-
Story
-
Resolution: Done
-
Blocker
-
None
-
None
-
None
-
Upstream
-
8
-
False
-
None
-
False
-
OCPSTRAT-416 - Gateway API using Istio for Cluster Ingress (Dev Preview)
-
Sprint 227, Sprint 228, Sprint 229, Sprint 230, Sprint 231, Sprint 232, Sprint 233, Sprint 234, Sprint 235, Sprint 236
-
0
-
0.0
Blocker Issue for Enhanced Dev Preview
Passthrough routing is required for OAuth. TLSRoute makes it possible, but is still an alpha and experimental status. It was not promoted to beta when HTTPRoute was.
However, there is https://github.com/kubernetes-sigs/gateway-api/blob/main/apis/v1beta1/gateway_types.go#L354-L355, which describes Passthrough as a type for TLSMode on HTTPRoute.
Definition of experimental: https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard
https://gateway-api.sigs.k8s.io/concepts/api-overview/#tlsroute explains: "TLSRoute is for multiplexing TLS connections, discriminated via SNI. It's intended for where you want to use the SNI as the main routing method, and are not interested in properties of the higher-level protocols like HTTP. The byte stream of the connection is proxied without any inspection to the backend." Confirm that this is our intended use of passthough.
Discussed in the Gateway API community meeting: https://docs.google.com/document/d/1eg-YjOHaQ7UD28htdNxBR3zufebozXKyI28cl2E11tU/edit#heading=h.v6hxh3jn3fd0
Outstanding issues:
not enough implementations- conformance tests lacking
- Client Certificate Verification for Gateway Listeners #91 https://github.com/kubernetes-sigs/gateway-api/issues/91
- Conflicting SNI's between HTTPRoute & TLSRoute #623 https://github.com/kubernetes-sigs/gateway-api/issues/623
- other doc issues
- is cloned by
-
NE-1309 [OOP] Work upstream to promote passthrough in Gateway API
- To Do