integration test: mTLS for opaque TCP traffic

linkerd / linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.

https://linkerd.io

Apache License 2.0

10.59k stars 1.27k forks source link

integration test: mTLS for opaque TCP traffic #3515

Open olix0r opened 4 years ago

olix0r commented 4 years ago

Write an integration test that ensures that a client proxy records the proper metrics (i.e. reflecting mutual identity, pod metadata) when a client application makes an opaque TCP connection to a meshed server.

We should test at least:

Kubernetes Service IPs;
Individual pod IPs.

krzysztofdrys commented 2 years ago

How is this different from the tests already present in test/integration/deep/opaqueports? 🤔 Aren't they doing exactly this?

mateiidavid commented 2 years ago

Yeah I think you're right @krzysztofdrys, this seems to already be covered. We test that client apps have expected metrics. I'll go ahead and close this.

mateiidavid commented 2 years ago

Well, seems that we were wrong :D The opaque ports tests we currently have all check whether an inbound TCP connection has been opened on the server. We can probably do the same for clients to be sure outbound conn metrics are properly recorded. Going to re-open this.