Gateway object for korifi api uses protocol mode passthrough with TLS Protocol. Looks like Nginx gateway fabric does not support TLS protocol and passthrough? #3188
Labels
Comments
doddisam
changed the title
|
Hey @doddisam
Unfortunately not out of the box. Previously we used to reencrypt requests to korifi api when sent to kubernetes but we gave this up in favour of Gateway API TLS passthrough. That worked well for the networkers we looked at (contour and istio) but apparently this is not supported by all implementations. As a workaround you could experiment with patching the korifi gateway to get the reencryption working until nginx gateway starts supporting passthrough. |
|
@danail-branekov Thank you for your response. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Hello,
I switched the ingress controller to nginx from contour to test the different ingress controller which supports gateway api. I see it failing with below error when i target to korifi api.
Note:- The same Gateway configuration works with contour and looks like contour supports passthrough over TLS.
API endpoint: https://api.korifi-pks.amer.xxx.com
Request error: Get "https://api.korifi-pks.amer.xxx.com": remote error: tls: unrecognized name
After some research i found that nginx gateway fabric does not support passthrough with TLS protocol as of today.
Also i see below error on the Gateway object.
Attached Routes: 0
Conditions:
Last Transition Time: 2024-03-20T09:01:55Z
Message: protocol: Unsupported value: "TLS": supported values: "HTTP", "HTTPS"
Observed Generation: 6
Reason: UnsupportedProtocol
Status: False
Type: Accepted
Last Transition Time: 2024-03-20T09:01:55Z
Message: protocol: Unsupported value: "TLS": supported values: "HTTP", "HTTPS"
Observed Generation: 6
Reason: Invalid
Status: False
Type: Programmed
Name: https-api
Is there a way to get this working with nginx gateway fabric as of today ?
Action to take
No response
Impact
Hello,
I switched the ingress controller to nginx from contour to testing the gateway api compatibility. I see it failed with below error when i target to korifi api using nginx.
Note:- The same Gateway configuration works with contour and looks like contour supports passthrough over TLS.
API endpoint: https://api.korifi-pks.xxx.com
Request error: Get "https://api.korifi-pks.xxx.com": remote error: tls: unrecognized name
After some research i found that nginx gateway fabric does not support passthrough with TLS protocol as of today.
Also i see below error on the Gateway object.
Attached Routes: 0
Conditions:
Last Transition Time: 2024-03-20T09:01:55Z
Message: protocol: Unsupported value: "TLS": supported values: "HTTP", "HTTPS"
Observed Generation: 6
Reason: UnsupportedProtocol
Status: False
Type: Accepted
Last Transition Time: 2024-03-20T09:01:55Z
Message: protocol: Unsupported value: "TLS": supported values: "HTTP", "HTTPS"
Observed Generation: 6
Reason: Invalid
Status: False
Type: Programmed
Name: https-api
Is there a way to get this working with nginx gateway fabric as of today ?
Dev Notes
No response
The text was updated successfully, but these errors were encountered: