Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

conn pool: use hostnames of endpoints as SNI values #34898

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

conn pool: use hostnames of endpoints as SNI values #34898

wants to merge 2 commits into from
+125 −23

Conversation

dmitriyilin
Copy link

Commit Message: conn pool: use hostnames of endpoints as SNI values
Additional Description: optional support for usage of upstream cluster endpoints' hostnames as SNI values
Risk Level: Low
Testing: integration
Docs Changes: added information about new mechanism of SNI derivation
Release Notes: https://github.com/dmitriyilin/envoy/blob/b8e8a4537e537da66925f442cd5aeb45094cc3c9/changelogs/current.yaml#L377
Platform Specific Features: N/A
Fixes #15839

@repokitteh-read-only RepoKitteh - Read Only
Copy link

Hi @dmitriyilin, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #34898 was opened by dmitriyilin.

see: more, trace.

@repokitteh-read-only RepoKitteh - Read Only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @abeyad
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #34898 was opened by dmitriyilin.

see: more, trace.

abeyad
abeyad previously approved these changes Jun 25, 2024
View reviewed changes
Copy link
Contributor

@abeyad abeyad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@dmitriyilin dmitriyilin requested a review from abeyad June 26, 2024 10:00
@dmitriyilin
Copy link
Author

dmitriyilin commented Jun 26, 2024
edited
Loading

I see that "Publish and verify" check fails in other PRs as well. Is anything required from me?

@dmitriyilin
Copy link
Author

Just realized that "auto_san_validation" functionality is not consistent with the new mechanism. I'll fix it.

mattklein123
mattklein123 requested changes Jun 26, 2024
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with small comment, thanks.

/wait

api/envoy/config/core/v3/protocol.proto
Comment on lines +145 to 148
// Alternative mechanism for derivation of the SNI value. It uses endpoint's :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` as the value, if ``hostname`` is set.
// If set, takes precedence over ``auto_sni``.
bool auto_sni_from_upstream = 4;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a minor point, but for consistency I think I would require auto_ani to be set as well, vs. just override it. Optimally this would have been a oneof but it's too late for that.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a note: oneof is now discouraged by the API style guide as of #30851

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abeyad, @mattklein123, API style guide also discourages boolean overloads and advises usage of multiple fields with defined precedence.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright sounds good.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dmitriyilin I think the way you have it set up now with precedence of auto_sni_from_upstream over auto_sni comports with my understanding of the API style guide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 requested changes

@alyssawilk alyssawilk Awaiting requested review from alyssawilk alyssawilk is a code owner

@abeyad abeyad Awaiting requested review from abeyad

Requested changes must be addressed to merge this pull request.

Assignees

@abeyad abeyad

Labels
api waiting
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support using each individual upstream's endpoint hostname as SNI parameter
3 participants
@dmitriyilin @abeyad @mattklein123