Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for NGINX Service Mesh internal routes #1075

Merged
merged 1 commit into from
Jul 28, 2020
Merged

Add support for NGINX Service Mesh internal routes #1075

merged 1 commit into from
Jul 28, 2020

Conversation

kate-osborn
Copy link
Contributor

Proposed changes

Add support for NGINX Service Mesh internal routes.

  • Adds command line flag -enable-internal-routes which requires -spire-agent-address and -nginx-plus.
    If internal routes are enabled an internal route server block is generated to terminate tls connections using the Spiffe certs fetched from the Spire agent. Internal routes are created for Ingress resources that are annotated with nsm.nginx.com/internal-route: "true" and can only be accessed by services in NGINX Service Mesh.

  • Changes -spire-agent-address to require -nginx-plus and removes SpiffeCerts config option from the oss templates.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch from my own fork

@kate-osborn
Add support for NGINX Service Mesh internal routes
86c3598 
Internal routes are enabled with the -enable-interal-routes cli flag.
-enable-internal-rotues flag requires -spire-agent-address and -nginx-plus.
-spire-agent-address now requires -nginx-plus.
@kate-osborn kate-osborn self-assigned this Jul 27, 2020
@kate-osborn kate-osborn merged commit 1f1814b into master Jul 28, 2020
@lucacome lucacome deleted the nginx-mesh-egress branch July 28, 2020 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucacome lucacome lucacome approved these changes

@pleshakov pleshakov pleshakov approved these changes

Assignees

@kate-osborn kate-osborn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kate-osborn @lucacome @pleshakov