Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add ssl passthrough note in FAQ #844

Merged
merged 4 commits into from
Sep 2, 2021
Merged

docs: add ssl passthrough note in FAQ #844

merged 4 commits into from
Sep 2, 2021

Conversation

shaneutt
Copy link
Member

@shaneutt shaneutt commented Aug 31, 2021
edited
Loading

What type of PR is this?
/kind documentation

What this PR does / why we need it:
The HTTPRoute API (specifically) doesn't support SSL Passthrough. An implementer recently reported this wasn't clear. There is documentation on this, but in order to help make this more clear/prominent this patch adds a note about it in the FAQ with links to the relevant docs and guides.

Which issue(s) this PR fixes:
Fixes #840

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added kind/documentation Categorizes issue or PR as related to documentation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 31, 2021
bowei
bowei reviewed Aug 31, 2021
View reviewed changes
site-src/faq.md Outdated Show resolved Hide resolved
@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from 5838b30 to 174161e Compare August 31, 2021 20:16
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 31, 2021
@shaneutt shaneutt marked this pull request as draft August 31, 2021 20:18
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 31, 2021
@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from 174161e to 283c7d7 Compare August 31, 2021 20:23
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 31, 2021
@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from 283c7d7 to 22d06c3 Compare August 31, 2021 20:26
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 31, 2021
@shaneutt shaneutt marked this pull request as ready for review August 31, 2021 20:26
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 31, 2021
@shaneutt shaneutt requested a review from bowei August 31, 2021 20:26
@bowei
Copy link
Contributor

bowei commented Aug 31, 2021

LGTM (giving other people a chance to look)

@jpeach
Copy link
Contributor

jpeach commented Sep 1, 2021

Should we make a corresponding spec change?

@youngnick
Copy link
Contributor

Should we make a corresponding spec change?

I think something in the godoc would be a good idea, agreed. Maybe a note in the Listener docstring, or in the HTTPRoute one?

Wording of the change LGTM though.

@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from 22d06c3 to 0ededfc Compare September 1, 2021 14:54
@shaneutt
Copy link
Member Author

shaneutt commented Sep 1, 2021

0ededfc was added to add a similar note to the HTTPRoute spec 👍

robscott
robscott reviewed Sep 1, 2021
View reviewed changes
apis/v1alpha2/httproute_types.go Outdated
Comment on lines 735 to 737
// Note that SSL passthrough is not supported for these backend refs, and
// if you're looking to implement that kind of functionality use TLSRoute.
//
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think instead of adding this here, it might be better to add this to the Passthrough godocs here: https://github.com/kubernetes-sigs/gateway-api/blob/master/apis/v1alpha2/gateway_types.go#L337-L340

Copy link
Member Author

@shaneutt shaneutt Sep 2, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved as suggested in 34d584e 👍, lmkwyt

hbagdi
hbagdi reviewed Sep 1, 2021
View reviewed changes
site-src/faq.md Outdated
terminating it) is not currently a supported routing option when using the
[HTTPRoute][routes] API. If you need this functionality it is supported by
the [TLSRoute][tlsroute] API. Also see the [TLS Guide][tlsguide] for more
details about passthrough and other TLS configurations.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd recommend framing it rather as "Yes, it is supported using TLSRoute. It is not supported in HTTPRoute because it is not possible to route based on HTTP metadata without terminating TLS."
This educates our users. The current wording makes me feel "something is possible but is not supported in the API".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, 3dc2ed4 changes the language lmkwyt

@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from 38f3d39 to f3ac23d Compare September 2, 2021 13:34
@shaneutt shaneutt force-pushed the shaneutt/docs/ssl-passthrough branch from f3ac23d to 3dc2ed4 Compare September 2, 2021 13:36
robscott
robscott reviewed Sep 2, 2021
View reviewed changes
Copy link
Member

@robscott robscott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the work on this!

site-src/faq.md Outdated Show resolved Hide resolved
site-src/faq.md Outdated Show resolved Hide resolved
apis/v1alpha2/gateway_types.go Outdated Show resolved Hide resolved
@shaneutt @robscott
Apply suggestions from code review
c1cd76a 
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
robscott
robscott reviewed Sep 2, 2021
View reviewed changes
site-src/faq.md Outdated Show resolved Hide resolved
@robscott
Copy link
Member

robscott commented Sep 2, 2021

Thanks!

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 2, 2021
@robscott robscott added tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Sep 2, 2021
@robscott
Copy link
Member

robscott commented Sep 2, 2021

Weird, I didn't know that would remove lgtm and approved labels... Trying again.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 2, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: robscott, shaneutt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 2, 2021
@k8s-ci-robot k8s-ci-robot merged commit 817f1b6 into kubernetes-sigs:master Sep 2, 2021
@shaneutt shaneutt deleted the shaneutt/docs/ssl-passthrough branch September 2, 2021 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bowei bowei Awaiting requested review from bowei

@hbagdi hbagdi Awaiting requested review from hbagdi

@robscott robscott Awaiting requested review from robscott

Assignees

@robscott robscott

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Document that Is HTTPS + Passthrough TLS is not supported
7 participants
@shaneutt @bowei @jpeach @youngnick @robscott @k8s-ci-robot @hbagdi