search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.07k stars 436 forks source link

Expose DFP allow_insecure_cluster_options in Gloo API #8314

Open bdecoste opened 1 year ago

bdecoste commented 1 year ago

Version

None

Is your feature request related to a problem? Please describe.

We are trying to use DynamicForwardProxy to access upstreams over HTTPS. However, with httpGateway.options.dynamicForwardProxy.sslConfig: {} the upstream connection from envoy fails with CERTIFICATE_VERIFY_FAILED.

Describe the solution you'd like

Expose Envoy's allow_insecure_cluster_options (https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto#extensions-clusters-dynamic-forward-proxy-v3-clusterconfig) through the Gloo API to allow for insecure HTTPS upstreams.

Describe alternatives you've considered

None

Additional Context

No response

SantoDE commented 1 year ago

We need to figure out how far to back port

ashutosh887 commented 1 year ago

Please let me work on this @bdecoste

github-actions[bot] commented 3 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.