Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow users to set hosts to the wildcard specifier when TLS is disabled #8083

Merged
merged 1 commit into from
Jun 11, 2020
Merged

Allow users to set hosts to the wildcard specifier when TLS is disabled #8083

merged 1 commit into from
Jun 11, 2020

Conversation

crhino
Copy link
Contributor

@crhino crhino commented Jun 10, 2020
edited
Loading

This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs

In #7990, we defaulted to always requiring a host header, even if only 1 service is exposed, so that adding another service to the configuration would not accidentally break traffic flows. However, that then made it hard to test ingress gateways using a single service by requiring the correct Host header always.

With this PR, a config like so is valid:

Kind = "ingress-gateway"
Name = "ingress-gateway"
Listeners = [
  {
    Port = 80
    Protocol = "http"
    Services = [
      {
        Name = "web"
        Hosts = ["*"]
      }
    ]
  }
]

and this allows a user to send traffic to the ingress gateway and see it reach the web service without having to specify a specific host.

We disallow * host when TLS is enabled, because we want all hosts to be valid DNSSAN records.

@crhino
Allow users to set hosts to the wildcard specifier when TLS is disabled
e67f1bd 
This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs
@crhino crhino requested review from kyhavlov and a team June 10, 2020 21:37
@crhino crhino added this to the 1.8.0 milestone Jun 11, 2020
mkeeler
mkeeler approved these changes Jun 11, 2020
View reviewed changes
Copy link
Member

@mkeeler mkeeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@crhino crhino merged commit 6fa48c9 into master Jun 11, 2020
@crhino crhino deleted the ingress/allow-wildcard-host branch June 11, 2020 15:03
hashicorp-ci pushed a commit that referenced this pull request Jun 11, 2020
@crhino @hashicorp-ci
Allow users to set hosts to the wildcard specifier when TLS is disabl…
7f89ab9 
…ed (#8083)

This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs
This was referenced Jun 15, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkeeler mkeeler mkeeler approved these changes

@kyhavlov kyhavlov Awaiting requested review from kyhavlov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
2 participants
@crhino @mkeeler