Upload certificate to Certificate Library for virtual service HTTPS #379
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
SSL termination is done at envoy pod, then internal nginx ingress passthrough request to envoy pods by DNS fqdn. Certificate is generated by cert-manager. Cert is used for mTLS authentification. This setup works on Openshift with its HAPROXY passthrough route (as ingress).
And client IP preserving is needed. On VCD X-Forwarded-For works for HTTP virtual service.
For HTTPS virtual service i don't know, you need certificate, but how to manage short lived certificate in VCD certificate library?
If SSL passthrough with annotation disables appProtocol. So LB is created as L4 even service port have appProtocol: http/s
service.beta.kubernetes.io/vcloud-avi-ssl-no-termination: "true"
Describe the solution you'd like
If it solves anything, make upload certificate secret to Certificate library using some annotation
Describe alternatives you've considered
Use "Preserve Client IP" but it is needs AVI stack redeployment and another can of worms :)
Additional context
No response
The text was updated successfully, but these errors were encountered: