Open alshain opened 2 weeks ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Oh well, I had searched but couldn't find anything, already reported: https://github.com/kubernetes/ingress-nginx/issues/11424
Sorry about that.
This is a complicated one so I think info coming from 2 is helpful
I believe I stumbled over a problem related to tldr.fail, where SNI extraction might fail with large TLS ClientHellos and SSL-passthrough.
Due to a race condition when reading the buffer used for the SNI extraction, the extraction fails but the failure is ignored and we default to the default proxy target.
https://github.com/kubernetes/ingress-nginx/blob/44e550ea72f673fadeae0559a773feb9cbf3eec6/pkg/tcpproxy/tcp.go#L65