From 7f66888bf57bb97ed632686d646ae8b922503d6b Mon Sep 17 00:00:00 2001 From: Kyle Hodgetts Date: Wed, 21 Sep 2022 14:26:30 +0300 Subject: [PATCH] pass in tls inspector config to fix issue where envoy couldnt find a registered implementation for tls_inspector with empty url (#758) * pass in tls inspector config to fix issue where envoy couldnt find a registered implementation for tls_inspector with empty url * removed unused imports Signed-off-by: jasmingacic Signed-off-by: jasmingacic Co-authored-by: Jasmin Gacic --- api/v1alpha1/api_webhook.go | 1 - internal/envoy/config/listener.go | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/api_webhook.go b/api/v1alpha1/api_webhook.go index 04bb35c1b..74ac28d78 100644 --- a/api/v1alpha1/api_webhook.go +++ b/api/v1alpha1/api_webhook.go @@ -37,7 +37,6 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/getkin/kin-openapi/openapi3" "github.com/kubeshop/kusk-gateway/pkg/spec" ) diff --git a/internal/envoy/config/listener.go b/internal/envoy/config/listener.go index ba67402ef..de829d0de 100644 --- a/internal/envoy/config/listener.go +++ b/internal/envoy/config/listener.go @@ -31,6 +31,7 @@ import ( core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + tlsinspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" @@ -200,7 +201,15 @@ func (l *listenerBuilder) AddHTTPManagerFilterChains(httpConnectionManager *hcm. // When certificates are present, we add an additional Listener filter chain that is selected when the connection protocol type is tls. // HTTP Manager configuration is the same. // Enable TLS Inspector in the Listener to detect plain http or tls requests. - l.addListenerFilter(&listener.ListenerFilter{Name: wellknown.TLSInspector}) + tlsInspector := &tlsinspector.TlsInspector{} + anyTlsInspector, err := anypb.New(tlsInspector) + if err != nil { + return fmt.Errorf("failed to add tls inspector to the listener: cannot convert to Any message type: %w", err) + } + l.addListenerFilter(&listener.ListenerFilter{ + Name: wellknown.TLSInspector, + ConfigType: &listener.ListenerFilter_TypedConfig{TypedConfig: anyTlsInspector}, + }) // Make sure plain http manager filter chain is selected when protocol type is raw_buffer (not tls). hcmPlainChain.FilterChainMatch = &listener.FilterChainMatch{TransportProtocol: "raw_buffer"}