Allow the configuration of ALPN negotiation when using Gateway API in TLS Terminate mode #6685
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/needs-triage
Indicates that an issue needs to be triaged by a project contributor.
Comments
hbobenicio
added
kind/feature
|
Hey @hbobenicio! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
I'm using Contour with Dynamically Provisioned mode using the Contour Gateway Provisioner.
I'm also using the Gateway API listeners using TLS in Terminate mode for connecting to TLSRoute's.
The upstream service I'm trying to serve is Postgres.
I'd like to use tls in client connections for obvious reasons.
I'm focusing on postgres client and server on version 17 which enable sslnegotiation=direct, which means, it runs directly the tls after tcp without that clunky SSL Request extra roundtrip from postgres protocol, but it also requires the TLS Server to respond to ALPN for application protocol "postgresql".
If I terminate the TLS conection in the gateway, I need to configure it to respond to custom a ALPN (with "postgresql"). ATM Contour doesn't allow us to do that (but envoy itself does!).
This may apply to any protocol or upstream service that requires ALPN negotiation.
Related Links
The text was updated successfully, but these errors were encountered: