Replies: 2 comments
-
In addition to the above, I hope we can get representatives from the implementations listed (+Kong, which is not listed but I know to have an implementation) to help us by providing an up-to-date answer to these specific questions:
|
Beta Was this translation helpful? Give feedback.
-
At Kong, I cannot say However, after having discussed Gateway merging and thinking about it a lot recently, my feeling is that |
Beta Was this translation helpful? Give feedback.
-
The purpose of this discussion is to try to get consensus on 1) keeping TLSRoute and then 2) graduating TLSRoute to standard.
TLSRoute has a well-documented need in Gateway API.
@hbagdi’s comprehensive document on [SIG-NETWORK] TLS config in service-apis provides some background discussion of TLS concerns for service APIs and what it might look like to combine TLS config with HTTPRoute or TCPRoute. Service API: TLS related issues lists some Issues that were related back then. We’ve relied on @youngnick's encyclopedic Gateway API TLS Use Cases to answer many questions, including the need for TLSRoute when Passthrough routing is required.
The current list of TLS related issues that are waiting to be addressed includes:
The current list of TLS related discussions expressing interest in TLSRoute includes:
Over time several implementations have added TLSRoute based only the experimental API:
Cilium, Contour, Envoy Gateway, Istio, and nginx-gateway-fabric. I should add that Red Hat needs the TLSRoute (for passthrough) in its Gateway API integrations.
Despite the history, interest expressed via issues and discussions, and several implementations, we find ourselves in a position of questioning the role and necessity of a separate TLSRoute, see Ideas for TCP, TLS, and UDP Routing · kubernetes-sigs gateway-api · Discussion #2618 and Would Gateway Merging make TLSRoute Unnecessary? · kubernetes-sigs gateway-api · Discussion #3177 . [SIG-NETWORK] Gateway Hierarchy Brainstorming came about to address a new mechanism for gateway merging and mentions TLSRoute, but without resuming the decision-making on this, it’s not clear that it makes all TLSRoute concerns obsolete. I would like to request that we try to make a decision on TLSRoute that is not dependent on solving the Gateway Merging issues. If the community agrees that cannot happen, it would be good to focus energy back on the Gateway Merging solution as soon as possible.
Having said that, here is a summary of reasons to keep TLSRoute:
cc @robscott @shaneutt @youngnick @mlavacca
Beta Was this translation helpful? Give feedback.
All reactions