search

envoyproxy / gateway

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway
https://gateway.envoyproxy.io
Apache License 2.0
1.64k stars 356 forks source link

Support TLS.FrontendValidation within the Gateway spec #3316

Open arkodg opened 7 months ago

arkodg commented 7 months ago

Description:

Describe the desired behavior, what scenario it enables and how it would be used.

Support the new Client Cert Validation field introduced by upstream https://gateway-api.sigs.k8s.io/geps/gep-91/

Its the same feature as https://github.com/envoyproxy/gateway/issues/88, and has been implemented in the project using ClientTrafficPolicy, so the translation can be reused

[optional Relevant Links:]

Any extra documentation required to understand the issue.

arkodg commented 7 months ago

blocked on https://github.com/envoyproxy/gateway/issues/3265

zufardhiyaulhaq commented 6 months ago

I am interested in working on this feature. want to understand which one to prioritize if gateway API enable but we are not enabling it on ClientTraficPolicy?

zufardhiyaulhaq commented 6 months ago

let me finish #3202 before working on this one

arkodg commented 6 months ago

I am interested in working on this feature. want to understand which one to prioritize if gateway API enable but we are not enabling it on ClientTraficPolicy?

@zufardhiyaulhaq we'll need to simultaneously support both fields, until there is complete feature parity in upstream

zufardhiyaulhaq commented 6 months ago

@arkodg @shawnh2 after checking the spec https://gateway-api.sigs.k8s.io/geps/gep-91/ seems there are no optional features there. which means that if ClientTrafficPolicy set the optional to true, we need to rewrite it to true right?

zufardhiyaulhaq commented 6 months ago

@arkodg 

@zufardhiyaulhaq we'll need to simultaneously support both fields, until there is complete feature parity in upstream

which one to be used if different secret is being used on Gateway object & ClientTrafficPolicy object? do we need to merge the certificate?

arkodg commented 6 months ago

yah lets merge/append the caCerts , this will help with migration in the future

github-actions[bot] commented 5 months ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.