Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial TLSRoute support #10601

Merged
merged 48 commits into from
Feb 24, 2025
Merged

initial TLSRoute support #10601

merged 48 commits into from
Feb 24, 2025

Conversation

puertomontt
Copy link

@puertomontt puertomontt commented Feb 8, 2025
edited
Loading

Description

Adds initial support for TLSRoutes. TLSRoutes are similar to TCPRoutes, but the distinction between them is that TLSRoutes allows routing decisions by SNI. See docs.

This PR adds support for TLS Passthrough on a TLS listener using a TLSRoute.

API changes

Code changes

CI changes

Docs changes

Context

Interesting decisions

Testing steps

Notes for reviewers

This PR doesn't add TLS support for TCPRoutes (kgateway-dev#10621)

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@puertomontt
Copy link
Author

/kick-ci

@puertomontt puertomontt changed the title Puertomontt/tls route initial TLSRoute support Feb 13, 2025
danehans
danehans requested changes Feb 14, 2025
View reviewed changes
projects/gateway2/query/httproute.go
@@ -128,6 +128,8 @@ func (r *gatewayQueries) GetRouteChain(
case *gwv1a2.TCPRoute:
backends = r.resolveRouteBackends(ctx, typedRoute)
// TODO (danehans): Should TCPRoute delegation support be added in the future?
case *gwv1a2.TLSRoute:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@puertomontt can you create an issue to rename projects/gateway2/query/httproute.go to projects/gateway2/query/route.go and link to this PR?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#10621

projects/gloo/pkg/plugins/tcp/plugin.go Outdated
@@ -248,6 +248,16 @@ func (p *plugin) computeTcpFilterChain(
}, nil
}

// needed to handle passthrough
if sslConfig.GetSslSecrets() == nil && len(sslConfig.GetSniDomains()) != 0 {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Call len(sslConfig.GetSniDomains() once and store the results in a var. Then you can use the var here and in L256.

@solo-changelog-bot
Copy link

Issues linked to changelog:
kgateway-dev#10074

nfuden
nfuden approved these changes Feb 24, 2025
View reviewed changes
Copy link
Collaborator

@nfuden nfuden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good.

The build bot failure seems to be a known issue docker/buildx#1170

@puertomontt puertomontt enabled auto-merge (squash) February 24, 2025 16:48
@nfuden
Copy link
Collaborator

nfuden commented Feb 24, 2025

/skip-ci temporary qemu issues

@puertomontt puertomontt merged commit c03f3c5 into main Feb 24, 2025
20 checks passed
@puertomontt puertomontt deleted the puertomontt/tls-route branch February 24, 2025 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danehans danehans danehans approved these changes

@nfuden nfuden nfuden approved these changes

Assignees
No one assigned
Labels
keep pr updated needs-port-k8s work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@puertomontt @nfuden @danehans @lgadban