-
Notifications
You must be signed in to change notification settings - Fork 2k
TransportServer SNI #6605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
TransportServer SNI #6605
Changes from 27 commits
Commits
Show all changes
38 commits
Select commit
Hold shift + click to select a range
4c623b3
commit poc
bd1a6ac
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] 9234db3
remove build errors
6f6dd49
fix go tests
88f24b6
fix example readme linting
9af72cf
fix tests
4c3c49c
remove unnessary changes
c812f7d
update snaps
4c746b6
tls passthrough example lint
6a0644b
fix tests
7e8c45c
fix test
9db8c56
add new snapshot test, fix makeServerName function
a751f78
add test for makeServerName function
3d35774
add go tests
624e693
Merge branch 'main' into poc/transport-server-sni
2748b2f
change c.listeners to c.listenerHosts
2fb8fdf
Merge branch 'main' into poc/transport-server-sni
5f4ebc0
fix non tls passthrough hosts being added to tls passthrough template
af2c0ed
Merge branch 'main' into feat/transport-server-sni
87a671f
more go tests
ae9e4a9
Merge branch 'main' into feat/transport-server-sni
70debbe
add python tests
12e5529
Merge branch 'main' into feat/transport-server-sni
1b7621e
add listenerhost tests
c85c9a8
add docs
66bedf5
fix validateTSHost logic
7be8dc2
remove unused function
17b8e2f
Apply suggestions from code review
20d71c3
test undo enumeration
775a9b4
change numbers to headings
cc4e1fb
Merge branch 'main' into feat/transport-server-sni
e66a52c
make changes from code review
615d06e
Merge branch 'main' into feat/transport-server-sni
53bc93e
Merge branch 'main' into feat/transport-server-sni
35c1cde
Merge branch 'main' into feat/transport-server-sni
88ce4bf
Merge branch 'main' into feat/transport-server-sni
c0bde77
bash to shell
47959ef
Merge branch 'main' into feat/transport-server-sni
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| # TransportServer SNI | ||
|
|
||
| In this example we create two different TransportServers that listen on the same interface, which are distinguished by their Host field. | ||
|
|
||
| 1. Create a GlobalConfiguration resource with the following listener. | ||
|
|
||
| ```yaml | ||
| listeners: | ||
| - name: tcp-listener | ||
| port: 7000 | ||
| protocol: TCP | ||
| ``` | ||
|
|
||
| 1. Add a custom port to the NIC pod via the helm chart | ||
|
|
||
| ```yaml | ||
| controller.customPorts: | ||
| - name: port | ||
| containerPort: 7000 | ||
| protocol: TCP | ||
| ``` | ||
|
|
||
| 1. Add a custom port to the NIC service | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```yaml | ||
| controller.service.customPorts: | ||
| - name: tcp-port | ||
| port: 7000 | ||
| protocol: TCP | ||
| targetPort: 7000 | ||
| ``` | ||
|
|
||
| 1. Create the cafe-secret, and mongo-secret. These secrets are used for TLS in the TransportServers | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `kubectl apply -f cafe-secret.yaml` | ||
| `kubectl apply -f mongo-secret.yaml` | ||
|
|
||
| 1. Create the mongo and tcp echo example applications | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `kubectl apply -f mongo.yaml` | ||
| `kubectl apply -f tcp-echo-server.yaml` | ||
|
|
||
| 1. Wait until these are ready. | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `kubectl get deploy -w` | ||
|
|
||
| 1. Create the TransportServers for each application | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `kubectl apply -f cafe-transport-server.yaml` | ||
| `kubectl apply -f mongo-transport-server.yaml` | ||
|
|
||
| 1. Ensure they are in valid state | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `kubectl get ts` | ||
|
|
||
| ```bash | ||
| NAME STATE REASON AGE | ||
| cafe-ts Valid AddedOrUpdated 2m | ||
| mongo-ts Valid AddedOrUpdated 2m | ||
| ``` | ||
|
|
||
| 1. Set up /etc/hosts or DNS | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| In this example I am running NIC locally, so I will set | ||
| cafe.example.com and mongo.example.com in my /etc/hosts to localhost | ||
| If running NIC as a live service, the server names would be set at the DNS layer | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `cat /etc/hosts` | ||
|
|
||
| ```bash | ||
| ... | ||
| 127.0.0.1 cafe.example.com | ||
| 127.0.0.1 mongo.example.com | ||
| ``` | ||
|
|
||
| 1. Expose port 7000 of the NIC Loadbalancer Service | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `k port-forward svc/my-release-nginx-ingress-controller 7000:7000` | ||
|
|
||
| 1. Use ncat to ping cafe.example.com on port 7000 with ssl | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `ncat --ssl cafe.example.com 7000` | ||
pdabelf5 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| When you write a message you should get sent back | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```bash | ||
| hi | ||
| hi | ||
| ``` | ||
|
|
||
| And once the connection is closed (ctrl + c) you should see the request and response in the NIC logs are both 2 bytes | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ```bash | ||
| 127.0.0.1 [24/Sep/2024:15:48:58 +0000] TCP 200 3 3 2.702 "- | ||
| ``` | ||
|
|
||
| 1. Use mongosh to connect to the mongodb container, via the TransportServer, also on port 7000 | ||
j1m-ryan marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| `mongosh --host mongo.example.com --port 7000 --tls --tlsAllowInvalidCertificates` | ||
pdabelf5 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| ```bash | ||
| test> show dbs | ||
| admin 40.00 KiB | ||
| config 60.00 KiB | ||
| local 40.00 KiB | ||
| test> | ||
| ``` | ||
9 changes: 9 additions & 0 deletions
9
examples/custom-resources/transport-server-sni/cafe-secret.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| apiVersion: v1 | ||
| data: | ||
| tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY1ekNDQTgrZ0F3SUJBZ0lVR2dXT0JNTkR2TXNWOGY3OWc0MlpSZy9KaWc0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZSXhDekFKQmdOVkJBWVRBbGhZTVJJd0VBWURWUVFJREFsVGRHRjBaVTVoYldVeEVUQVBCZ05WQkFjTQpDRU5wZEhsT1lXMWxNUlF3RWdZRFZRUUtEQXREYjIxd1lXNTVUbUZ0WlRFYk1Ca0dBMVVFQ3d3U1EyOXRjR0Z1CmVWTmxZM1JwYjI1T1lXMWxNUmt3RndZRFZRUUREQkJqWVdabExtVjRZVzF3YkdVdVkyOXRNQjRYRFRJME1Ea3kKTXpFd01EUXdNVm9YRFRNME1Ea3lNVEV3TURRd01Wb3dnWUl4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSQpEQWxUZEdGMFpVNWhiV1V4RVRBUEJnTlZCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1ClRtRnRaVEViTUJrR0ExVUVDd3dTUTI5dGNHRnVlVk5sWTNScGIyNU9ZVzFsTVJrd0Z3WURWUVFEREJCallXWmwKTG1WNFlXMXdiR1V1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBbjkvZwpkMml5NEZyaGNtS3ZXQTVHZXFiS1c5WU1xeml6Vm4yRExkd215enkvS2FUdTdtUlkvUWRsTkxHaVhIM1NEa0FkCkhtZFJEK0Zob1ZHaWxoTjEzcTI0azdyRSt6dk1iMlRqdnBnMmVLYVd1dDBHaGQ3V3l3TnpIUU9WcWJCM2o2U2QKSE1sNlJKK25ERHo2Yi9adkRiNm9nQjBucUowZjBWN0tBMHFFalYxVld2dXI4YVZpVlVxK0tBOVMveEdJMHZSSwo2NE9BS2xIUUF4a2xGWWhheHVjcWRsS0owQlRXekE0Z0gzUTZlQi9CRjNOMTJDQjgrMVEzZG54bU5TVnpLbXp1CmJYdm1jK1RPUjg0V3ovemlaMTl1K3RuRHg2aklNajZZQXd2M0tzSVlYbmV1ZEgycUZKRG5FMmZwYjNnZzRxbm0KQnduY0ZlU1poY09nZWdnR1RmKzRTc3YwRUNuamNNdXhteTEwMTNwY0h1a2prTUNmVGJsUGZTU0NNS24rVnlGZQpUNzlSeUkxM3hmL0JXOSt0aTFad1IwYVpkWk5jV1R2Um53R1M1bWhnelJXclhRUmdJQlVVVjk2N3cxRVVONDJVCkE3ZjBVSzZlYks5bExBMnNZWmJJSWUrbllRY1d1OVRuNXo5YnVwK2w3aU5hUDYxWXdwWGdrUTFyNHlSamhMeUEKajVha1Z5VnROYzZmSWltaXlWV0Y1QzBaZnNIYzF3cUpLb2lXQzBtT1dyNEVRSVorRkY2WC9FRytSMmhodjZkQQpGcndpd3BHUE9kWkROQzNqNFBqVzVreWlYMlh2Vm1RWTUvbkxNdFpUaFF6VHpadG8zT3M4d1RsRjFyQlZkd05iCi9zNTh2dnlTQitsYk5Sd215TEErQVYvOGQ2L2VNcGZjS0ZyYU85OENBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUUKRktEejZlREZLaC93ZDVLTHpPMXpCMDR2UGVRSU1COEdBMVVkSXdRWU1CYUFGS0R6NmVERktoL3dkNUtMek8xegpCMDR2UGVRSU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFKQnd5WVlyCllXa3RvRGJPYlpHRUFXT0lEcjFTb3NWRDVIRXdkazV6ZTJuT05oQXFHVWszOHpUT3V1VVZRNk5lT1c1UWtML3oKVTFUa3dwUlNFNjFpbVZHOUdjYWY5ampkSjd5VGhsOGpmZXUyWTF4RHo1OUpmbWJ1WUo2SGE4ZmR4STAxQXZ3RgoxaERYY1ZEcTZoalhhb0pKMVZta1NiTEJPc1JXaGVzWGl1K3FiN3NSOUhlZmJmaTUxandQb2NFblE4YzNiWXF5CmpIRkwxS1JJekIyR2VYVGk2WngwN2lqcDZIeGJSQUFEWnBuRGN0blM1UVQvTGFoYklIZVNNTExMK21vdnUrSUgKTVgwQmtaYmJjRk94L3d2ZlN1SXdveEVXR1RjVGJIYnJGanVUUDRkalpPdFhybElSK1RJTmRiaFhaMm1XZVdHbgpRa0tkcyt4a3puNzNZbG9xZCtPZGZ2d1dJYXVFYktuaXdQUk01NHZqK0dnbndiWmZNWXpnY292cE5BYzZjMmlmCkNNdHlHWDBUREptSjRVWC9FaFFSYTArSURMbFZTMWc2Y3IxWmVQM1N1MWpkSnhBSFVwUjZwSVYrWGdsTENDdGYKQXdDUW9BUWtUeXkyb0Y1Z0hWOGVuc28zVE15cmI5R1NBWDF0UEdJL080L3VCRDBqRzQ4anZsZEI3dzZKbjdmSwoyS21DWnIwYlRDdU9vWnVuZHA3OHA2R1ozb3lVOXBxcTFTUmU0MTdjSlVuNzR3S05TTkd0U0xTNm9OZ3FQQ2h6Cm9ZTy9zK0NHL295c0JUcTBma2VBYXdMZ2oxVG9ybGNsaEt6M05uWUtLZmhDVFBLTDVVUFZLNjVXQ3V2djlSVWgKVUZvM2F2TnhhSmpWUEY4V0FVUnRZem82bXBadFRITm53ZkJTCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | ||
| tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ2YzK0IzYUxMZ1d1RnkKWXE5WURrWjZwc3BiMWd5ck9MTldmWU10M0NiTFBMOHBwTzd1WkZqOUIyVTBzYUpjZmRJT1FCMGVaMUVQNFdHaApVYUtXRTNYZXJiaVR1c1Q3Tzh4dlpPTyttRFo0cHBhNjNRYUYzdGJMQTNNZEE1V3BzSGVQcEowY3lYcEVuNmNNClBQcHY5bThOdnFpQUhTZW9uUi9SWHNvRFNvU05YVlZhKzZ2eHBXSlZTcjRvRDFML0VZalM5RXJyZzRBcVVkQUQKR1NVVmlGckc1eXAyVW9uUUZOYk1EaUFmZERwNEg4RVhjM1hZSUh6N1ZEZDJmR1kxSlhNcWJPNXRlK1p6NU01SAp6aGJQL09KblgyNzYyY1BIcU1neVBwZ0RDL2Nxd2hoZWQ2NTBmYW9Va09jVForbHZlQ0RpcWVZSENkd1Y1Sm1GCnc2QjZDQVpOLzdoS3kvUVFLZU53eTdHYkxYVFhlbHdlNlNPUXdKOU51VTk5SklJd3FmNVhJVjVQdjFISWpYZkYKLzhGYjM2MkxWbkJIUnBsMWsxeFpPOUdmQVpMbWFHRE5GYXRkQkdBZ0ZSUlgzcnZEVVJRM2paUUR0L1JRcnA1cwpyMlVzRGF4aGxzZ2g3NmRoQnhhNzFPZm5QMXU2bjZYdUkxby9yVmpDbGVDUkRXdmpKR09FdklDUGxxUlhKVzAxCnpwOGlLYUxKVllYa0xSbCt3ZHpYQ29rcWlKWUxTWTVhdmdSQWhuNFVYcGY4UWI1SGFHRy9wMEFXdkNMQ2tZODUKMWtNMExlUGcrTmJtVEtKZlplOVdaQmpuK2NzeTFsT0ZETlBObTJqYzZ6ekJPVVhXc0ZWM0Exdit6bnkrL0pJSAo2VnMxSENiSXNENEJYL3gzcjk0eWw5d29XdG83M3dJREFRQUJBb0lDQUNkQmRZQmNlTytWNFIyUkZiVHRiR2paClkzN0JSRU1XblJKenB5NHZqR2NDOTMxbVBqVFM5dmJLUmhOMk9vT3pjVXlHZVovcGhvSDd1VmsvRGtrRFprSFQKTGlzNEJQNGJaTXRGWHBhQ0VYMzJpYlJBYVVXZHZlZ0RaTlNPK01TOXk5MjljY2FMd2pYdmJia1hqL2JGNytiVQpGZE8vVk9tV0N5WUJ2R0NxZjNtbW5UckY2U1pna1pDWDFiRkljZnluZFkwMjV0NkZYNGNFcDZyYkZidi95eXBqCndJMWxIdW0wOURrT2p0eXFVV0VGaXdnVEZiQ0g2YWhjdVhHaWdnWXl0K0NHOXRSelE5YlpLNzE5NFNRWTJBN0IKNUNJOExsSnNJeHdUT29naysvL0h3T3dSUHdqamdrdWllTnJPL1FhZDNKVkxXbXdJQTc1c2J6WGxIeFpYdWhReApFZTlTTVNaRE5JMGMvcGdDVXloL2h5Y3ZYWVJKb1dIMnZYTDYzL1EyRWJVVVZVcXpzcEpjV0xMbkhSSFdBQjZQCmtPb0FMeEs2M3lpQTU5KzREQ0ZZMGM0dXd4WHM5YnZlVWk5UUdxaUtoZkFaNmE3Ymh4ajNvRWIvRDZ0dWZKb1QKMnIxUXFKTlJ4N0RzMmJUc3J6SEgyYmVKR0R4bFJ4djdaNmdSTzdHd2lrU25veDlMcnY3YzMwUHp0WjZENXhwQwpoVHdmM0VpRWlrZ2pOM1FGd2RaUXVqV3RxWXQ1UWVGYUxpL2Q3VXZteFdZNWcrWTYyQnFkNnBpWFFJSlFVbDZUCmZmU0U2OEYvZWF6QnhPQm9INUMvWWcrd1kyVEpTb1BzK3NFUUtnYlNJTmRQNHU4N3FiQ056YWZ4WjFySTN1dmgKR3NZTWpSbm50c3RKamJXVEJkakJBb0lCQVFEZXpsY3dVNFJYbnhKVENSTjFQZUx1UHI2aXFnc09uY1lRRXNuTgpZemdwOXF6eC9SSTJodGZCYnN6TkM2RUZ3eDBDZy8wRnpRbVhqWEQ3VmhQS0UrOHBXMmQzNTg4YTBwU0xSbFBOCkprUnFxR2ovbzhIaEtmTGdCYy9BSGU3dkJEZG1UTXh1d0o1SmFmMWZ3OGtxNEJyRXROTi83SVF3MkNYcFNIK2MKSEhSZnBTM1JidDArbW9xK2RTRW1pU2h3UGgxL2FJbng4ZnBKbTFmaU1QdXhvYStzOXNUVmQ3Ky9GSjdIaWNZSApSQThQRHdQT2RMQ2loQlZFT3liSkduTlpaSFhYQTA4MThhNnpjdjU2aUM2VGZzSkhWZUg4a2Nma1IzblI4eTUvCkx2MnI1QzVaZWJlbW9ZaVhBTC9sVnZ0QUNGMXE3UW1zdlRkQ2R3R1lvaXBMbksvNUFvSUJBUUMzc1YvcFFOVlEKSjNsZExFem9OVUdBZWFwL0NNU2tuY0lUUXNnMUI3SDJHclIyR201VGNuVGE0SE5Rbmt3a2h3YUxyTUlmVDFXZAorMFVvR3M5ZXdyYkZERWtKR0MxQVd2RmFIREk3Q3NOYUFUM2FWYTE5R1ZRWFg2NnkrWEF2QXFTOXpOU25id0J0CnM5UDFFVURwMko1SGtyNlVLUHZjSnY3Q0MyR3J5emZaTy85MFpTTlFQUXdKMXFqZ2NNOUJpMlBYSkE0OENldnMKK3RvaGFqUWFIMStVY0VqNkQ0SHhoQ1RtcTBxM2YvdFNudk9iaTNOYklEWjNEWmR4ejVPelJSVmpLNWlSOGZDNQpzSVVKckxCSXRZeWpUeHAzTzROUmRFaHhzamdBZTZrSTV2dm95RVAvRFZwTFlQU0s3cFpoVjJ4YUpXUkZUUVZzCjhrKzZDbGduWGZDWEFvSUJBUUM5QjY4dFR3NHZFTVNKTW1BUnprbWovQlBkQ2d1TGdRd3pRdDEzcGNCV3lmUDgKOHNycS9BZzlFbllyV0x4cW1Sa1pzMFdPRUdFYzlXRnZ1NTNhaW9NVVFYcE5YcHgxazBkM3lsajY2b2FOUHdpbQpLeGNvbzJCdDlFQklMSjAwcUEwZ2UvUE4yeG53Q3o1dWF6dFhadjhPK0tPZ0d0Z2tZSjM1aUFyTU5jLzkvYlFiCnhjVnJnYzVJdkRNOThJd2dmbktrVDlzSkxGVSs4YzdrRnM3VDYrdVNBV01LQVNqclF1RmJSV1ovYjV5ZkdBd1EKc3l2UkZlSzlHcnBUVUYrZzdmeVVTVGlBK2VWUVZqWFZXNGk0bG9qWjRPRjBXWEtRR0p3Z0pnUEMzK2xVVnFtRQpQQ0kxKzBKWmFzZGtHaUhjTjd5YUpUVmFHc2F4V3lvOWh3Zi9VcFp4QW9JQkFDQ0hDem5ObmpoTVZTUlhsT0xGCmsyekJucHhTSENnZU8yQ1h3Y1lLTDh3cG5HMFJieG5kdWEyTWN6OENXTzlhN2FETUhhL1hwNHlMRXdydi9HcUcKUmtFTVZONkVabmJ2NDY4V01ScmRaQXhMRGYzY2tCVUg2Q2tmYTFzTDZuNllsRDE3eU9oQk1xMDZXNzBZcWdyKwpyY0IwenNTRG9WMnhsZ2tjWk5ZNzdRN05uZ1dwWnlCdFB2VjdDbnA3MzJkMjNGNGJaMTNnVCtPdDQvUm96d01WCkxTS200M1ZNUzdGTnVnOFNvKzlzZlQ5N0lCNGFDbnBIY1AyUjdaQmN0b1hYSk50anUrZVVGUkY4bllKQ0R4RkEKL0w5cVlZQmRqSHBmQWZrSUd2eVM2VExIWERJelREOGN5VEZ4NEx1OVZlbTB4bDRNSXY1V2pqQmxsQktZaEZXcwpQODhDZ2dFQkFKUjR5UUIrREtoRE1ZOGlHOXpYWUJpWmZ5MFI2c21oeEJycTREZWd4cElkajBydHUyMFNuWDdsCnN3YlZsN2NmdWRxUi9tVEhnZ1lYeGJSS3UxUXhmN3NHTW4zWVpRY1AxZDVJelFMOWZFQitidGJsdWY5VTB4NDIKUzM0U0l6Z25pd0hPQnN3M2ZLYm1Gbnc1dmtNd2RoemlBT1R0elRwcmU3ckdhaEpwZlk0eFRWWjZpK3pjQ1pCWgo0ZHhSTjlQWnBiQm4vNmJDTFY3S0I3ZmY0Uk04b3c3K1l4aHFFTFhxcnVQS2paMnRRSWs2M2hzZklMd0tiRWIrCkhEM2VLZEhNc2hhbXFXZzI0NnlORW5nQUZCQzhoVU5kQ0pmeUthUlhkSlV5eDhqcWlKM3ErdnpnNFBieUhqeW0KZEQzM2pVT2UwdHdoSWJxKytUaXZCa1ptSDBsSStnVT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= | ||
| kind: Secret | ||
| metadata: | ||
| creationTimestamp: null | ||
| name: cafe-secret | ||
| type: kubernetes.io/tls |
17 changes: 17 additions & 0 deletions
17
examples/custom-resources/transport-server-sni/cafe-transport-server.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| apiVersion: k8s.nginx.org/v1 | ||
| kind: TransportServer | ||
| metadata: | ||
| name: cafe-ts | ||
| spec: | ||
| host: cafe.example.com | ||
| listener: | ||
| name: tcp-listener | ||
| protocol: TCP | ||
| tls: | ||
| secret: cafe-secret | ||
| upstreams: | ||
| - name: tcp-echo | ||
| service: tcp-echo-service | ||
| port: 7000 | ||
| action: | ||
| pass: tcp-echo |
9 changes: 9 additions & 0 deletions
9
examples/custom-resources/transport-server-sni/mongo-secret.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| apiVersion: v1 | ||
| data: | ||
| tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY2VENDQTlHZ0F3SUJBZ0lVTGRHUktVc3FrZktiV1JheWwvaTdrSkVvWnRjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBbGhZTVJJd0VBWURWUVFJREFsVGRHRjBaVTVoYldVeEVUQVBCZ05WQkFjTQpDRU5wZEhsT1lXMWxNUlF3RWdZRFZRUUtEQXREYjIxd1lXNTVUbUZ0WlRFYk1Ca0dBMVVFQ3d3U1EyOXRjR0Z1CmVWTmxZM1JwYjI1T1lXMWxNUm93R0FZRFZRUUREQkZ0YjI1bmJ5NWxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQTUKTWpNeE1EQTFNVGxhRncwek5EQTVNakV4TURBMU1UbGFNSUdETVFzd0NRWURWUVFHRXdKWVdERVNNQkFHQTFVRQpDQXdKVTNSaGRHVk9ZVzFsTVJFd0R3WURWUVFIREFoRGFYUjVUbUZ0WlRFVU1CSUdBMVVFQ2d3TFEyOXRjR0Z1CmVVNWhiV1V4R3pBWkJnTlZCQXNNRWtOdmJYQmhibmxUWldOMGFXOXVUbUZ0WlRFYU1CZ0dBMVVFQXd3UmJXOXUKWjI4dVpYaGhiWEJzWlM1amIyMHdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEUAppQngwMDU3MjB2S2JVMGJsZUNjcTg2N0RJREkzbnZ1VjdiMVhCaEJHOFJ5S1MveDREc2pPYjMwaVZtVm1MR29xCm5WVnk5bnN5VDBEMmhydnE2eUp4VEtBMmtTNFVOd3JJZDBhc3FqSmxITWFpbkNmbmtGLzB4RmwxZERvYUEydncKelZZYnpQd3NBRlQrZGk2cG1hcnFQVFlNditiL0NhQnFib3dBQWFtUjhLemdGRTZDSFNZc1EwSzFEV2xhbmRBOAoxRXlFT0p0dndjQXFjVHVXTXl6eGMzUUx6dmM4Z0hGcG1NdlNEUUtvL2xpbytUYlFaOW1ldXJKTTY0dUVtRThzCmloVDNxREo2OUE0VkpDQWs0cGVmZ0p6cjNnN1ExOTBvVmpwOGtXZ0NIMkl3OHdXUGVjYUVySXFHcmo2YkNzcHUKSHVQaGlaQnB4aDlmOUhmWCt1NHBpNytGU2VPaC8xU0xEdE9qVzAwV256TnFJSGJvSmhLd2MyRXU3Z2xkc2VNdgp5a0VQbWtKNDkyNXN1Rmsxc3U5RWdDeDBhM1JwWCtxNERsSjFHaEl6QUJja0hOVXplUXJWVGdYTHkwdk1wZGdCClVXU3hkMWdGdGM2ZGp6WEoxZUxwcEVPaEtQdmQrVWN2eEpPb2NLekx3a1BGNmNueVl2NElFUnFZWE9UUktlNFcKamFKR05xWisvNGRJQXh4M0UxamtyZUR0UUNzMVByaFBLaGpVdVlKaVI5UFFsdEFUa2w4MXQ1NzEyeDExYUQ0SgpNMWRsOXdoSUlNcjFoQzF6Wms5SkZXdkluRytCTEdBY3d4cjduY2pLTEpzcjBpS3R2aFEzbndWdG9GWnlzWERCClBBdU5QclFMM0JaT3JKanpvV3FJdU5lNVRqY3FiTG9WREx2NzMwMytXUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEUKRmdRVVpjTjdpUitRNGkrb3U2YS9aR01JUXQrRWJRY3dId1lEVlIwakJCZ3dGb0FVWmNON2lSK1E0aStvdTZhLwpaR01JUXQrRWJRY3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFKYVRXCnFENnEyRm51RmtJcmJIbkxPdFdFTDUxTC9QMncyUWZqMTcrSWlJeDRNd3hzS082ZEtHbUdlazY2Sy9sSjdBaEIKWngyRkFiOFdERmpPeVFtL3Axc1lQME82L1RyUzYrYjRlbndaR3p3YXVoVWdXR0M3djByRlp0VnNMNm5pdGJkMAp6VExGZ1V6QkJHR3cwZ3E2ekF4ZG5BNXo1VkFyYjhzcGZFNzZ1Q1FWbEdYVXhua0Fka2FYVXlOYXU1YXo0VW1WClMzRjIvaG53RG5XYUpZUmxqMTJ2SFYxWmxiamwxMzE3Uk0rRHZMSkRwV29JTkdzRzd0SG9pTGQ1dXJJeWYxZ0oKZXdJN1FXYTQ5UE1MWCszYnNSbjQ4dnJZUGxqWGcvdkhqYlZvUWlzMmFCak1sSDNCczdMVGVvVWZqVERsU2c3cApHd3ZzaW41dWJPZFAvTGRrWllaTFhiMWkvT1E3cjFpZTJ3OTQyd1RZT3NKRk5QVlB4N3JPV1BNeHd0Q0tUeE41Ck5URXFPM0F5dXZpUW9tRVhhL1RyL2xybnFSWS8rcXNpL2J2d01QWWlIS0RiTmJMM1NQaSt4bmU0Y3NxQ0d5L3QKMGVsaHVYVHpDTXUvcXdvM2ZNVXc4VFBBMXcvOEZTMWh4ZWkzY0JhL3VxQzFPS2s3aDRTLzJocXljaFd5ekhIRApMNUdob2RGZ0NkVTZaSUZJSnJzQS9uQ09maGZWUXJJMFRRZWlMSHR6OXd0T2tWTXhPeWRpcGpVMEgySjErRElwCi8vQzUrM2FpNWlxTkZnUTNZNEp5SGFlYmh3NW5lcjh1U3JmN3NnMit1a1dVU0QxamhnRVQxVWEzTTNUeG00bmYKNXhXOFV1aTFDYjVMdEM2clgvV1A4SG4veTJid2Iyc0swMGJYb1Y4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | ||
| tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFBpQngwMDU3MjB2S2IKVTBibGVDY3E4NjdESURJM252dVY3YjFYQmhCRzhSeUtTL3g0RHNqT2IzMGlWbVZtTEdvcW5WVnk5bnN5VDBEMgpocnZxNnlKeFRLQTJrUzRVTndySWQwYXNxakpsSE1haW5DZm5rRi8weEZsMWREb2FBMnZ3elZZYnpQd3NBRlQrCmRpNnBtYXJxUFRZTXYrYi9DYUJxYm93QUFhbVI4S3pnRkU2Q0hTWXNRMEsxRFdsYW5kQTgxRXlFT0p0dndjQXEKY1R1V015enhjM1FMenZjOGdIRnBtTXZTRFFLby9saW8rVGJRWjltZXVySk02NHVFbUU4c2loVDNxREo2OUE0VgpKQ0FrNHBlZmdKenIzZzdRMTkwb1ZqcDhrV2dDSDJJdzh3V1BlY2FFcklxR3JqNmJDc3B1SHVQaGlaQnB4aDlmCjlIZlgrdTRwaTcrRlNlT2gvMVNMRHRPalcwMFduek5xSUhib0poS3djMkV1N2dsZHNlTXZ5a0VQbWtKNDkyNXMKdUZrMXN1OUVnQ3gwYTNScFgrcTREbEoxR2hJekFCY2tITlV6ZVFyVlRnWEx5MHZNcGRnQlVXU3hkMWdGdGM2ZApqelhKMWVMcHBFT2hLUHZkK1VjdnhKT29jS3pMd2tQRjZjbnlZdjRJRVJxWVhPVFJLZTRXamFKR05xWisvNGRJCkF4eDNFMWprcmVEdFFDczFQcmhQS2hqVXVZSmlSOVBRbHRBVGtsODF0NTcxMngxMWFENEpNMWRsOXdoSUlNcjEKaEMxelprOUpGV3ZJbkcrQkxHQWN3eHI3bmNqS0xKc3IwaUt0dmhRM253VnRvRlp5c1hEQlBBdU5QclFMM0JaTwpySmp6b1dxSXVOZTVUamNxYkxvVkRMdjczMDMrV1FJREFRQUJBb0lDQUU3ZDJYNldPMmR1WkE4ZUZ5ZTJRU0JFCkNlcVNUak13QWtrSVYzZCtVT284ejgxSXNqSEg0SXorOW0xNXFzQW82ZEczQjlXUUVPSmVGd0I0MUdvaW9HeXgKSTRPSktaczZEYW1BRm9ZZ2lkVStHY2lMRW1rZ1J5OEQvVUV6QWErSUZGbW5GdTJxdVR4WmhmTkw0MURGbXB1NAoxbFVEQ3B4cVFxR2YwQ2xpZUZnRFFCZEo4RW5uSE80ZVEzZjltRWQ5Q0xsTkxxVGl4RU0wdkx3RVd4SXA4WTd5CmdxdklJOUhFdUJUYW9iNTUva1JOb0ZEYW9IZVR0N0pvSGNFNGxFVTRBb0taR1AzQzJDZzhuaXR2bHAyZDFPUWoKSXI5S0hKUkdMSUFiUU0rOURHc2VGUmtvQ2Jsc0hFS29OVjZZVWlkbWN1WmxhOUYyajBCN0w4b3Q0K3RhcTIzRApYendTSWFrWXBlaFVrYlRrbDJDak9FTHkxaCsrOFYzcFZqak5LdW9pRHhKWTdSSzFMQk9obExlSG5YUzlGY2hGCmVGRVZlb0c2ZlY0QWtFdGJocDJjRExacGF0UWg5ZUNzbmhUT2d2a002WjZ2ZWlTcGpvTUtleGM3bnRVZEJyWFAKQ3lSemVkSEFaaEh5MnBvREFvYU80aW5yOEI2U2VwWlJiaTBPK1ZXQXJkNDJ3UWhXdWZRUFQ1VExVSEoyR3VjeQpkME5wZk9VRXJYT3RVdU11NFNRU2lQbHJ6Ykx3NThrOFdKUVU2TXRGTnpXQ29yTG9TNWVmNU9LclBFYXh3SmhNCnh5Q1FPaWhLQk1SWE1IUXNib2JQZjhOQlJqYVNtK1ZzL0ZpOXdiYnVLZTVpYUhQenB2YVlzMmpqYzcyYWIzMVcKL2V4cUtSQmtEUVQvcmRPSHdJWHZBb0lCQVFEKzdIKzJyM3EwVVMvY0VHalZlSlovdzJXQzJJRCsxNGY3eHdvKwo5V05iWUdyY3NoZTRVSC9JSVpEL3RHQ2MrZ01mSlhTckk5OVhXejZ5Y0p5YXhTdTFsQmxsWEduTk5JM1AwYXpPCmdRc2FjenpjR1JLdk5WTWIyZmJDVEdHR3JVMXZjQVNET1ltZDZha3laemxBaWN4aHI3bStuMWZrLzY1bWFBeEgKTFBleXQwYWMydEdVL293MWJwV1hvRi9OL05QMTRsZ2ZMU2pXQmpWVEQ0bnByenNBU1RsK1hCLzRuK01wUG9CZwo4K2poYW5mUHFDY2MyQW5VMXAvTGZKSDZ6MWJkcHpDNVVQaFF6K2t3a2gwa3Q1cDRQOW5kV3FIWkw1cDlzS1J6Cld3S3pVQld4VjB3VDBOQzRnRlBtYzJaRGpTR0hlSXJLeWx1YVdIS2w4eVcwNGRldkFvSUJBUURRYUdVSlBtT08KQlZzUFROanhTdStzVGg4czNUZFhLUVIwQU02Y0l4UmVrVHpaODg2L3ptUFhlQThsNmROV2c1L0hCTE4rbUllNApnZnV2YWxnMEh5TWI3TC8vbEtYcHpFQTRncVdxU29MaXd4c1JHcUU1NFNud1g3QXV6K0NsT1lTUlNSQXpmeC9BCnE2QS9rOHR6SzN5NVF4Rk5Sc0NFak1GdWY5ak1yWCs0aXU0c3JvZEdUMXkvRE9hZ2twRmphVWZpL2NiaTM4V2sKdVhvK0ZoYmV1Yys0N1VzWjRXWDJSOGg1Uy9sUVhBYkxKU0lwMjlSZy9EK2pZdUllZTZXbk9pdzZWVkRweHhlYgp6RDh3SGVJTHhuRHdZbXprTzVrSG5ZVU5ubUtmWFovU1NpdWpkN0ZvQ1pMZld0R1gzQlFSdVNtRHlQSnBmSTlKCmVtNTl3bkkxVEFSM0FvSUJBUUNBa1l5VCtZcThPSm9YdGhyNVZ2a29kTWJVcUJiZThKci9xOUlLRUw3TWppTTMKTFliekNYNTQxQjBLS2RIME9jK3JQTHZMdUtyaXB2MUhCNjZrREQ5UU0rSmZFYTIydGdPenhYOFBJMXdUT2YxKwowQkp4VlVhV0xHYmNkYU5XUmo5Z3JiRkk4WkxybHJZajJwV3diQTh0VVhBdnFMT3VwaGt5UXRXMmJBSjlHeHc4CjdjdDRCcTEySVZESENUWm9jRlFDbGVaMXl0UG1wWGp0YkUvVkVQQ0Q0MnBneFZ2R2kvVUlqeUkyUTYyM1NuZ2sKdmgwRDJoMlRQNitWOUR5M3J5eVRXOGdpSHFrdU1MM2VKa01XaXBjWWdMT0RoVHROaTBteWpJMVVOSmwzRURQdwpuaU9iZHR4ZHdUTVBiaklzYlpoMGQ2SWdSdERPVmo5MFhONHVqUnkzQW9JQkFFNTRRREt1endWV2R1Ylg1SWRWCjA5Qm95Y3cycnZPZWVoTERpd2UzSGFCTnh6KzVVUXRmUnJDR2dBMmljUFNPTXNiWXVremNXWjNiTTB6bEdiam0KVUczZlFwdVUrTE9ET0ZzT3RobmNYRlBOYW8rU0cwcVR3UnJFcksyemo3NG1YZ2ZtSHJlRkVndVZrNHpjdFNuMApJYzRQdHFBR0Y4N1F3TFErWnY4S0JLRVRqb0k4WktyUWp2ZFFnRFhOZWZpWVYzemNXTnBycnh0S3l3QTlpUGJyCnQ0N0ZxaFZnak9laU41V1VTWmM4VDBLR0JNc0YvbjFWL1JBajEwZnEvb0Jzb3VLRDVTZGcwejdTTktpRlYrdGYKR0g4cVVCM1BZdHMvTUMza2lQWEFac0RqTkhNa1NpUUdGc3NLZ3doTzBTK3JMRHAybXUraytyNkwzclp6VkZWRQovaGtDZ2dFQUxpdGI5U29mLy9HenBpcmpTMW16SXNRWUxBWW9ETkZGNE5wYzV1Q0pDWEJJTmVFQnl4YlVzZFRVCkRyTnZ2NG1oNTF5SU1WVHVuM3MzKzFUU25lVjZwdjlIS3JicTlEdU85YXBUOFZnV1E5ZGU5YkVaU0lLVG5iVE0KcUVoLzNIelpKcmNRWjMxWEdTZm5NN0NsVjdPQWM4bVNiT3M4NDlGLzg4UEg0Y3VrYVRWNmZPUnFOaW54RXhuZQpqbnk3ajUxT01aWTQ4TVIvaGJhOVk3QWM3TE1Ec0pQdFZ5cStBemU4ODRreU5ZV2dtZHJHanBaVnhLeDQzMjFJCmhXM1NUam9SZEZBMFVCdENyT2ZUalF0cThPQzZqL1QrYWdwa0g2VjFQVkw3Y29PbjREU2RIb1RqdnJFZ0QrYTgKVzY1ODFvdHdha2tMK0FGalU0MkVHaTkxWnJLSUx3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= | ||
| kind: Secret | ||
| metadata: | ||
| creationTimestamp: null | ||
| name: mongo-secret | ||
| type: kubernetes.io/tls |
17 changes: 17 additions & 0 deletions
17
examples/custom-resources/transport-server-sni/mongo-transport-server.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| apiVersion: k8s.nginx.org/v1 | ||
| kind: TransportServer | ||
| metadata: | ||
| name: mongo-ts | ||
| spec: | ||
| host: mongo.example.com | ||
| tls: | ||
| secret: mongo-secret | ||
| listener: | ||
| name: tcp-listener | ||
| protocol: TCP | ||
| upstreams: | ||
| - name: mongo | ||
| service: mongodb | ||
| port: 27017 | ||
| action: | ||
| pass: mongo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: mongodb | ||
| spec: | ||
| selector: | ||
| app: mongodb | ||
| ports: | ||
| - protocol: TCP | ||
| port: 27017 | ||
| targetPort: 27017 | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: mongodb | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: mongodb | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: mongodb | ||
| spec: | ||
| containers: | ||
| - name: mongodb | ||
| image: mongo:latest | ||
| ports: | ||
| - containerPort: 27017 | ||
| volumeMounts: | ||
| - name: storage | ||
| mountPath: /data/db | ||
| volumes: | ||
| - name: storage | ||
| emptyDir: {} |
39 changes: 39 additions & 0 deletions
39
examples/custom-resources/transport-server-sni/tcp-echo-server.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: tcp-echo-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: tcp-echo-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: tcp-echo-server | ||
| spec: | ||
| containers: | ||
| - name: tcp-echo-server | ||
| image: alpine | ||
| command: ["/bin/sh"] | ||
| args: | ||
| - -c | ||
| - | | ||
| apk add --no-cache socat | ||
| echo "TCP Echo Server starting..." | ||
| socat -v tcp-listen:7000,fork,reuseaddr,keepalive exec:'/bin/cat' | ||
pdabelf5 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| ports: | ||
| - containerPort: 7000 | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: tcp-echo-service | ||
| spec: | ||
| selector: | ||
| app: tcp-echo-server | ||
| ports: | ||
| - protocol: TCP | ||
| port: 7000 | ||
| targetPort: 7000 | ||
| type: ClusterIP | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.