Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TransportServer SNI #6605

Merged
merged 38 commits into from
Oct 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
4c623b3
commit poc
j1m-ryan Sep 24, 2024
bd1a6ac
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 24, 2024
9234db3
remove build errors
j1m-ryan Sep 24, 2024
6f6dd49
fix go tests
j1m-ryan Sep 25, 2024
88f24b6
fix example readme linting
j1m-ryan Sep 25, 2024
9af72cf
fix tests
j1m-ryan Sep 25, 2024
4c3c49c
remove unnessary changes
j1m-ryan Sep 25, 2024
c812f7d
update snaps
j1m-ryan Sep 25, 2024
4c746b6
tls passthrough example lint
j1m-ryan Sep 25, 2024
6a0644b
fix tests
j1m-ryan Sep 25, 2024
7e8c45c
fix test
j1m-ryan Sep 25, 2024
9db8c56
add new snapshot test, fix makeServerName function
j1m-ryan Sep 26, 2024
a751f78
add test for makeServerName function
j1m-ryan Sep 26, 2024
3d35774
add go tests
j1m-ryan Sep 26, 2024
624e693
Merge branch 'main' into poc/transport-server-sni
j1m-ryan Sep 26, 2024
2748b2f
change c.listeners to c.listenerHosts
j1m-ryan Oct 7, 2024
2fb8fdf
Merge branch 'main' into poc/transport-server-sni
j1m-ryan Oct 7, 2024
5f4ebc0
fix non tls passthrough hosts being added to tls passthrough template
j1m-ryan Oct 7, 2024
af2c0ed
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 7, 2024
87a671f
more go tests
j1m-ryan Oct 10, 2024
ae9e4a9
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 11, 2024
70debbe
add python tests
j1m-ryan Oct 11, 2024
12e5529
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 11, 2024
1b7621e
add listenerhost tests
j1m-ryan Oct 11, 2024
c85c9a8
add docs
j1m-ryan Oct 11, 2024
66bedf5
fix validateTSHost logic
j1m-ryan Oct 11, 2024
7be8dc2
remove unused function
j1m-ryan Oct 11, 2024
17b8e2f
Apply suggestions from code review
j1m-ryan Oct 11, 2024
20d71c3
test undo enumeration
j1m-ryan Oct 11, 2024
775a9b4
change numbers to headings
j1m-ryan Oct 11, 2024
cc4e1fb
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 14, 2024
e66a52c
make changes from code review
j1m-ryan Oct 14, 2024
615d06e
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 14, 2024
53bc93e
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 15, 2024
35c1cde
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 17, 2024
88ce4bf
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 21, 2024
c0bde77
bash to shell
j1m-ryan Oct 21, 2024
47959ef
Merge branch 'main' into feat/transport-server-sni
j1m-ryan Oct 22, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions examples/custom-resources/tls-passthrough/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,9 @@ You can see how the Secure App is implemented in the `secure-app.yaml` file.

1. Save the HTTPS port of the Ingress Controller where TLS Passthrough is enabled into a shell variable:

```console
$ IC_HTTPS_PORT=<port number>
```console
IC_HTTPS_PORT=<port number>
```

1. Save the HTTPS port of the Ingress Controller into a shell variable:

Expand Down
110 changes: 110 additions & 0 deletions examples/custom-resources/transport-server-sni/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
# TransportServer SNI

In this example we create two different TransportServers that listen on the same interface, which are distinguished by their Host field.
The applications (a TCP echo server, and MongoDB) will be accessed via `ncat` and `mongosh`.
The `ncat` binary is available via `nmap`. On mac/linux this can be installed via homebrew/linuxbrew with `brew install nmap`
`mongosh` installation instructions are [available here](https://www.mongodb.com/docs/mongodb-shell/install/).

## Create a GlobalConfiguration resource with the following listener

```yaml
listeners:
- name: tcp-listener
port: 7000
protocol: TCP
```

## Add a custom port to the NGINX Ingress Controller pod with the Helm chart

```yaml
controller.customPorts:
- name: port
containerPort: 7000
protocol: TCP
```

## Add a custom port to the NGINX Ingress Controller service

```yaml
controller.service.customPorts:
- name: tcp-port
port: 7000
protocol: TCP
targetPort: 7000
```

## Use `kubectl` to create the cafe-secret, and mongo-secret. These secrets are used for TLS in the TransportServers

`kubectl apply -f cafe-secret.yaml`
`kubectl apply -f mongo-secret.yaml`

## Create the mongo and tcp echo example applications

`kubectl apply -f mongo.yaml`
`kubectl apply -f tcp-echo-server.yaml`

## Wait until these are ready

`kubectl get deploy -w`

## Create the TransportServers for each application

`kubectl apply -f cafe-transport-server.yaml`
`kubectl apply -f mongo-transport-server.yaml`

## Ensure they are in valid state

`kubectl get ts`

```shell
NAME STATE REASON AGE
cafe-ts Valid AddedOrUpdated 2m
mongo-ts Valid AddedOrUpdated 2m
```

## Set up /etc/hosts or DNS

This example uses a local NGINX Ingress Controller instance, so the /etc/hosts file
is being used to set cafe.example.com and mongo.example.com to localhost.
In a production instance, the server names would be set at the DNS layer.
`cat /etc/hosts`

```shell
...
127.0.0.1 cafe.example.com
127.0.0.1 mongo.example.com
```

## Expose port 7000 of the LoadBalancer service

`kubectl port-forward svc/my-release-nginx-ingress-controller 7000:7000`

## Use `ncat` to ping cafe.example.com on port 7000 with SSL

`ncat --ssl cafe.example.com 7000`
pdabelf5 marked this conversation as resolved.
Show resolved Hide resolved
When you write a message you should receive the following response:

```shell
hi
hi
```

Close the connection (CTRL+ c), then view the NGINX Ingress Controller logs.

The request and response should both be 2 bytes.

```shell
127.0.0.1 [24/Sep/2024:15:48:58 +0000] TCP 200 3 3 2.702 "-
```

## Use mongosh to connect to the mongodb container through the TransportServer on port 7000

`mongosh --host mongo.example.com --port 7000 --tls --tlsAllowInvalidCertificates`
pdabelf5 marked this conversation as resolved.
Show resolved Hide resolved

```shell
test> show dbs
admin 40.00 KiB
config 60.00 KiB
local 40.00 KiB
test>
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY1ekNDQTgrZ0F3SUJBZ0lVR2dXT0JNTkR2TXNWOGY3OWc0MlpSZy9KaWc0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZSXhDekFKQmdOVkJBWVRBbGhZTVJJd0VBWURWUVFJREFsVGRHRjBaVTVoYldVeEVUQVBCZ05WQkFjTQpDRU5wZEhsT1lXMWxNUlF3RWdZRFZRUUtEQXREYjIxd1lXNTVUbUZ0WlRFYk1Ca0dBMVVFQ3d3U1EyOXRjR0Z1CmVWTmxZM1JwYjI1T1lXMWxNUmt3RndZRFZRUUREQkJqWVdabExtVjRZVzF3YkdVdVkyOXRNQjRYRFRJME1Ea3kKTXpFd01EUXdNVm9YRFRNME1Ea3lNVEV3TURRd01Wb3dnWUl4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSQpEQWxUZEdGMFpVNWhiV1V4RVRBUEJnTlZCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1ClRtRnRaVEViTUJrR0ExVUVDd3dTUTI5dGNHRnVlVk5sWTNScGIyNU9ZVzFsTVJrd0Z3WURWUVFEREJCallXWmwKTG1WNFlXMXdiR1V1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBbjkvZwpkMml5NEZyaGNtS3ZXQTVHZXFiS1c5WU1xeml6Vm4yRExkd215enkvS2FUdTdtUlkvUWRsTkxHaVhIM1NEa0FkCkhtZFJEK0Zob1ZHaWxoTjEzcTI0azdyRSt6dk1iMlRqdnBnMmVLYVd1dDBHaGQ3V3l3TnpIUU9WcWJCM2o2U2QKSE1sNlJKK25ERHo2Yi9adkRiNm9nQjBucUowZjBWN0tBMHFFalYxVld2dXI4YVZpVlVxK0tBOVMveEdJMHZSSwo2NE9BS2xIUUF4a2xGWWhheHVjcWRsS0owQlRXekE0Z0gzUTZlQi9CRjNOMTJDQjgrMVEzZG54bU5TVnpLbXp1CmJYdm1jK1RPUjg0V3ovemlaMTl1K3RuRHg2aklNajZZQXd2M0tzSVlYbmV1ZEgycUZKRG5FMmZwYjNnZzRxbm0KQnduY0ZlU1poY09nZWdnR1RmKzRTc3YwRUNuamNNdXhteTEwMTNwY0h1a2prTUNmVGJsUGZTU0NNS24rVnlGZQpUNzlSeUkxM3hmL0JXOSt0aTFad1IwYVpkWk5jV1R2Um53R1M1bWhnelJXclhRUmdJQlVVVjk2N3cxRVVONDJVCkE3ZjBVSzZlYks5bExBMnNZWmJJSWUrbllRY1d1OVRuNXo5YnVwK2w3aU5hUDYxWXdwWGdrUTFyNHlSamhMeUEKajVha1Z5VnROYzZmSWltaXlWV0Y1QzBaZnNIYzF3cUpLb2lXQzBtT1dyNEVRSVorRkY2WC9FRytSMmhodjZkQQpGcndpd3BHUE9kWkROQzNqNFBqVzVreWlYMlh2Vm1RWTUvbkxNdFpUaFF6VHpadG8zT3M4d1RsRjFyQlZkd05iCi9zNTh2dnlTQitsYk5Sd215TEErQVYvOGQ2L2VNcGZjS0ZyYU85OENBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUUKRktEejZlREZLaC93ZDVLTHpPMXpCMDR2UGVRSU1COEdBMVVkSXdRWU1CYUFGS0R6NmVERktoL3dkNUtMek8xegpCMDR2UGVRSU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFKQnd5WVlyCllXa3RvRGJPYlpHRUFXT0lEcjFTb3NWRDVIRXdkazV6ZTJuT05oQXFHVWszOHpUT3V1VVZRNk5lT1c1UWtML3oKVTFUa3dwUlNFNjFpbVZHOUdjYWY5ampkSjd5VGhsOGpmZXUyWTF4RHo1OUpmbWJ1WUo2SGE4ZmR4STAxQXZ3RgoxaERYY1ZEcTZoalhhb0pKMVZta1NiTEJPc1JXaGVzWGl1K3FiN3NSOUhlZmJmaTUxandQb2NFblE4YzNiWXF5CmpIRkwxS1JJekIyR2VYVGk2WngwN2lqcDZIeGJSQUFEWnBuRGN0blM1UVQvTGFoYklIZVNNTExMK21vdnUrSUgKTVgwQmtaYmJjRk94L3d2ZlN1SXdveEVXR1RjVGJIYnJGanVUUDRkalpPdFhybElSK1RJTmRiaFhaMm1XZVdHbgpRa0tkcyt4a3puNzNZbG9xZCtPZGZ2d1dJYXVFYktuaXdQUk01NHZqK0dnbndiWmZNWXpnY292cE5BYzZjMmlmCkNNdHlHWDBUREptSjRVWC9FaFFSYTArSURMbFZTMWc2Y3IxWmVQM1N1MWpkSnhBSFVwUjZwSVYrWGdsTENDdGYKQXdDUW9BUWtUeXkyb0Y1Z0hWOGVuc28zVE15cmI5R1NBWDF0UEdJL080L3VCRDBqRzQ4anZsZEI3dzZKbjdmSwoyS21DWnIwYlRDdU9vWnVuZHA3OHA2R1ozb3lVOXBxcTFTUmU0MTdjSlVuNzR3S05TTkd0U0xTNm9OZ3FQQ2h6Cm9ZTy9zK0NHL295c0JUcTBma2VBYXdMZ2oxVG9ybGNsaEt6M05uWUtLZmhDVFBLTDVVUFZLNjVXQ3V2djlSVWgKVUZvM2F2TnhhSmpWUEY4V0FVUnRZem82bXBadFRITm53ZkJTCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ2YzK0IzYUxMZ1d1RnkKWXE5WURrWjZwc3BiMWd5ck9MTldmWU10M0NiTFBMOHBwTzd1WkZqOUIyVTBzYUpjZmRJT1FCMGVaMUVQNFdHaApVYUtXRTNYZXJiaVR1c1Q3Tzh4dlpPTyttRFo0cHBhNjNRYUYzdGJMQTNNZEE1V3BzSGVQcEowY3lYcEVuNmNNClBQcHY5bThOdnFpQUhTZW9uUi9SWHNvRFNvU05YVlZhKzZ2eHBXSlZTcjRvRDFML0VZalM5RXJyZzRBcVVkQUQKR1NVVmlGckc1eXAyVW9uUUZOYk1EaUFmZERwNEg4RVhjM1hZSUh6N1ZEZDJmR1kxSlhNcWJPNXRlK1p6NU01SAp6aGJQL09KblgyNzYyY1BIcU1neVBwZ0RDL2Nxd2hoZWQ2NTBmYW9Va09jVForbHZlQ0RpcWVZSENkd1Y1Sm1GCnc2QjZDQVpOLzdoS3kvUVFLZU53eTdHYkxYVFhlbHdlNlNPUXdKOU51VTk5SklJd3FmNVhJVjVQdjFISWpYZkYKLzhGYjM2MkxWbkJIUnBsMWsxeFpPOUdmQVpMbWFHRE5GYXRkQkdBZ0ZSUlgzcnZEVVJRM2paUUR0L1JRcnA1cwpyMlVzRGF4aGxzZ2g3NmRoQnhhNzFPZm5QMXU2bjZYdUkxby9yVmpDbGVDUkRXdmpKR09FdklDUGxxUlhKVzAxCnpwOGlLYUxKVllYa0xSbCt3ZHpYQ29rcWlKWUxTWTVhdmdSQWhuNFVYcGY4UWI1SGFHRy9wMEFXdkNMQ2tZODUKMWtNMExlUGcrTmJtVEtKZlplOVdaQmpuK2NzeTFsT0ZETlBObTJqYzZ6ekJPVVhXc0ZWM0Exdit6bnkrL0pJSAo2VnMxSENiSXNENEJYL3gzcjk0eWw5d29XdG83M3dJREFRQUJBb0lDQUNkQmRZQmNlTytWNFIyUkZiVHRiR2paClkzN0JSRU1XblJKenB5NHZqR2NDOTMxbVBqVFM5dmJLUmhOMk9vT3pjVXlHZVovcGhvSDd1VmsvRGtrRFprSFQKTGlzNEJQNGJaTXRGWHBhQ0VYMzJpYlJBYVVXZHZlZ0RaTlNPK01TOXk5MjljY2FMd2pYdmJia1hqL2JGNytiVQpGZE8vVk9tV0N5WUJ2R0NxZjNtbW5UckY2U1pna1pDWDFiRkljZnluZFkwMjV0NkZYNGNFcDZyYkZidi95eXBqCndJMWxIdW0wOURrT2p0eXFVV0VGaXdnVEZiQ0g2YWhjdVhHaWdnWXl0K0NHOXRSelE5YlpLNzE5NFNRWTJBN0IKNUNJOExsSnNJeHdUT29naysvL0h3T3dSUHdqamdrdWllTnJPL1FhZDNKVkxXbXdJQTc1c2J6WGxIeFpYdWhReApFZTlTTVNaRE5JMGMvcGdDVXloL2h5Y3ZYWVJKb1dIMnZYTDYzL1EyRWJVVVZVcXpzcEpjV0xMbkhSSFdBQjZQCmtPb0FMeEs2M3lpQTU5KzREQ0ZZMGM0dXd4WHM5YnZlVWk5UUdxaUtoZkFaNmE3Ymh4ajNvRWIvRDZ0dWZKb1QKMnIxUXFKTlJ4N0RzMmJUc3J6SEgyYmVKR0R4bFJ4djdaNmdSTzdHd2lrU25veDlMcnY3YzMwUHp0WjZENXhwQwpoVHdmM0VpRWlrZ2pOM1FGd2RaUXVqV3RxWXQ1UWVGYUxpL2Q3VXZteFdZNWcrWTYyQnFkNnBpWFFJSlFVbDZUCmZmU0U2OEYvZWF6QnhPQm9INUMvWWcrd1kyVEpTb1BzK3NFUUtnYlNJTmRQNHU4N3FiQ056YWZ4WjFySTN1dmgKR3NZTWpSbm50c3RKamJXVEJkakJBb0lCQVFEZXpsY3dVNFJYbnhKVENSTjFQZUx1UHI2aXFnc09uY1lRRXNuTgpZemdwOXF6eC9SSTJodGZCYnN6TkM2RUZ3eDBDZy8wRnpRbVhqWEQ3VmhQS0UrOHBXMmQzNTg4YTBwU0xSbFBOCkprUnFxR2ovbzhIaEtmTGdCYy9BSGU3dkJEZG1UTXh1d0o1SmFmMWZ3OGtxNEJyRXROTi83SVF3MkNYcFNIK2MKSEhSZnBTM1JidDArbW9xK2RTRW1pU2h3UGgxL2FJbng4ZnBKbTFmaU1QdXhvYStzOXNUVmQ3Ky9GSjdIaWNZSApSQThQRHdQT2RMQ2loQlZFT3liSkduTlpaSFhYQTA4MThhNnpjdjU2aUM2VGZzSkhWZUg4a2Nma1IzblI4eTUvCkx2MnI1QzVaZWJlbW9ZaVhBTC9sVnZ0QUNGMXE3UW1zdlRkQ2R3R1lvaXBMbksvNUFvSUJBUUMzc1YvcFFOVlEKSjNsZExFem9OVUdBZWFwL0NNU2tuY0lUUXNnMUI3SDJHclIyR201VGNuVGE0SE5Rbmt3a2h3YUxyTUlmVDFXZAorMFVvR3M5ZXdyYkZERWtKR0MxQVd2RmFIREk3Q3NOYUFUM2FWYTE5R1ZRWFg2NnkrWEF2QXFTOXpOU25id0J0CnM5UDFFVURwMko1SGtyNlVLUHZjSnY3Q0MyR3J5emZaTy85MFpTTlFQUXdKMXFqZ2NNOUJpMlBYSkE0OENldnMKK3RvaGFqUWFIMStVY0VqNkQ0SHhoQ1RtcTBxM2YvdFNudk9iaTNOYklEWjNEWmR4ejVPelJSVmpLNWlSOGZDNQpzSVVKckxCSXRZeWpUeHAzTzROUmRFaHhzamdBZTZrSTV2dm95RVAvRFZwTFlQU0s3cFpoVjJ4YUpXUkZUUVZzCjhrKzZDbGduWGZDWEFvSUJBUUM5QjY4dFR3NHZFTVNKTW1BUnprbWovQlBkQ2d1TGdRd3pRdDEzcGNCV3lmUDgKOHNycS9BZzlFbllyV0x4cW1Sa1pzMFdPRUdFYzlXRnZ1NTNhaW9NVVFYcE5YcHgxazBkM3lsajY2b2FOUHdpbQpLeGNvbzJCdDlFQklMSjAwcUEwZ2UvUE4yeG53Q3o1dWF6dFhadjhPK0tPZ0d0Z2tZSjM1aUFyTU5jLzkvYlFiCnhjVnJnYzVJdkRNOThJd2dmbktrVDlzSkxGVSs4YzdrRnM3VDYrdVNBV01LQVNqclF1RmJSV1ovYjV5ZkdBd1EKc3l2UkZlSzlHcnBUVUYrZzdmeVVTVGlBK2VWUVZqWFZXNGk0bG9qWjRPRjBXWEtRR0p3Z0pnUEMzK2xVVnFtRQpQQ0kxKzBKWmFzZGtHaUhjTjd5YUpUVmFHc2F4V3lvOWh3Zi9VcFp4QW9JQkFDQ0hDem5ObmpoTVZTUlhsT0xGCmsyekJucHhTSENnZU8yQ1h3Y1lLTDh3cG5HMFJieG5kdWEyTWN6OENXTzlhN2FETUhhL1hwNHlMRXdydi9HcUcKUmtFTVZONkVabmJ2NDY4V01ScmRaQXhMRGYzY2tCVUg2Q2tmYTFzTDZuNllsRDE3eU9oQk1xMDZXNzBZcWdyKwpyY0IwenNTRG9WMnhsZ2tjWk5ZNzdRN05uZ1dwWnlCdFB2VjdDbnA3MzJkMjNGNGJaMTNnVCtPdDQvUm96d01WCkxTS200M1ZNUzdGTnVnOFNvKzlzZlQ5N0lCNGFDbnBIY1AyUjdaQmN0b1hYSk50anUrZVVGUkY4bllKQ0R4RkEKL0w5cVlZQmRqSHBmQWZrSUd2eVM2VExIWERJelREOGN5VEZ4NEx1OVZlbTB4bDRNSXY1V2pqQmxsQktZaEZXcwpQODhDZ2dFQkFKUjR5UUIrREtoRE1ZOGlHOXpYWUJpWmZ5MFI2c21oeEJycTREZWd4cElkajBydHUyMFNuWDdsCnN3YlZsN2NmdWRxUi9tVEhnZ1lYeGJSS3UxUXhmN3NHTW4zWVpRY1AxZDVJelFMOWZFQitidGJsdWY5VTB4NDIKUzM0U0l6Z25pd0hPQnN3M2ZLYm1Gbnc1dmtNd2RoemlBT1R0elRwcmU3ckdhaEpwZlk0eFRWWjZpK3pjQ1pCWgo0ZHhSTjlQWnBiQm4vNmJDTFY3S0I3ZmY0Uk04b3c3K1l4aHFFTFhxcnVQS2paMnRRSWs2M2hzZklMd0tiRWIrCkhEM2VLZEhNc2hhbXFXZzI0NnlORW5nQUZCQzhoVU5kQ0pmeUthUlhkSlV5eDhqcWlKM3ErdnpnNFBieUhqeW0KZEQzM2pVT2UwdHdoSWJxKytUaXZCa1ptSDBsSStnVT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
creationTimestamp: null
name: cafe-secret
type: kubernetes.io/tls
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: k8s.nginx.org/v1
kind: TransportServer
metadata:
name: cafe-ts
spec:
host: cafe.example.com
listener:
name: tcp-listener
protocol: TCP
tls:
secret: cafe-secret
upstreams:
- name: tcp-echo
service: tcp-echo-service
port: 7000
action:
pass: tcp-echo
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY2VENDQTlHZ0F3SUJBZ0lVTGRHUktVc3FrZktiV1JheWwvaTdrSkVvWnRjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBbGhZTVJJd0VBWURWUVFJREFsVGRHRjBaVTVoYldVeEVUQVBCZ05WQkFjTQpDRU5wZEhsT1lXMWxNUlF3RWdZRFZRUUtEQXREYjIxd1lXNTVUbUZ0WlRFYk1Ca0dBMVVFQ3d3U1EyOXRjR0Z1CmVWTmxZM1JwYjI1T1lXMWxNUm93R0FZRFZRUUREQkZ0YjI1bmJ5NWxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQTUKTWpNeE1EQTFNVGxhRncwek5EQTVNakV4TURBMU1UbGFNSUdETVFzd0NRWURWUVFHRXdKWVdERVNNQkFHQTFVRQpDQXdKVTNSaGRHVk9ZVzFsTVJFd0R3WURWUVFIREFoRGFYUjVUbUZ0WlRFVU1CSUdBMVVFQ2d3TFEyOXRjR0Z1CmVVNWhiV1V4R3pBWkJnTlZCQXNNRWtOdmJYQmhibmxUWldOMGFXOXVUbUZ0WlRFYU1CZ0dBMVVFQXd3UmJXOXUKWjI4dVpYaGhiWEJzWlM1amIyMHdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEUAppQngwMDU3MjB2S2JVMGJsZUNjcTg2N0RJREkzbnZ1VjdiMVhCaEJHOFJ5S1MveDREc2pPYjMwaVZtVm1MR29xCm5WVnk5bnN5VDBEMmhydnE2eUp4VEtBMmtTNFVOd3JJZDBhc3FqSmxITWFpbkNmbmtGLzB4RmwxZERvYUEydncKelZZYnpQd3NBRlQrZGk2cG1hcnFQVFlNditiL0NhQnFib3dBQWFtUjhLemdGRTZDSFNZc1EwSzFEV2xhbmRBOAoxRXlFT0p0dndjQXFjVHVXTXl6eGMzUUx6dmM4Z0hGcG1NdlNEUUtvL2xpbytUYlFaOW1ldXJKTTY0dUVtRThzCmloVDNxREo2OUE0VkpDQWs0cGVmZ0p6cjNnN1ExOTBvVmpwOGtXZ0NIMkl3OHdXUGVjYUVySXFHcmo2YkNzcHUKSHVQaGlaQnB4aDlmOUhmWCt1NHBpNytGU2VPaC8xU0xEdE9qVzAwV256TnFJSGJvSmhLd2MyRXU3Z2xkc2VNdgp5a0VQbWtKNDkyNXN1Rmsxc3U5RWdDeDBhM1JwWCtxNERsSjFHaEl6QUJja0hOVXplUXJWVGdYTHkwdk1wZGdCClVXU3hkMWdGdGM2ZGp6WEoxZUxwcEVPaEtQdmQrVWN2eEpPb2NLekx3a1BGNmNueVl2NElFUnFZWE9UUktlNFcKamFKR05xWisvNGRJQXh4M0UxamtyZUR0UUNzMVByaFBLaGpVdVlKaVI5UFFsdEFUa2w4MXQ1NzEyeDExYUQ0SgpNMWRsOXdoSUlNcjFoQzF6Wms5SkZXdkluRytCTEdBY3d4cjduY2pLTEpzcjBpS3R2aFEzbndWdG9GWnlzWERCClBBdU5QclFMM0JaT3JKanpvV3FJdU5lNVRqY3FiTG9WREx2NzMwMytXUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEUKRmdRVVpjTjdpUitRNGkrb3U2YS9aR01JUXQrRWJRY3dId1lEVlIwakJCZ3dGb0FVWmNON2lSK1E0aStvdTZhLwpaR01JUXQrRWJRY3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFKYVRXCnFENnEyRm51RmtJcmJIbkxPdFdFTDUxTC9QMncyUWZqMTcrSWlJeDRNd3hzS082ZEtHbUdlazY2Sy9sSjdBaEIKWngyRkFiOFdERmpPeVFtL3Axc1lQME82L1RyUzYrYjRlbndaR3p3YXVoVWdXR0M3djByRlp0VnNMNm5pdGJkMAp6VExGZ1V6QkJHR3cwZ3E2ekF4ZG5BNXo1VkFyYjhzcGZFNzZ1Q1FWbEdYVXhua0Fka2FYVXlOYXU1YXo0VW1WClMzRjIvaG53RG5XYUpZUmxqMTJ2SFYxWmxiamwxMzE3Uk0rRHZMSkRwV29JTkdzRzd0SG9pTGQ1dXJJeWYxZ0oKZXdJN1FXYTQ5UE1MWCszYnNSbjQ4dnJZUGxqWGcvdkhqYlZvUWlzMmFCak1sSDNCczdMVGVvVWZqVERsU2c3cApHd3ZzaW41dWJPZFAvTGRrWllaTFhiMWkvT1E3cjFpZTJ3OTQyd1RZT3NKRk5QVlB4N3JPV1BNeHd0Q0tUeE41Ck5URXFPM0F5dXZpUW9tRVhhL1RyL2xybnFSWS8rcXNpL2J2d01QWWlIS0RiTmJMM1NQaSt4bmU0Y3NxQ0d5L3QKMGVsaHVYVHpDTXUvcXdvM2ZNVXc4VFBBMXcvOEZTMWh4ZWkzY0JhL3VxQzFPS2s3aDRTLzJocXljaFd5ekhIRApMNUdob2RGZ0NkVTZaSUZJSnJzQS9uQ09maGZWUXJJMFRRZWlMSHR6OXd0T2tWTXhPeWRpcGpVMEgySjErRElwCi8vQzUrM2FpNWlxTkZnUTNZNEp5SGFlYmh3NW5lcjh1U3JmN3NnMit1a1dVU0QxamhnRVQxVWEzTTNUeG00bmYKNXhXOFV1aTFDYjVMdEM2clgvV1A4SG4veTJid2Iyc0swMGJYb1Y4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFBpQngwMDU3MjB2S2IKVTBibGVDY3E4NjdESURJM252dVY3YjFYQmhCRzhSeUtTL3g0RHNqT2IzMGlWbVZtTEdvcW5WVnk5bnN5VDBEMgpocnZxNnlKeFRLQTJrUzRVTndySWQwYXNxakpsSE1haW5DZm5rRi8weEZsMWREb2FBMnZ3elZZYnpQd3NBRlQrCmRpNnBtYXJxUFRZTXYrYi9DYUJxYm93QUFhbVI4S3pnRkU2Q0hTWXNRMEsxRFdsYW5kQTgxRXlFT0p0dndjQXEKY1R1V015enhjM1FMenZjOGdIRnBtTXZTRFFLby9saW8rVGJRWjltZXVySk02NHVFbUU4c2loVDNxREo2OUE0VgpKQ0FrNHBlZmdKenIzZzdRMTkwb1ZqcDhrV2dDSDJJdzh3V1BlY2FFcklxR3JqNmJDc3B1SHVQaGlaQnB4aDlmCjlIZlgrdTRwaTcrRlNlT2gvMVNMRHRPalcwMFduek5xSUhib0poS3djMkV1N2dsZHNlTXZ5a0VQbWtKNDkyNXMKdUZrMXN1OUVnQ3gwYTNScFgrcTREbEoxR2hJekFCY2tITlV6ZVFyVlRnWEx5MHZNcGRnQlVXU3hkMWdGdGM2ZApqelhKMWVMcHBFT2hLUHZkK1VjdnhKT29jS3pMd2tQRjZjbnlZdjRJRVJxWVhPVFJLZTRXamFKR05xWisvNGRJCkF4eDNFMWprcmVEdFFDczFQcmhQS2hqVXVZSmlSOVBRbHRBVGtsODF0NTcxMngxMWFENEpNMWRsOXdoSUlNcjEKaEMxelprOUpGV3ZJbkcrQkxHQWN3eHI3bmNqS0xKc3IwaUt0dmhRM253VnRvRlp5c1hEQlBBdU5QclFMM0JaTwpySmp6b1dxSXVOZTVUamNxYkxvVkRMdjczMDMrV1FJREFRQUJBb0lDQUU3ZDJYNldPMmR1WkE4ZUZ5ZTJRU0JFCkNlcVNUak13QWtrSVYzZCtVT284ejgxSXNqSEg0SXorOW0xNXFzQW82ZEczQjlXUUVPSmVGd0I0MUdvaW9HeXgKSTRPSktaczZEYW1BRm9ZZ2lkVStHY2lMRW1rZ1J5OEQvVUV6QWErSUZGbW5GdTJxdVR4WmhmTkw0MURGbXB1NAoxbFVEQ3B4cVFxR2YwQ2xpZUZnRFFCZEo4RW5uSE80ZVEzZjltRWQ5Q0xsTkxxVGl4RU0wdkx3RVd4SXA4WTd5CmdxdklJOUhFdUJUYW9iNTUva1JOb0ZEYW9IZVR0N0pvSGNFNGxFVTRBb0taR1AzQzJDZzhuaXR2bHAyZDFPUWoKSXI5S0hKUkdMSUFiUU0rOURHc2VGUmtvQ2Jsc0hFS29OVjZZVWlkbWN1WmxhOUYyajBCN0w4b3Q0K3RhcTIzRApYendTSWFrWXBlaFVrYlRrbDJDak9FTHkxaCsrOFYzcFZqak5LdW9pRHhKWTdSSzFMQk9obExlSG5YUzlGY2hGCmVGRVZlb0c2ZlY0QWtFdGJocDJjRExacGF0UWg5ZUNzbmhUT2d2a002WjZ2ZWlTcGpvTUtleGM3bnRVZEJyWFAKQ3lSemVkSEFaaEh5MnBvREFvYU80aW5yOEI2U2VwWlJiaTBPK1ZXQXJkNDJ3UWhXdWZRUFQ1VExVSEoyR3VjeQpkME5wZk9VRXJYT3RVdU11NFNRU2lQbHJ6Ykx3NThrOFdKUVU2TXRGTnpXQ29yTG9TNWVmNU9LclBFYXh3SmhNCnh5Q1FPaWhLQk1SWE1IUXNib2JQZjhOQlJqYVNtK1ZzL0ZpOXdiYnVLZTVpYUhQenB2YVlzMmpqYzcyYWIzMVcKL2V4cUtSQmtEUVQvcmRPSHdJWHZBb0lCQVFEKzdIKzJyM3EwVVMvY0VHalZlSlovdzJXQzJJRCsxNGY3eHdvKwo5V05iWUdyY3NoZTRVSC9JSVpEL3RHQ2MrZ01mSlhTckk5OVhXejZ5Y0p5YXhTdTFsQmxsWEduTk5JM1AwYXpPCmdRc2FjenpjR1JLdk5WTWIyZmJDVEdHR3JVMXZjQVNET1ltZDZha3laemxBaWN4aHI3bStuMWZrLzY1bWFBeEgKTFBleXQwYWMydEdVL293MWJwV1hvRi9OL05QMTRsZ2ZMU2pXQmpWVEQ0bnByenNBU1RsK1hCLzRuK01wUG9CZwo4K2poYW5mUHFDY2MyQW5VMXAvTGZKSDZ6MWJkcHpDNVVQaFF6K2t3a2gwa3Q1cDRQOW5kV3FIWkw1cDlzS1J6Cld3S3pVQld4VjB3VDBOQzRnRlBtYzJaRGpTR0hlSXJLeWx1YVdIS2w4eVcwNGRldkFvSUJBUURRYUdVSlBtT08KQlZzUFROanhTdStzVGg4czNUZFhLUVIwQU02Y0l4UmVrVHpaODg2L3ptUFhlQThsNmROV2c1L0hCTE4rbUllNApnZnV2YWxnMEh5TWI3TC8vbEtYcHpFQTRncVdxU29MaXd4c1JHcUU1NFNud1g3QXV6K0NsT1lTUlNSQXpmeC9BCnE2QS9rOHR6SzN5NVF4Rk5Sc0NFak1GdWY5ak1yWCs0aXU0c3JvZEdUMXkvRE9hZ2twRmphVWZpL2NiaTM4V2sKdVhvK0ZoYmV1Yys0N1VzWjRXWDJSOGg1Uy9sUVhBYkxKU0lwMjlSZy9EK2pZdUllZTZXbk9pdzZWVkRweHhlYgp6RDh3SGVJTHhuRHdZbXprTzVrSG5ZVU5ubUtmWFovU1NpdWpkN0ZvQ1pMZld0R1gzQlFSdVNtRHlQSnBmSTlKCmVtNTl3bkkxVEFSM0FvSUJBUUNBa1l5VCtZcThPSm9YdGhyNVZ2a29kTWJVcUJiZThKci9xOUlLRUw3TWppTTMKTFliekNYNTQxQjBLS2RIME9jK3JQTHZMdUtyaXB2MUhCNjZrREQ5UU0rSmZFYTIydGdPenhYOFBJMXdUT2YxKwowQkp4VlVhV0xHYmNkYU5XUmo5Z3JiRkk4WkxybHJZajJwV3diQTh0VVhBdnFMT3VwaGt5UXRXMmJBSjlHeHc4CjdjdDRCcTEySVZESENUWm9jRlFDbGVaMXl0UG1wWGp0YkUvVkVQQ0Q0MnBneFZ2R2kvVUlqeUkyUTYyM1NuZ2sKdmgwRDJoMlRQNitWOUR5M3J5eVRXOGdpSHFrdU1MM2VKa01XaXBjWWdMT0RoVHROaTBteWpJMVVOSmwzRURQdwpuaU9iZHR4ZHdUTVBiaklzYlpoMGQ2SWdSdERPVmo5MFhONHVqUnkzQW9JQkFFNTRRREt1endWV2R1Ylg1SWRWCjA5Qm95Y3cycnZPZWVoTERpd2UzSGFCTnh6KzVVUXRmUnJDR2dBMmljUFNPTXNiWXVremNXWjNiTTB6bEdiam0KVUczZlFwdVUrTE9ET0ZzT3RobmNYRlBOYW8rU0cwcVR3UnJFcksyemo3NG1YZ2ZtSHJlRkVndVZrNHpjdFNuMApJYzRQdHFBR0Y4N1F3TFErWnY4S0JLRVRqb0k4WktyUWp2ZFFnRFhOZWZpWVYzemNXTnBycnh0S3l3QTlpUGJyCnQ0N0ZxaFZnak9laU41V1VTWmM4VDBLR0JNc0YvbjFWL1JBajEwZnEvb0Jzb3VLRDVTZGcwejdTTktpRlYrdGYKR0g4cVVCM1BZdHMvTUMza2lQWEFac0RqTkhNa1NpUUdGc3NLZ3doTzBTK3JMRHAybXUraytyNkwzclp6VkZWRQovaGtDZ2dFQUxpdGI5U29mLy9HenBpcmpTMW16SXNRWUxBWW9ETkZGNE5wYzV1Q0pDWEJJTmVFQnl4YlVzZFRVCkRyTnZ2NG1oNTF5SU1WVHVuM3MzKzFUU25lVjZwdjlIS3JicTlEdU85YXBUOFZnV1E5ZGU5YkVaU0lLVG5iVE0KcUVoLzNIelpKcmNRWjMxWEdTZm5NN0NsVjdPQWM4bVNiT3M4NDlGLzg4UEg0Y3VrYVRWNmZPUnFOaW54RXhuZQpqbnk3ajUxT01aWTQ4TVIvaGJhOVk3QWM3TE1Ec0pQdFZ5cStBemU4ODRreU5ZV2dtZHJHanBaVnhLeDQzMjFJCmhXM1NUam9SZEZBMFVCdENyT2ZUalF0cThPQzZqL1QrYWdwa0g2VjFQVkw3Y29PbjREU2RIb1RqdnJFZ0QrYTgKVzY1ODFvdHdha2tMK0FGalU0MkVHaTkxWnJLSUx3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
creationTimestamp: null
name: mongo-secret
type: kubernetes.io/tls
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: k8s.nginx.org/v1
kind: TransportServer
metadata:
name: mongo-ts
spec:
host: mongo.example.com
tls:
secret: mongo-secret
listener:
name: tcp-listener
protocol: TCP
upstreams:
- name: mongo
service: mongodb
port: 27017
action:
pass: mongo
38 changes: 38 additions & 0 deletions examples/custom-resources/transport-server-sni/mongo.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:latest
ports:
- containerPort: 27017
volumeMounts:
- name: storage
mountPath: /data/db
volumes:
- name: storage
emptyDir: {}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: tcp-echo-server
spec:
replicas: 1
selector:
matchLabels:
app: tcp-echo-server
template:
metadata:
labels:
app: tcp-echo-server
spec:
containers:
- name: tcp-echo-server
image: alpine
command: ["/bin/sh"]
args:
- -c
- nc -lk -p 7000 -e /bin/cat
ports:
- containerPort: 7000
---
apiVersion: v1
kind: Service
metadata:
name: tcp-echo-service
spec:
selector:
app: tcp-echo-server
ports:
- protocol: TCP
port: 7000
targetPort: 7000
type: ClusterIP
Loading