Skip to content
This repository has been archived by the owner on Jun 14, 2018. It is now read-only.

Support HTTPS routing #47

Closed
kyessenov opened this issue Jan 19, 2017 · 5 comments
Closed

Support HTTPS routing #47

kyessenov opened this issue Jan 19, 2017 · 5 comments

Comments

@kyessenov
Copy link
Contributor

We need to investigate how to route HTTPS traffic for pod ingress/egress traffic. TCP-level sufficient but maybe SNI works better.
@rshriram
Copy link
Member

Why can't we go one level further and use the http connection manager (envoy) itself ? All we need are the cert files. We can use the kube secrets to pass them around. WDYT ? Am I missing something?

@kyessenov
Copy link
Contributor Author

If we want to terminate HTTPS then that's great, but I was referring to the case when the application container doesn't trust us with the certs.

@kyessenov
Copy link
Contributor Author

We need to add server-side SNI to Envoy to support opaque HTTPS services on the same ports.
See envoyproxy/envoy#95.

@kyessenov
Copy link
Contributor Author

We went with TCP based routing instead of SNI for opaque HTTPS.
#312

@kyessenov
Copy link
Contributor Author

Implemented (modulo port-sharing issue #237)

@lizan lizan mentioned this issue Sep 7, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rshriram @kyessenov