 |
 |
|---|
Based on original work tlsrouter by Google.
Experimental Multi-hop SNI routing for unbroken end-2-end TLS encrypted API calls (e.g. to a Kubernetes SNI enabled Ingress Controller).
# Examples:
#
# Route by region
# **.uk ukrelay.example.com:443
#
# Route by Ingress Controller
# *.mycustomer.uk ingress.customer.com:443
# at this point the Kubernetes SNI Ingress Controller can route to the
# requested service internally.
Fire up two mock SNI routers in Vagrant
vagrant upBuild snimultihop:
vagrant ssh snimultihop-dev-1
vagrant> cd go/src/github.com/gbevan/snimultihop
vagrant> go build .Start SNI router 1 still in vagrant snimultihop-dev-1 from above:
vagrant> ./snimultihop -conf test-1.conf -listen :8443and in another terminal
vagrant ssh snimultihop-dev-2
vagrant> ./snimultihop -conf test-2.conf -listen :8443The test2.conf points to my kubernetes SNI ingress for testing.
Curl example:
curl -sSk \
--resolve snivault.default.pod:8443:127.0.0.1 \
https://snivault.default.pod:8443/v1/sys/health \
| jq{
"initialized": true,
"sealed": false,
"standby": true,
"performance_standby": false,
"replication_performance_mode": "disabled",
"replication_dr_mode": "disabled",
"server_time_utc": 1552751306,
"version": "0.11.4",
"cluster_name": "vault-cluster-f5b81a91",
"cluster_id": "aa52cbab-fa12-edb0-16e0-9586c6af415d"
}