feat: Add initial support for SSL termination for TransportServer #3462

ciarams87 · 2023-01-19T18:15:58Z

Proposed changes

Add initial support for SSL termination for TransportServer. Note this PR supports TLS termination on multiple ports, where each application owns a dedicated port: the Ingress Controller terminates TLS connections on each port, where each application uses its own cert/key, and routes connections to appropriate application (service) based on that incoming port (any TLS connection regardless of the SNI on a port will be routed to the application that corresponds to that port). Future work will include support for routing TCP connections to an appropriate application (service) based on the SNI of the connection.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

I have read the CONTRIBUTING doc
I have added tests that prove my fix is effective or that my feature works
I have checked that all unit tests pass after adding my changes
I have updated necessary documentation
I have rebased my branch onto main
I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

tests/suite/test_transport_server_tcp_load_balance.py

codecov-commenter · 2023-01-20T14:30:47Z

Codecov Report

Merging #3462 (880ea6b) into main (652aeb5) will increase coverage by 0.08%.
The diff coverage is 82.53%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main    #3462      +/-   ##
==========================================
+ Coverage   52.17%   52.25%   +0.08%     
==========================================
  Files          59       59              
  Lines       16772    16834      +62     
==========================================
+ Hits         8750     8797      +47     
- Misses       7727     7740      +13     
- Partials      295      297       +2

Impacted Files	Coverage Δ
internal/k8s/controller.go	`11.97% <0.00%> (-0.05%)`	⬇️
internal/configs/transportserver.go	`97.90% <100.00%> (+0.37%)`	⬆️
...g/apis/configuration/validation/transportserver.go	`96.80% <100.00%> (+0.17%)`	⬆️
internal/k8s/configuration.go	`95.43% <0.00%> (-0.37%)`	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

jasonwilliams14

This looks good. I have a few items that we can look at to your design document for additional items to add down the road.

shaun-nx

👍

github-actions bot added enhancement Pull requests for new features/feature enhancements helm_chart Pull requests that update the Helm Chart tests Pull requests that update tests labels Jan 19, 2023

github-advanced-security bot found potential problems Jan 19, 2023

View reviewed changes

tests/suite/test_transport_server_tcp_load_balance.py Fixed Show fixed Hide fixed

ciarams87 force-pushed the feat/ssl-transport-server branch 4 times, most recently from fc1bd9b to aa8f68c Compare January 20, 2023 14:30

ciarams87 marked this pull request as ready for review January 20, 2023 14:32

ciarams87 requested a review from a team as a code owner January 20, 2023 14:32

ciarams87 requested review from lucacome, haywoodsh and shaun-nx January 20, 2023 14:32

ciarams87 force-pushed the feat/ssl-transport-server branch 3 times, most recently from d8c03af to 91c1740 Compare January 23, 2023 12:32

ciarams87 changed the title ~~feat: Add support for SSL termination for TransportServer~~ feat: Add initial support for SSL termination for TransportServer Jan 24, 2023

ciarams87 force-pushed the feat/ssl-transport-server branch from 91c1740 to 0d2c233 Compare January 25, 2023 10:21

ciarams87 requested a review from jasonwilliams14 January 30, 2023 16:41

ciarams87 force-pushed the feat/ssl-transport-server branch from 0d2c233 to a1962c7 Compare January 30, 2023 16:42

jasonwilliams14 reviewed Jan 31, 2023

View reviewed changes

ciarams87 force-pushed the feat/ssl-transport-server branch from a1962c7 to e59ba83 Compare February 15, 2023 10:47

shaun-nx approved these changes Feb 15, 2023

View reviewed changes

vepatel approved these changes Feb 15, 2023

View reviewed changes

ciarams87 force-pushed the feat/ssl-transport-server branch from e59ba83 to 738d784 Compare February 16, 2023 16:06

github-actions bot added the documentation Pull requests/issues for documentation label Feb 16, 2023

ciarams87 added 2 commits February 17, 2023 10:58

Add support for SSL termination for TransportServer

49ebcf5

Add docs

6ee37c0

ciarams87 force-pushed the feat/ssl-transport-server branch from 880ea6b to 6ee37c0 Compare February 17, 2023 10:59

ciarams87 merged commit 07a53b6 into main Feb 17, 2023

ciarams87 deleted the feat/ssl-transport-server branch February 17, 2023 14:17

brianehlert mentioned this pull request Jun 22, 2023

SSL termination for TCP loadbalancing #831

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: Add initial support for SSL termination for TransportServer #3462

feat: Add initial support for SSL termination for TransportServer #3462

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

feat: Add initial support for SSL termination for TransportServer #3462

feat: Add initial support for SSL termination for TransportServer #3462

Uh oh!

Conversation

Uh oh!

Proposed changes

Checklist

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!