Skip to content

handle custom sni in bootstrap clusters#26684

Merged
istio-testing merged 2 commits intoistio:masterfrom
ramaraochavali:fix/tracing_tls
Aug 20, 2020
Merged

handle custom sni in bootstrap clusters#26684
istio-testing merged 2 commits intoistio:masterfrom
ramaraochavali:fix/tracing_tls

Conversation

@ramaraochavali
Copy link
Copy Markdown
Contributor

@ramaraochavali ramaraochavali commented Aug 20, 2020

The TLS SNI check was in handled in correctly in PR #25070 for bootstrap clusters. This PR fixes it.

[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[X ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

Pull Request Attributes

Please check any characteristics that apply to this pull request.

[ ] Does not have any changes that may affect Istio users.

@ramaraochavali
handle custom tls sni in bootstrap
492553a 
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
@ramaraochavali ramaraochavali requested a review from a team as a code owner August 20, 2020 07:20
@googlebot googlebot added the cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. label Aug 20, 2020
@istio-testing istio-testing added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Aug 20, 2020
@ramaraochavali ramaraochavali added release-notes-none Indicates a PR that does not require release notes. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Aug 20, 2020
@ramaraochavali
Copy link
Copy Markdown
Contributor Author

ramaraochavali commented Aug 20, 2020

@nikolay-pshenichny

@ramaraochavali
fix ut
b448e80 
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
@istio-testing istio-testing added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Aug 20, 2020
@istio-testing istio-testing merged commit 658e8a9 into istio:master Aug 20, 2020
@istio-testing istio-testing mentioned this pull request Aug 20, 2020
Merged
@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Aug 20, 2020

In response to a cherrypick label: new pull request created: #26685

@ramaraochavali ramaraochavali deleted the fix/tracing_tls branch August 20, 2020 08:17
howardjohn
howardjohn reviewed Aug 20, 2020
View reviewed changes
pkg/bootstrap/option/convert.go
return nil
}
if len(sniName) > 0 {
if len(tls.Sni) == 0 && tls.Mode == networkingAPI.ClientTLSSettings_ISTIO_MUTUAL {
Copy link
Copy Markdown
Member

@howardjohn howardjohn Aug 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we not set SNI for mutual or simple?

Copy link
Copy Markdown
Contributor Author

@ramaraochavali ramaraochavali Aug 21, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for ISTIO_MUTUAL we default it to "tracer" , "envoy_metrics_service" if tls.Sni is not specified - that was the existing behaviour.
For Simple and Mutual we set it only if it is specified in TLS settings (because we do not know what to default to).

Are you suggesting we should not default for ISTIO_MUTUAL as well and only set if user sets it?

@ramaraochavali ramaraochavali mentioned this pull request Nov 4, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howardjohn howardjohn howardjohn left review comments

@hzxuzhonghu hzxuzhonghu hzxuzhonghu approved these changes

Assignees

No one assigned

Labels

area/networking cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. release-notes-none Indicates a PR that does not require release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ramaraochavali @istio-testing @howardjohn @hzxuzhonghu @googlebot @istio-policy-bot