-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #20930 - expose path for HTTPS endpoints #21134
base: main
Are you sure you want to change the base?
Fixes #20930 - expose path for HTTPS endpoints #21134
Conversation
Hi @david-yu / @huikang / @jkirschner-hashicorp , Kindly take this PR for review. |
@vijayraghav-io thanks for the PR. Do we need these fields to be set in config for HTTPS -> HTTPS ? I would expect it should be possible to simply not terminate TLS at all. And if it does terminate TLS, why do we need the keyFile? Can we not have envoy trust the provided CA and expose HTTP? As in HTTP -> HTTPS |
@Cottand Thanks for your comments Yes, as an option, HTTPS passthrough i.e. without terminating TLS and using normal TCP_Proxy can be provided. Updated to accommodate this. For this For terminating TLS, yes its a good suggestion to have envoy trust the provided CA, let me get a collective feedback from other reviewers as well if any before updating. |
Description
fixes #20930
Added 3 parameters CAFile, CertFile, KeyFile to ServiceDefinition -> Proxy -> Expose -> Path.
In case of HTTPS path , these 3 parameters are used to configure envoy and allow HTTPS -> HTTPS traffic for external service path to be exposed.
Testing & Reproduction steps
refer #20930 for reproduction scenario
Links
PR Checklist