Skip to content

TransportServer SNI #6605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 38 commits into from
Oct 22, 2024
Merged

TransportServer SNI #6605

Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
4c623b3
commit poc
Sep 24, 2024
bd1a6ac
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 24, 2024
9234db3
remove build errors
Sep 24, 2024
6f6dd49
fix go tests
Sep 25, 2024
88f24b6
fix example readme linting
Sep 25, 2024
9af72cf
fix tests
Sep 25, 2024
4c3c49c
remove unnessary changes
Sep 25, 2024
c812f7d
update snaps
Sep 25, 2024
4c746b6
tls passthrough example lint
Sep 25, 2024
6a0644b
fix tests
Sep 25, 2024
7e8c45c
fix test
Sep 25, 2024
9db8c56
add new snapshot test, fix makeServerName function
Sep 26, 2024
a751f78
add test for makeServerName function
Sep 26, 2024
3d35774
add go tests
Sep 26, 2024
624e693
Merge branch 'main' into poc/transport-server-sni
Sep 26, 2024
2748b2f
change c.listeners to c.listenerHosts
Oct 7, 2024
2fb8fdf
Merge branch 'main' into poc/transport-server-sni
Oct 7, 2024
5f4ebc0
fix non tls passthrough hosts being added to tls passthrough template
Oct 7, 2024
af2c0ed
Merge branch 'main' into feat/transport-server-sni
Oct 7, 2024
87a671f
more go tests
Oct 10, 2024
ae9e4a9
Merge branch 'main' into feat/transport-server-sni
Oct 11, 2024
70debbe
add python tests
Oct 11, 2024
12e5529
Merge branch 'main' into feat/transport-server-sni
Oct 11, 2024
1b7621e
add listenerhost tests
Oct 11, 2024
c85c9a8
add docs
Oct 11, 2024
66bedf5
fix validateTSHost logic
Oct 11, 2024
7be8dc2
remove unused function
Oct 11, 2024
17b8e2f
Apply suggestions from code review
Oct 11, 2024
20d71c3
test undo enumeration
Oct 11, 2024
775a9b4
change numbers to headings
Oct 11, 2024
cc4e1fb
Merge branch 'main' into feat/transport-server-sni
Oct 14, 2024
e66a52c
make changes from code review
Oct 14, 2024
615d06e
Merge branch 'main' into feat/transport-server-sni
Oct 14, 2024
53bc93e
Merge branch 'main' into feat/transport-server-sni
Oct 15, 2024
35c1cde
Merge branch 'main' into feat/transport-server-sni
Oct 17, 2024
88ce4bf
Merge branch 'main' into feat/transport-server-sni
Oct 21, 2024
c0bde77
bash to shell
Oct 21, 2024
47959ef
Merge branch 'main' into feat/transport-server-sni
Oct 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
test undo enumeration
  • Loading branch information
Jim Ryan committed Oct 11, 2024
commit 20d71c363d24636561edb07ab5cb667367d062b3
22 changes: 11 additions & 11 deletions examples/custom-resources/transport-server-sni/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ In this example we create two different TransportServers that listen on the same
protocol: TCP
```

2. Add a custom port to the NGINX Ingress Controller pod with the Helm chart.
1. Add a custom port to the NGINX Ingress Controller pod with the Helm chart.

```yaml
controller.customPorts:
Expand All @@ -20,7 +20,7 @@ controller.customPorts:
protocol: TCP
```

3. Add a custom port to the NGINX Ingress Controller service.
1. Add a custom port to the NGINX Ingress Controller service.

```yaml
controller.service.customPorts:
Expand All @@ -30,22 +30,22 @@ controller.service.customPorts:
targetPort: 7000
```

4. Use `kubectl` to create the cafe-secret, and mongo-secret. These secrets are used for TLS in the TransportServers.
1. Use `kubectl` to create the cafe-secret, and mongo-secret. These secrets are used for TLS in the TransportServers.
`kubectl apply -f cafe-secret.yaml`
`kubectl apply -f mongo-secret.yaml`

5. Create the mongo and tcp echo example applications.
1. Create the mongo and tcp echo example applications.
`kubectl apply -f mongo.yaml`
`kubectl apply -f tcp-echo-server.yaml`

6. Wait until these are ready.
1. Wait until these are ready.
`kubectl get deploy -w`

7. Create the TransportServers for each application.
1. Create the TransportServers for each application.
`kubectl apply -f cafe-transport-server.yaml`
`kubectl apply -f mongo-transport-server.yaml`

8. Ensure they are in valid state.
1. Ensure they are in valid state.
`kubectl get ts`

```bash
Expand All @@ -54,7 +54,7 @@ cafe-ts Valid AddedOrUpdated 2m
mongo-ts Valid AddedOrUpdated 2m
```

9. Set up /etc/hosts or DNS
1. Set up /etc/hosts or DNS
This example uses a local NGINX Ingress Controller instance, so the /etc/hosts file
is being used to set cafe.example.com and mongo.example.com to localhost.
In a production instance, the server names would be set at the DNS layer.
Expand All @@ -66,10 +66,10 @@ In a production instance, the server names would be set at the DNS layer.
127.0.0.1 mongo.example.com
```

10. Expose port 7000 of the LoadBalancer service.
1. Expose port 7000 of the LoadBalancer service.
`k port-forward svc/my-release-nginx-ingress-controller 7000:7000`

11. Use `ncat` to ping cafe.example.com on port 7000 with SSL.
1. Use `ncat` to ping cafe.example.com on port 7000 with SSL.
`ncat --ssl cafe.example.com 7000`
When you write a message you should receive the following response:

Expand All @@ -86,7 +86,7 @@ The request and response should both be 2 bytes.
127.0.0.1 [24/Sep/2024:15:48:58 +0000] TCP 200 3 3 2.702 "-
```

12. Use mongosh to connect to the mongodb container through the TransportServer on port 7000.
1. Use mongosh to connect to the mongodb container through the TransportServer on port 7000.
`mongosh --host mongo.example.com --port 7000 --tls --tlsAllowInvalidCertificates`

```bash
Expand Down
Loading