d0d73fd 
…e/mci-https-e2e

Initial commit to mci-https-e2e recipe and changes in cluster-setup.md to support ASM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bowei bowei

Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bowei @danehans