search

kubernetes-sigs / gateway-api

Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.
https://gateway-api.sigs.k8s.io
Apache License 2.0
1.86k stars 484 forks source link

Add BackendTLSPolicy support for GRPCRoute objects #3087

Open wimnat opened 6 months ago

wimnat commented 6 months ago

What would you like to be added:

In GEP-1897, the document states:

TCPRoute and GRPCRoute use cases are not addressed here, because at this point in time these two route types are not graduated to beta.

Now that GPRCRoute has graduated to v1 , I think that it should be possible to add a BackendTLSPolicy that matches on GRPCRoute objects.

Why this is needed:

Without this change, any GRPC service that is running with a TLS enabled port can not be accessed via a GPRCRoute and instead the user must fall back to using an HTTPRoute resource with the appropriate BackendTLSPolicy.

Also discussed in Slack here

k8s-triage-robot commented 3 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

wimnat commented 3 months ago

/remove-lifecycle stale

xtineskim commented 3 months ago

As replied to in the sig-network-gateway-api thread by @candita , GRPCRoute's interaction with BackendTLSPolicy is currently implementation dependent (https://gateway-api.sigs.k8s.io/geps/gep-1897/#how-a-client-behaves)

k8s-triage-robot commented 1 week ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale