Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS: with static certificates #173

Merged
merged 13 commits into from
Jan 12, 2022
Merged

TLS: with static certificates #173

merged 13 commits into from
Jan 12, 2022

Conversation

kylehodgetts
Copy link
Contributor

@kylehodgetts kylehodgetts commented Jan 10, 2022
edited
Loading

This PR closes #33

Changes

Adds support for specifying TLS options in an EnvoyFleet

  • an array of CipherSuites
  • TLS min and max versions
  • an array of cert and key pairs

Testing

  • make create-env
  • Wait for everything to become healthy (ensure cert-manager is installed)
  • Apply issuer.yaml and certificate.yaml (below)
  • Uncomment TLS and tlsSecrets options in the default EnvoyFleet. Leave cipherSuites and min/max versions commented out.
  • Reapply kubectl apply -f config/samples/gateway_v1_envoyfleet.yaml
  • Install the TODOMVC application
  • Hit the application on HTTPS

issuer.yaml

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: default
spec:
  selfSigned: {}
EOF

certificate.yaml

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-cert
  namespace: default
spec:
  dnsNames:
    - todomvc.com
  secretName: my-cert
  issuerRef:
    name: test-selfsigned
EOF

Checklist

  • tested locally
  • added new dependencies
  • updated the docs
  • added a test

Tarick
Tarick reviewed Jan 10, 2022
View reviewed changes
envoy/config/listener.go Outdated Show resolved Hide resolved
Tarick
Tarick reviewed Jan 11, 2022
View reviewed changes
api/v1alpha1/envoyfleet_types.go Show resolved Hide resolved
config/samples/gateway_v1_envoyfleet.yaml Outdated Show resolved Hide resolved
api/v1alpha1/envoyfleet_types.go Outdated Show resolved Hide resolved
@kylehodgetts kylehodgetts marked this pull request as ready for review January 12, 2022 14:29
@kylehodgetts kylehodgetts changed the title Kylehodgetts/feature/tls TLS: with static certificates Jan 12, 2022
@kylehodgetts kylehodgetts requested a review from dobegor January 12, 2022 14:31
Tarick
Tarick suggested changes Jan 12, 2022
View reviewed changes
config/crd/bases/gateway.kusk.io_envoyfleet.yaml Outdated Show resolved Hide resolved
api/v1alpha1/envoyfleet_types.go Show resolved Hide resolved
Tarick
Tarick suggested changes Jan 12, 2022
View reviewed changes
config/samples/gateway_v1_envoyfleet.yaml Outdated Show resolved Hide resolved
@kylehodgetts kylehodgetts merged commit 8800a0a into main Jan 12, 2022
@kylehodgetts kylehodgetts deleted the kylehodgetts/feature/tls branch January 12, 2022 15:08
Tarick pushed a commit that referenced this pull request Jan 14, 2022
@Tarick
TLS: with static certificates (#173)
63fd201 
Adds support for specifying TLS options in an EnvoyFleet
* an array of CipherSuites
* TLS min and max versions
* an array of cert and key pairs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tarick Tarick Tarick approved these changes

@dobegor dobegor Awaiting requested review from dobegor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TLS: with static certificates
2 participants
@kylehodgetts @Tarick