Add support for TLS Passthrough using TLSRoutes #2356
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update nginx template for TLS passthrough Problem: nginx configuration templates didn't support TLS passthrough Solution: I added a template setup fro stream servers
Problem: TLSRoute was not supported by NGF. Solution: Watched for changes to TLSRoutes, added validation and tests, added TLSRoute to graph, and converted Kubernetes TLSRoute spec to nginx config.
github-actions
bot
added
enhancement
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2356 +/- ##
==========================================
+ Coverage 88.07% 88.88% +0.80%
==========================================
Files 97 100 +3
Lines 6996 7509 +513
Branches 50 50
==========================================
+ Hits 6162 6674 +512
- Misses 777 780 +3
+ Partials 57 55 -2 ☔ View full report in Codecov by Sentry. |
kate-osborn
requested changes
Aug 9, 2024
kate-osborn
changed the title
sjberman
reviewed
Aug 9, 2024
sjberman
reviewed
Aug 9, 2024
sjberman
approved these changes
Aug 9, 2024
|
Be sure when squashing to use the PR description as the commit message :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
Problem: As a user of NKG, I want to enable TLS Passthrough for my application's endpoints, so that I can achieve end-to-end encryption for my incoming traffic, and so that I do not have to manage certificates at the Gateway.
Solution: Allow users to configure TLS Passthrough for their apps using TLSRoute. Adds basic support for TLSRoute. Cross-namespace routing via ReferenceGrants, traffic splitting, and TLS termination use case will be added in a future release.
Note that the stream conf volume are always enabled in the deployment.yaml because our nginx conf reads from it. If the file did not exist then nginx will error.
Closes #686
Checklist
Before creating a PR, run through this checklist and mark each as complete.
Release notes
If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.