Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLSRoute with expression router #4540

Closed
1 of 3 tasks
Tracked by #4312
randmonkey opened this issue Aug 21, 2023 · 4 comments · Fixed by #4574
Closed
1 of 3 tasks
Tracked by #4312

Support TLSRoute with expression router #4540

randmonkey opened this issue Aug 21, 2023 · 4 comments · Fixed by #4574
Labels
area/gateway-api Relating to upstream Kubernetes SIG Networking Gateway API
Milestone
KIC v3.0.x

Comments

@randmonkey
Copy link
Contributor

randmonkey commented Aug 21, 2023
edited by rainest
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Problem Statement

Split out of #4312
Kong 3.4 added support of expression router in L4 proxy. We could implement support of TLSRoute in gateway APIs.

Proposed Solution

  • Translate TLSRoute into expression based Kong route when ExpressionRoutes feature gate is enabled, and Kong uses expression router

Additional information

No response

Acceptance Criteria

  • KIC could translate TLSRoute to expression based Kong routes against Kong 3.4+ running with expression router
  • TestTCPIngressTLSPassthrough works as well.
@randmonkey randmonkey added the area/gateway-api Relating to upstream Kubernetes SIG Networking Gateway API label Aug 21, 2023
@randmonkey randmonkey added this to the KIC v2.12.0 milestone Aug 21, 2023
This was referenced Aug 21, 2023
Closed
Merged
@randmonkey randmonkey assigned randmonkey and unassigned randmonkey Aug 21, 2023
@randmonkey
Copy link
Contributor Author

randmonkey commented Aug 21, 2023
edited
Loading

assigned to @rodman10. I could not assign to a contributor out of our organization, so @rodman10 if you are still willing to do this, please assign it to yourself.

@randmonkey randmonkey assigned randmonkey and unassigned randmonkey Aug 23, 2023
@rodman10 rodman10 mentioned this issue Aug 28, 2023
Merged
1 task
@rainest
Copy link
Contributor

rainest commented Sep 8, 2023

Piggybacking the TCPIngress TLS passthrough on this. TCPIngress otherwise works in #4612 and the issue with passthrough not matching will presumably have the same fix for both TLSRoute and TCPIngress.

@rainest rainest mentioned this issue Sep 8, 2023
Merged
1 task
@rainest
Copy link
Contributor

rainest commented Sep 11, 2023

This requires a gateway change: Kong/kong#11538

Our implementation isn't expected to change. We add expression SNI criteria if the route object contains traditional SNI values already.

TLSRoute will require removing the not supported abort.

TCPIngress with TLS passthrough already creates routes that will match after the fix following #4612, and will only require enabling the tests.

Dunno how we want to handle this for 2.12, since I don't expect the gateway fix to be released by then. We could add the functionality anyway without enabling tests with the expectation that it will work on a fixed gateway release.

@mflendrich
Copy link
Contributor

Blocked by Kong/kong#11538 as Travis mentioned (likely to come in Kong 3.4.1)

@mflendrich mflendrich modified the milestones: KIC v2.12.0, KIC v3.0.0 Sep 20, 2023
@programmer04 programmer04 mentioned this issue Sep 25, 2023
Closed
7 tasks
@mflendrich mflendrich mentioned this issue Oct 2, 2023
Closed
2 tasks
@pmalek pmalek mentioned this issue Oct 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/gateway-api Relating to upstream Kubernetes SIG Networking Gateway API
Projects
None yet
Milestone
KIC v3.0.x
Development

Successfully merging a pull request may close this issue.

feat: support tls expression route. rodman10/kubernetes-ingress-controller
3 participants
@rainest @mflendrich @randmonkey