Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for TLS Passthrough using TLSRoutes #2356

Merged
merged 7 commits into from
Aug 9, 2024

Conversation

sarthyparty
Copy link
Contributor

@sarthyparty sarthyparty commented Aug 8, 2024

Proposed changes

Problem: As a user of NKG, I want to enable TLS Passthrough for my application's endpoints, so that I can achieve end-to-end encryption for my incoming traffic, and so that I do not have to manage certificates at the Gateway.

Solution: Allow users to configure TLS Passthrough for their apps using TLSRoute. Adds basic support for TLSRoute. Cross-namespace routing via ReferenceGrants, traffic splitting, and TLS termination use case will be added in a future release.

Note that the stream conf volume are always enabled in the deployment.yaml because our nginx conf reads from it. If the file did not exist then nginx will error.

Closes #686

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

Add support for TLS Passthrough using TLSRoutes

Update nginx template for TLS passthrough

Problem: nginx configuration templates didn't support TLS passthrough

Solution: I added a template setup fro stream servers
Problem: TLSRoute was not supported by NGF.

Solution: Watched for changes to TLSRoutes, added validation and tests, added TLSRoute to graph, and converted Kubernetes TLSRoute spec to nginx config.
@github-actions github-actions bot added enhancement New feature or request helm-chart Relates to helm chart labels Aug 8, 2024
Copy link

codecov bot commented Aug 8, 2024

Codecov Report

Attention: Patch coverage is 99.16107% with 5 lines in your changes missing coverage. Please review.

Project coverage is 88.88%. Comparing base (2ed7d4a) to head (3576853).

Files Patch % Lines
internal/mode/static/manager.go 28.57% 5 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2356      +/-   ##
==========================================
+ Coverage   88.07%   88.88%   +0.80%     
==========================================
  Files          97      100       +3     
  Lines        6996     7509     +513     
  Branches       50       50              
==========================================
+ Hits         6162     6674     +512     
- Misses        777      780       +3     
+ Partials       57       55       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kate-osborn kate-osborn changed the title Feature/tls passthrough Add support for TLS Passthrough using TLSRoutes Aug 9, 2024
@kate-osborn kate-osborn marked this pull request as ready for review August 9, 2024 14:57
@kate-osborn kate-osborn requested a review from a team as a code owner August 9, 2024 14:57
Copy link
Contributor

@kate-osborn kate-osborn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@sjberman
Copy link
Collaborator

sjberman commented Aug 9, 2024

Be sure when squashing to use the PR description as the commit message :)

@sarthyparty sarthyparty enabled auto-merge (squash) August 9, 2024 16:25
@sarthyparty sarthyparty disabled auto-merge August 9, 2024 16:26
@sarthyparty sarthyparty enabled auto-merge (squash) August 9, 2024 16:27
@sarthyparty sarthyparty merged commit 8753459 into main Aug 9, 2024
44 checks passed
@sarthyparty sarthyparty deleted the feature/tls-passthrough branch August 9, 2024 16:36
miledxz added a commit to miledxz/nginx-gateway-fabric that referenced this pull request Jan 14, 2025
Problem: As a user of NKG, I want to enable TLS Passthrough for my application's endpoints, so that I can achieve end-to-end encryption for my incoming traffic, and so that I do not have to manage certificates at the Gateway.

Solution: Allow users to configure TLS Passthrough for their apps using TLSRoute. Adds basic support for TLSRoute. Cross-namespace routing via ReferenceGrants, traffic splitting, and TLS termination use case will be added in a future release.

Note that the stream conf volume are always enabled in the deployment.yaml because our nginx conf reads from it. If the file did not exist then nginx will error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request helm-chart Relates to helm chart release-notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TLS Passthrough for Listeners
4 participants