consul connect envoy
should have the ability to inline the TLS certificates necessary for gRPC
#6360
Labels
theme/connect
Anything related to Consul Connect, Service Mesh, Side Car Proxies
type/enhancement
Proposed improvement or new feature
Milestone
Overview of the Issue
I want to run Envoy within a container and provide it the bootstrap configuration generated in the container/machine that the Consul agent managing it resides. When HTTPs is enabled TLS also gets enabled for the gRPC connection. Therefore the bootstrap configuration also needs to setup TLS. Right now it inserts the path to the CA certificate file on disk. This path is only valid on the agent itself. Envoy supports inlining the PEM files I think that the CLI should read the ca file and dump the pem into the bootstrap config instead of providing the path.
Reproduction Steps
Steps to reproduce this issue, eg:
consul connect envoy -bootstrap <other args>
. Either set the env vars so that the CLI will know TLS should be used or manually set the gRPC addr tohttps://<consul agent ip>:<consul agent grpc port>
Envoy will not be able to validate the TLS cert because its filesystem doesn't contain the path where we told it the CA cert lives.
The text was updated successfully, but these errors were encountered: