Skip to content

feat: allow TLS termination for TLSRoute #7676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
NomadXD wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: allow TLS termination for TLSRoute #7676

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eeebf80
feat: allow TLS termination for TLSRoute
NomadXD Dec 4, 2025
e49bdb7
update certs with hosts added to SAN
NomadXD Dec 5, 2025
5133d3d
fix unit test invalid cert format
NomadXD Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/gatewayapi/listener.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
case gwapiv1.TLSModePassthrough:
t.validateAllowedRoutes(listener, resource.KindTLSRoute)
case gwapiv1.TLSModeTerminate:
t.validateAllowedRoutes(listener, resource.KindTCPRoute)
t.validateAllowedRoutes(listener, resource.KindTCPRoute, resource.KindTLSRoute)
default:
t.validateAllowedRoutes(listener, resource.KindTCPRoute, resource.KindTLSRoute)
}
Expand Down
28 changes: 23 additions & 5 deletions internal/gatewayapi/route.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1356,15 +1356,33 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour
hasHostnameIntersection = true

irKey := t.getIRKey(listener.gateway.Gateway)

gwXdsIR := xdsIR[irKey]
irListener := gwXdsIR.GetTCPListener(irListenerName(listener))
if irListener != nil {
var tlsConfig *ir.TLS
if irListener.TLS != nil {
// Listener is in terminate mode.
tlsConfig = &ir.TLS{
Terminate: irListener.TLS,
}
// If hostnames specified, add SNI config for routing
if len(hosts) > 0 {
tlsConfig.TLSInspectorConfig = &ir.TLSInspectorConfig{
SNIs: hosts,
}
}
} else {
// Passthrough mode - only SNI inspection
tlsConfig = &ir.TLS{
TLSInspectorConfig: &ir.TLSInspectorConfig{
SNIs: hosts,
},
}
}

irRoute := &ir.TCPRoute{
Name: irTCPRouteName(tlsRoute),
TLS: &ir.TLS{TLSInspectorConfig: &ir.TLSInspectorConfig{
SNIs: hosts,
}},
TLS: tlsConfig,
Destination: &ir.RouteDestination{
Name: destName,
Settings: destSettings,
Expand All @@ -1385,7 +1403,7 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour
gwapiv1.RouteConditionAccepted,
metav1.ConditionFalse,
gwapiv1.RouteReasonNoMatchingListenerHostname,
"There were no hostname intersections between the HTTPRoute and this parent ref's Listener(s).",
"There were no hostname intersections between the TLSRoute and this parent ref's Listener(s).",
)
}

Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand Down
6 changes: 6 additions & 0 deletions internal/gatewayapi/testdata/clienttrafficpolicy-invalid-settings.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand Down Expand Up @@ -365,6 +367,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 0
conditions:
- lastTransitionTime: null
Expand Down Expand Up @@ -501,6 +505,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 0
conditions:
- lastTransitionTime: null
Expand Down
2 changes: 2 additions & 0 deletions ...nal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification-expired-crl.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand Down
4 changes: 4 additions & 0 deletions ...al/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
Expand All @@ -76,6 +78,8 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
Expand Down
50 changes: 50 additions & 0 deletions internal/gatewayapi/testdata/tlsroute-with-tls-terminate-hostname-match.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
namespace: envoy-gateway
name: gateway-1
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: tls
hostname: "*.example.com"
protocol: TLS
port: 90
tls:
certificateRefs:
- group: ""
kind: Secret
name: tls-secret-1
mode: Terminate
allowedRoutes:
namespaces:
from: All
tlsRoutes:
- apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
namespace: default
name: tlsroute-1
spec:
parentRefs:
- namespace: envoy-gateway
name: gateway-1
sectionName: tls
hostnames:
- "foo.example.com"
rules:
- backendRefs:
- name: service-1
port: 8080

secrets:
- apiVersion: v1
kind: Secret
metadata:
namespace: envoy-gateway
name: tls-secret-1
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
184 changes: 184 additions & 0 deletions internal/gatewayapi/testdata/tlsroute-with-tls-terminate-hostname-match.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,184 @@
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway-1
namespace: envoy-gateway
spec:
gatewayClassName: envoy-gateway-class
listeners:
- allowedRoutes:
namespaces:
from: All
hostname: '*.example.com'
name: tls
port: 90
protocol: TLS
tls:
certificateRefs:
- group: ""
kind: Secret
name: tls-secret-1
mode: Terminate
status:
listeners:
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: null
message: Listener has been successfully translated
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: null
message: Listener references have been resolved
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: tls
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- group: gateway.networking.k8s.io
kind: TLSRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
listeners:
- address: null
name: envoy-gateway/gateway-1/tls
ports:
- containerPort: 10090
name: tls-90
protocol: TLS
servicePort: 90
metadata:
labels:
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
ownerReference:
kind: GatewayClass
name: envoy-gateway-class
name: envoy-gateway/gateway-1
namespace: envoy-gateway-system
tlsRoutes:
- apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: tlsroute-1
namespace: default
spec:
hostnames:
- foo.example.com
parentRefs:
- name: gateway-1
namespace: envoy-gateway
sectionName: tls
rules:
- backendRefs:
- name: service-1
port: 8080
status:
parents:
- conditions:
- lastTransitionTime: null
message: Route is accepted
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: null
message: Resolved all the Object references for the Route
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
controllerName: gateway.envoyproxy.io/gatewayclass-controller
parentRef:
name: gateway-1
namespace: envoy-gateway
sectionName: tls
xdsIR:
envoy-gateway/gateway-1:
accessLog:
json:
- path: /dev/stdout
globalResources:
proxyServiceCluster:
metadata:
kind: Service
name: envoy-envoy-gateway-gateway-1-196ae069
namespace: envoy-gateway-system
sectionName: "8080"
name: envoy-gateway/gateway-1
settings:
- addressType: IP
endpoints:
- host: 7.6.5.4
port: 8080
zone: zone1
metadata:
kind: Service
name: envoy-envoy-gateway-gateway-1-196ae069
namespace: envoy-gateway-system
sectionName: "8080"
name: envoy-gateway/gateway-1
protocol: TCP
readyListener:
address: 0.0.0.0
ipFamily: IPv4
path: /ready
port: 19003
tcp:
- address: 0.0.0.0
externalPort: 90
metadata:
kind: Gateway
name: gateway-1
namespace: envoy-gateway
sectionName: tls
name: envoy-gateway/gateway-1/tls
port: 10090
routes:
- destination:
metadata:
kind: TLSRoute
name: tlsroute-1
namespace: default
name: tlsroute/default/tlsroute-1/rule/-1
settings:
- addressType: IP
endpoints:
- host: 7.7.7.7
port: 8080
metadata:
kind: Service
name: service-1
namespace: default
sectionName: "8080"
name: tlsroute/default/tlsroute-1/rule/-1/backend/0
protocol: HTTPS
weight: 1
metadata:
kind: TLSRoute
name: tlsroute-1
namespace: default
name: tlsroute/default/tlsroute-1
tls:
inspector:
snis:
- foo.example.com
terminate:
alpnProtocols: []
certificates:
- certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
name: envoy-gateway/tls-secret-1
privateKey: '[redacted]'
tls:
alpnProtocols: []
certificates:
- certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
name: envoy-gateway/tls-secret-1
privateKey: '[redacted]'
Loading
Loading