-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only Terminate mode is supported. Route TLSRoute not supported. #6922
Comments
Refer to #6912 details as well. ❯ k api-resources | grep -E "kong|gateway"
Also, added "CONTROLLER_FEATURE_GATES" env variable with "GatewayAlpha=true" as its value for gateway proxy. Using gateway operator 1.4 with "experimental" CRDs from https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.2.1 |
@mheap, any suggestion? I am following instructions based on this documentation - https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/services/tls/#tls-passthrough @pmalek , including you to get your insights based on Kong/gateway-operator#112 . I see that issue has been closed with "Closing as not planned for now" comments. Does this mean TLS Route is not supported yet in kong (Kong/gateway-operator#64 )? |
Anyone faced similar exception/error? Hoping to get some help on TLS pass-through implementation with KIC/Kong Gtw using KGO. |
@pmalek , any suggestion/recommendations? thanks. |
@mlalam TLSListener is not supported yet as per https://github.com/Kong/gateway-operator/blob/20f084194be07bb17d149e0b1b68e603e05a9ccd/controller/gateway/controller_reconciler_utils.go#L524-L534 and the fact that #64 is still open. You should observe something like in your Gateway's status:
note the Hope that helps. |
hmm. I will provide my requirement/situation, hope you can help me with some direction.
I can see the cert available in kong though. How do I forward the cert from kong gateway to the upstream service? I tried this post-function plugin recommendation, but still it is not working. Any help/assist is much appreciated. I can't use mTls plugin because I am using OSS version. |
@pmalek , got any suggestions? |
hello, anyone out there to help me out on my requirement (TLS Pass-through)? |
Hi @mlalam Sorry for the delayed reponse. I only had time to check 1 thing which is whether the example manifest for TLSRoute passthrough using Gateway API would make sense for this scenario but I can see that KIC still marks the
When I find some time I'll try to get more insights into this issue. |
Hi @pmalek, very surprised why gateway operator doesn't support this, when the underlying components KIC, kong gateway (nginx behind it) supports this. Currently, we are stuck and unable to upgrade to kong gateway due to this missing feature. I will be waiting for any update on this. thanks for your support on this so far! |
Hello @pmalek, got any update? Should I proceed with unmanaged gateway setup and ignore gateway operator to make it work? |
Is there an existing issue for this?
Current Behavior
Deployed following manifest:
Expected Behavior
TLS listener with passthrough mode must be created successfully.
Steps To Reproduce
Kong Ingress Controller version
Kubernetes version
Anything else?
Gateway created with following listener exception.
FYI - I'm using AWS ALB Controller component for provisioning NLB.
Status:
Addresses:
Type: Hostname
Value: xxxxxx
Conditions:
Last Transition Time: 2025-01-06T22:50:30Z
Message: Listener 0 is not accepted.
Observed Generation: 14
Reason: ListenersNotValid
Status: False
Type: Accepted
Last Transition Time: 2025-01-06T22:50:30Z
Message: There are other conditions that are not yet ready
Observed Generation: 14
Reason: Pending
Status: False
Type: Programmed
Last Transition Time: 2025-01-06T19:13:03Z
Message:
Observed Generation: 8
Reason: Ready
Status: True
Type: DataPlaneReady
Last Transition Time: 2025-01-06T19:13:03Z
Message:
Observed Generation: 8
Reason: Ready
Status: True
Type: ControlPlaneReady
Last Transition Time: 2025-01-06T19:13:03Z
Message:
Observed Generation: 8
Reason: Ready
Status: True
Type: GatewayService
Listeners:
Attached Routes: 0
Conditions:
Last Transition Time: 2025-01-06T22:50:30Z
Message:
Observed Generation: 14
Reason: NoConflicts
Status: False
Type: Conflicted
Last Transition Time: 2025-01-06T22:50:30Z
Message:
Observed Generation: 14
Reason: UnsupportedProtocol
Status: False
Type: Accepted
Last Transition Time: 2025-01-06T22:50:30Z
Message:
Observed Generation: 14
Reason: Pending
Status: False
Type: Programmed
Last Transition Time: 2025-01-06T22:50:30Z
Message: Only Terminate mode is supported. Route TLSRoute not supported.
Observed Generation: 14
Reason: InvalidRouteKinds
Status: False
Type: ResolvedRefs
Name: wildcard-tls
Supported Kinds:
Events:
The text was updated successfully, but these errors were encountered: