Open ThijsFeryn opened 3 months ago
This is sorta supported right now with extraContainers
, but we're definitely looking into adding a native support for it. The bit about certificate needs some thinking, though.
PROXY protocol is already supported via extraListens
(also mentioned in the docs: https://github.com/varnish/helm-varnish-cache/tree/main/varnish-cache#extra-listens-and-extra-services).
Due to hitch being quite different from the in-core TLS offering, I'm still not sure if we should match the settings one-to-one, and opt for our standard configuration style for sidecar (server.<component>.*
) instead. This way we can backport Hitch support to Enterprise as well.
No ETA on this, but it's planned.
Planned for 1.2.0
Please provide TLS support by adding an extra sidecar in the pod for Hitch.
8443
and the service can expose that over443
--backend
parameter can be used to connect to Varnish, possibly over UDS instead of TCP--frontend
parameter can be used to listen on port8443
and to set the location of the TLS certificate--write-proxy-v2
flag can be enabled to communicate with Varnish using thePROXY
protocol. This only works if there's an interface on Varnish that listens to PROXY traffic--alpn-protos
option can be used to offer HTTP/2 supportPlease also make sure the way to enable TLS matches the syntax of the Varnish Enterprise Helm Chart. This means providing the following Helm config overrides:
Thanks for considering.