Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLSRoute #3440

Closed
4 tasks done
stevesloka opened this issue Mar 3, 2021 · 10 comments
Closed
4 tasks done

Support TLSRoute #3440

stevesloka opened this issue Mar 3, 2021 · 10 comments
Assignees
@skriss
Labels
area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. kind/feature Categorizes issue or PR as related to a new feature.
Milestone
1.19.0

Comments

@stevesloka
Copy link
Member

stevesloka commented Mar 3, 2021
edited by skriss
Loading

The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener.

//ref: https://gateway-api.sigs.k8s.io/spec/#networking.x-k8s.io/v1alpha1.TLSRoute
@stevesloka stevesloka added kind/feature Categorizes issue or PR as related to a new feature. area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels Mar 3, 2021
@stevesloka stevesloka mentioned this issue Mar 3, 2021
Closed
3 tasks
@xaleeks
Copy link

xaleeks commented Apr 13, 2021

Is this part of the v1.15 in any way? We can always push it out to next release if needed. tagging it first

@youngnick
Copy link
Member

I'd rate this as nice-to-have for 1.15, rather than must-have.

@stevesloka stevesloka self-assigned this Apr 27, 2021
@sunjayBhatia
Copy link
Member

Seems like this is going to move to 1.16?

@youngnick
Copy link
Member

Agreed.

stevesloka added a commit to stevesloka/contour that referenced this issue Apr 30, 2021
@stevesloka
internal: Adds support for TLSRoute
8e175b7 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
@stevesloka stevesloka mentioned this issue Apr 30, 2021
Merged
stevesloka added a commit to stevesloka/contour that referenced this issue Apr 30, 2021
@stevesloka
internal: Adds support for TLSRoute
237de4c 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue Apr 30, 2021
@stevesloka
internal: Adds support for TLSRoute
8cada82 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue Apr 30, 2021
@stevesloka
internal: Adds support for TLSRoute
6afe832 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue May 5, 2021
@stevesloka
internal: Adds support for TLSRoute
4fdcd84 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue May 14, 2021
@stevesloka
internal: Adds support for TLSRoute
9e96c8f 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue May 14, 2021
@stevesloka
internal: Adds support for TLSRoute
9744114 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue May 18, 2021
@stevesloka
internal: Adds support for TLSRoute
0dec1f3 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue May 19, 2021
@stevesloka
internal: Adds support for TLSRoute
5923f2a 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit that referenced this issue May 19, 2021
@stevesloka
internal: Adds support for TLSRoute (#3627)
72edf8b 
Add support for TLSRoute to enable Passthrough TCP Proxying to pods via SNI.

Updates #3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
@youngnick
Copy link
Member

Some support implemented in 1.16, but completion will need to be in 1.17.

@youngnick youngnick added this to the 1.17.0 milestone May 25, 2021
stevesloka added a commit to stevesloka/contour that referenced this issue Jun 11, 2021
@stevesloka
internal/dag: Implement TLSRoute mode:terminate
436f5dc 
Implements support for GatewayAPI TLSRoute mode: terminate which terminates TLS
at the Gateway.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
@stevesloka stevesloka mentioned this issue Jun 11, 2021
Merged
stevesloka added a commit to stevesloka/contour that referenced this issue Jun 21, 2021
@stevesloka
internal/dag: Implement TLSRoute mode:terminate
f367793 
Implements support for GatewayAPI TLSRoute mode: terminate which terminates TLS
at the Gateway.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
stevesloka added a commit to stevesloka/contour that referenced this issue Jun 27, 2021
@stevesloka
internal/dag: Implement TLSRoute mode:terminate
692c17e 
Implements support for GatewayAPI TLSRoute mode: terminate which terminates TLS
at the Gateway.

Updates projectcontour#3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
skriss pushed a commit that referenced this issue Jun 28, 2021
@stevesloka
internal/dag: Implement TLSRoute mode:terminate (#3801)
1d4526a 
Implements support for GatewayAPI TLSRoute mode: terminate which terminates TLS
at the Gateway.

Updates #3440

Signed-off-by: Steve Sloka <slokas@vmware.com>
@youngnick
Copy link
Member

Hmm, this is partially implemented, so I'll move it to 1.18.

@youngnick youngnick modified the milestones: 1.17.0, 1.18.0 Jul 1, 2021
@youngnick youngnick removed the lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. label Jul 20, 2021
@youngnick youngnick modified the milestones: 1.18.0, 1.19.0 Jul 20, 2021
@skriss
Copy link
Member

skriss commented Jul 29, 2021

@stevesloka I can take this over if that works for you, looks like still several TODOs

@skriss
Copy link
Member

skriss commented Jul 29, 2021

I'll see if there's an opportunity for some reuse between HTTPRoute and TLSRoute processing as well since there's a lot of overlap in functionality.

@stevesloka
Copy link
Member Author

Go for it! =)

@skriss skriss mentioned this issue Jul 29, 2021
Closed
@skriss skriss assigned skriss and unassigned stevesloka Jul 29, 2021
@skriss skriss mentioned this issue Jul 29, 2021
Merged
skriss added a commit to skriss/contour that referenced this issue Jul 30, 2021
@skriss
internal/dag: support TLSRoute weighted ForwardTos
01787e8 
Add support for weighted ForwardTos in TLSRoute rules.
Per spec, weights default to 1 if unspecified, and weights
of 0 mean no traffic is forwarded to the backend.

Updates projectcontour#3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit to skriss/contour that referenced this issue Jul 30, 2021
@skriss
internal/dag: support TLSRoute weighted ForwardTos
e183036 
Add support for weighted ForwardTos in TLSRoute rules.
Per spec, weights default to 1 if unspecified, and weights
of 0 mean no traffic is forwarded to the backend.

Updates projectcontour#3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit to skriss/contour that referenced this issue Jul 30, 2021
@skriss
internal/dag: support TLSRoute weighted ForwardTos
ed33192 
Add support for weighted ForwardTos in TLSRoute rules.
Per spec, weights default to 1 if unspecified, and weights
of 0 mean no traffic is forwarded to the backend.

Updates projectcontour#3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@skriss skriss mentioned this issue Jul 30, 2021
Merged
skriss added a commit to skriss/contour that referenced this issue Jul 30, 2021
@skriss
internal/dag: improve TLSRoute selection test coverage
e9d26ee 
Adds test coverage for the matching of TLSRoutes with Gateways.

Updates projectcontour#3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@skriss skriss mentioned this issue Jul 30, 2021
Merged
stevesloka pushed a commit that referenced this issue Aug 11, 2021
@skriss
internal/dag: support TLSRoute weighted ForwardTos (#3938)
c64cde8 
Add support for weighted ForwardTos in TLSRoute rules.
Per spec, weights default to 1 if unspecified, and weights
of 0 mean no traffic is forwarded to the backend.

Updates #3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit to skriss/contour that referenced this issue Aug 16, 2021
@skriss
internal/dag: improve TLSRoute selection test coverage
a6d8544 
Adds test coverage for the matching of TLSRoutes with Gateways.

Updates projectcontour#3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
skriss added a commit that referenced this issue Aug 17, 2021
@skriss
internal/dag: improve TLSRoute selection test coverage (#3939)
10818a8 
Adds test coverage for the matching of TLSRoutes with Gateways.

Updates #3440.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@skriss
Copy link
Member

skriss commented Aug 17, 2021

Task list is complete so I'm closing this out, can open new issues if we find any other gaps.

@skriss skriss closed this as completed Aug 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skriss skriss

Labels
area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
1.19.0
Development

No branches or pull requests
5 participants
@stevesloka @skriss @sunjayBhatia @youngnick @xaleeks