Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local proxy resolution #724

Open
jspdown opened this issue Sep 7, 2020 · 0 comments
Open

Local proxy resolution #724

jspdown opened this issue Sep 7, 2020 · 0 comments
Assignees
@jspdown
Labels
area/helm area/mtls area/services kind/enhancement a new or improved feature.
Milestone
next

Comments

@jspdown
Copy link
Contributor

jspdown commented Sep 7, 2020
edited
Loading

Feature Request

In order to support end-to-end encryption between nodes, we first need to be able to resolve .maesh URLs into a local proxy. We first aimed at using ServiceTopology to solve this issue, but as this feature is still in alpha stage it could be removed in the next version without further notice. After studying different alternatives we found that the less invasive, opt-in, low-privileged and easy to use solution would be to use a "local" dns server.

Proposal

Write a MutatingAdmissionWebhook to inject a DNS proxy and set the dnsConfig and dnsPolicy attributes. This DNS proxy will rewrite ".maesh" urls into node-aware shadow service urls.
For example: svc.ns.maesh -> maesh-svc-6d61657368-ns-6d61657368-node1.svc.cluster.local

The maesh-svc-6d61657368-ns-6d61657368-node1 shadow service will lead to a proxy deployed on node1.
@jspdown jspdown self-assigned this Sep 7, 2020
@kevinpollet kevinpollet added this to the next milestone Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jspdown jspdown

Labels
area/helm area/mtls area/services kind/enhancement a new or improved feature.
Projects
None yet
Milestone
next
Development

No branches or pull requests
2 participants
@kevinpollet @jspdown