Skip to content

conn pool: use hostnames of endpoints as SNI values#34898

Merged
mattklein123 merged 10 commits intoenvoyproxy:mainfrom
dmitriyilin:feature/auto-sni-from-upstream
Jul 16, 2024
Merged

conn pool: use hostnames of endpoints as SNI values#34898
mattklein123 merged 10 commits intoenvoyproxy:mainfrom
dmitriyilin:feature/auto-sni-from-upstream

Conversation

@dmitriyilin
Copy link
Copy Markdown
Contributor

@dmitriyilin dmitriyilin commented Jun 25, 2024

Commit Message: conn pool: use hostnames of endpoints as SNI values
Additional Description: optional support for usage of upstream cluster endpoints' hostnames as SNI values
Risk Level: Low
Testing: integration
Docs Changes: added information about new mechanism of SNI derivation
Release Notes: https://github.com/dmitriyilin/envoy/blob/b8e8a4537e537da66925f442cd5aeb45094cc3c9/changelogs/current.yaml#L377
Platform Specific Features: N/A
Fixes #15839

@dmitriyilin
conn pool: use hostnames of endpoints as SNI values
b8e8a45 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only Bot commented Jun 25, 2024

Hi @dmitriyilin, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #34898 was opened by dmitriyilin.

see: more, trace.

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only Bot commented Jun 25, 2024

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @abeyad
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #34898 was opened by dmitriyilin.

see: more, trace.

abeyad
abeyad previously approved these changes Jun 25, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@abeyad abeyad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@dmitriyilin
Fix typo and field references in docs for auto_sni_from_upstream
d2e05c1 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin dmitriyilin requested a review from abeyad June 26, 2024 10:00
@dmitriyilin
Copy link
Copy Markdown
Contributor Author

dmitriyilin commented Jun 26, 2024
edited
Loading

I see that "Publish and verify" check fails in other PRs as well. Is anything required from me?

@dmitriyilin
Copy link
Copy Markdown
Contributor Author

dmitriyilin commented Jun 26, 2024

Just realized that "auto_san_validation" functionality is not consistent with the new mechanism. I'll fix it.

mattklein123
mattklein123 requested changes Jun 26, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with small comment, thanks.

/wait

Comment thread api/envoy/config/core/v3/protocol.proto
@dmitriyilin
Fix SAN validation when SNI is derived from upstream
a00fb59 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin
Copy link
Copy Markdown
Contributor Author

dmitriyilin commented Jul 1, 2024

@mattklein123 , @abeyad I've fixed SAN validation. Can you review the changes?

@dmitriyilin dmitriyilin requested a review from mattklein123 July 1, 2024 18:01
abeyad
abeyad previously approved these changes Jul 1, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@abeyad abeyad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@repokitteh-read-only repokitteh-read-only Bot removed the api label Jul 1, 2024
@dmitriyilin
Kick CI
8e28dac 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin
Merge branch 'main' into feature/auto-sni-from-upstream
b43ce1e 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@abeyad
Copy link
Copy Markdown
Contributor

abeyad commented Jul 10, 2024

FYI, I'll be OOO for a couple weeks, so if this PR has API changes again that need further review, you probably want to find another API reviewer, thanks!

@dmitriyilin
Merge branch 'main' into feature/auto-sni-from-upstream
cdef3f3 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin
Kick CI
5d2d462 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin
Kick CI envoyproxy#2 flaky test
bf98849 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
mattklein123
mattklein123 requested changes Jul 12, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with small nit, thanks.

/wait

Comment thread source/common/conn_pool/conn_pool_base.cc
@dmitriyilin
Reducing nesting
b2c5f4a 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin
Merge branch 'main' into feature/auto-sni-from-upstream
75c9950 
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin dmitriyilin requested a review from mattklein123 July 15, 2024 11:44
@dmitriyilin
Copy link
Copy Markdown
Contributor Author

dmitriyilin commented Jul 15, 2024

@mattklein123 , can you help finding a new member of API shepherds for reviewing the change? Does @envoyproxy/api-shepherds referencing work?

adisuissa
adisuissa reviewed Jul 15, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

mattklein123
mattklein123 approved these changes Jul 16, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@mattklein123 mattklein123 merged commit 6db316f into envoyproxy:main Jul 16, 2024
phlax added a commit to phlax/envoy that referenced this pull request Jul 16, 2024
@phlax
Revert "conn pool: use hostnames of endpoints as SNI values (envoypro…
d2fbc02 
…xy#34898)"

This reverts commit 6db316f.

Signed-off-by: Ryan Northey <ryan@synca.io>
phlax added a commit to phlax/envoy that referenced this pull request Jul 16, 2024
@phlax
Revert "conn pool: use hostnames of endpoints as SNI values (envoypro…
b8a2638 
…xy#34898)"

This reverts commit 6db316f.

Signed-off-by: Ryan Northey <ryan@synca.io>
phlax added a commit that referenced this pull request Jul 17, 2024
@phlax
Revert "conn pool: use hostnames of endpoints as SNI values (#34898)" (
d84f707 
…#35212)

This reverts commit 6db316f.

Signed-off-by: Ryan Northey <ryan@synca.io>
dmitriyilin added a commit to dmitriyilin/envoy that referenced this pull request Jul 23, 2024
@dmitriyilin
Revert "Revert "conn pool: use hostnames of endpoints as SNI values (e…
8ce7986 
…nvoyproxy#34898)" (envoyproxy#35212)"

This reverts commit d84f707.

Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
@dmitriyilin dmitriyilin mentioned this pull request Jul 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adisuissa adisuissa adisuissa left review comments

@mattklein123 mattklein123 mattklein123 approved these changes

@abeyad abeyad abeyad left review comments

@alyssawilk alyssawilk Awaiting requested review from alyssawilk

Assignees

@abeyad abeyad

@mattklein123 mattklein123

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support using each individual upstream's endpoint hostname as SNI parameter

4 participants

@dmitriyilin @abeyad @adisuissa @mattklein123