This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
Support Ingress controllers with mTLS on them #3582
Assignees
Labels
area/ingress
Ingress functionality
Comments
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 14, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 14, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm-docs
that referenced
this issue
Jun 15, 2021
Documents inbound port exclusions for sidecar traffic interception. Required for openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
whitneygriffith
pushed a commit
to whitneygriffith/osm
that referenced
this issue
Jun 16, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
whitneygriffith
pushed a commit
to whitneygriffith/osm
that referenced
this issue
Jun 16, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
whitneygriffith
pushed a commit
to whitneygriffith/osm
that referenced
this issue
Jun 16, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 17, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` annotation. Also addresses an unnecessary type export and unused variable variable. Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 17, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` label. Also addresses an unnecessary type export and makes unusued variable usage explicit. Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 17, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` label. Also addresses an unnecessary type export and makes unusued variable usage explicit. Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 17, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` label. Also addresses an unnecessary type export and makes unusued variable usage explicit. Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm-docs
that referenced
this issue
Jun 17, 2021
Documents how to ignore an ingress resource. Part of openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm-docs
that referenced
this issue
Jun 17, 2021
Documents how to ignore an ingress resource. Part of openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 18, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm
that referenced
this issue
Jun 18, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` label. Also addresses an unnecessary type export and makes unusued variable usage explicit. Signed-off-by: Shashank Ram <[email protected]>
whitneygriffith
pushed a commit
to whitneygriffith/osm
that referenced
this issue
Jun 18, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm-docs
that referenced
this issue
Jun 18, 2021
Documents inbound port exclusions for sidecar traffic interception. Required for openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
shashankram
added a commit
to shashankram/osm-docs
that referenced
this issue
Jun 18, 2021
Documents how to ignore an ingress resource. Part of openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
bridgetkromhout
pushed a commit
to openservicemesh/osm-docs
that referenced
this issue
Jun 21, 2021
* traffic/iptables: inbound port exclusions Documents inbound port exclusions for sidecar traffic interception. Required for openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]> * ingress: document ignore label Documents how to ignore an ingress resource. Part of openservicemesh/osm#3582 Signed-off-by: Shashank Ram <[email protected]>
|
This is done, and the changes have been backported to release-v0.9 to be available in the v0.9.1 release. Relevant documentation: |
shalier
pushed a commit
to shalier/osm
that referenced
this issue
Jun 30, 2021
Similar to outbound port exclusions (global and pod scoped), this change adds support to exclude specified ports from inbound sidecar redirection. This is required in certain scenarios when traffic destined to certain ports should not be proxied to the sidecar (ex. ports that terminate TLS connections in the app). Required for openservicemesh#3582 Signed-off-by: Shashank Ram <[email protected]>
shalier
pushed a commit
to shalier/osm
that referenced
this issue
Jun 30, 2021
As a part of openservicemesh#3582, specific ingress resources need to be ignored. This change adds support for this using the existing `openservicemesh.io/ignore` label. Also addresses an unnecessary type export and makes unusued variable usage explicit. Signed-off-by: Shashank Ram <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Please describe the Improvement and/or Feature Request
Blindly allow traffic to flow into the ingress controller, however add mTLS to the http sessions from the controller to the servers that the ingress forwards to.
public -> (allow *) (nginx) -> (OSM mTLS) webservers
I want to inject OSM into the ingress controller, and annotate it with please pass through data to ingress controller, however do mTLS on outgoing sessions.
Scope (please mark with X where applicable)
Possible use cases
In my usecase
** Problems **
The text was updated successfully, but these errors were encountered: