Uploaded image for project: 'Network Edge'
  1. Network Edge
  2. NE-1097

[OOP] Work upstream to promote passthrough in Gateway API


    • Icon: Story Story
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • None
    • None
    • 8
    • False
    • None
    • False
    • OCPSTRAT-416 - Gateway API using Istio for Cluster Ingress (Dev Preview)
    • Sprint 227, Sprint 228, Sprint 229, Sprint 230, Sprint 231, Sprint 232, Sprint 233, Sprint 234, Sprint 235, Sprint 236
    • 0
    • 0.0

      Blocker Issue for Enhanced Dev Preview

      Passthrough routing is required for OAuth.  TLSRoute makes it possible, but is still an alpha and experimental status. It was not promoted to beta when HTTPRoute was.

      However, there is https://github.com/kubernetes-sigs/gateway-api/blob/main/apis/v1beta1/gateway_types.go#L354-L355, which describes Passthrough as a type for TLSMode on HTTPRoute.

      Definition of experimental: https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard 

      https://gateway-api.sigs.k8s.io/concepts/api-overview/#tlsroute explains: "TLSRoute is for multiplexing TLS connections, discriminated via SNI. It's intended for where you want to use the SNI as the main routing method, and are not interested in properties of the higher-level protocols like HTTP. The byte stream of the connection is proxied without any inspection to the backend." Confirm that this is our intended use of passthough.

      Discussed in the Gateway API community meeting: https://docs.google.com/document/d/1eg-YjOHaQ7UD28htdNxBR3zufebozXKyI28cl2E11tU/edit#heading=h.v6hxh3jn3fd0

      Outstanding issues:

            cholman@redhat.com Candace Holman
            cholman@redhat.com Candace Holman
            0 Vote for this issue
            1 Start watching this issue