Merge pull request #620 from kartverket/add-support-for-tls-ports

service-entry: add support for TLS ports

Author: evenh

api/v1alpha1/podtypes/access_policy.go

@@ -123,9 +123,9 @@ type ExternalPort struct {
 	//+kubebuilder:validation:Required
 	Port int `json:"port"`
 
-	// The protocol to use for communication with the host. Only HTTP, HTTPS and TCP are supported.
+	// The protocol to use for communication with the host. Supported protocols are: HTTP, HTTPS, TCP and TLS.
 	//
 	//+kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=HTTP;HTTPS;TCP
+	// +kubebuilder:validation:Enum=HTTP;HTTPS;TCP;TLS
 	Protocol string `json:"protocol"`
 }

config/crd/skiperator.kartverket.no_applications.yaml

@@ -172,13 +172,14 @@ spec:
                                     description: The port number of the external host
                                     type: integer
                                   protocol:
-                                    description: The protocol to use for communication
-                                      with the host. Only HTTP, HTTPS and TCP are
-                                      supported.
+                                    description: 'The protocol to use for communication
+                                      with the host. Supported protocols are: HTTP,
+                                      HTTPS, TCP and TLS.'
                                     enum:
                                     - HTTP
                                     - HTTPS
                                     - TCP
+                                    - TLS
                                     type: string
                                 required:
                                 - name

config/crd/skiperator.kartverket.no_skipjobs.yaml

@@ -184,13 +184,14 @@ spec:
                                           host
                                         type: integer
                                       protocol:
-                                        description: The protocol to use for communication
-                                          with the host. Only HTTP, HTTPS and TCP
-                                          are supported.
+                                        description: 'The protocol to use for communication
+                                          with the host. Supported protocols are:
+                                          HTTP, HTTPS, TCP and TLS.'
                                         enum:
                                         - HTTP
                                         - HTTPS
                                         - TCP
+                                        - TLS
                                         type: string
                                     required:
                                     - name

tests/application/access-policy/chainsaw-test.yaml

@@ -47,3 +47,8 @@ spec:
             file: external-ip-policy.yaml
         - assert:
             file: external-ip-policy-assert.yaml
+    - try:
+        - apply:
+            file: dns-lookup.yaml
+        - assert:
+            file: dns-lookup-assert.yaml

tests/application/access-policy/dns-lookup-assert.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: dns-lookup-egress-9cb096c5f59540a7
+spec:
+  exportTo:
+    - .
+    - istio-system
+    - istio-gateways
+  resolution: DNS
+  hosts:
+    - directory.example.com
+  ports:
+    - name: ldaps
+      number: 636
+      protocol: TLS

tests/application/access-policy/dns-lookup.yaml

@@ -0,0 +1,15 @@
+apiVersion: skiperator.kartverket.no/v1alpha1
+kind: Application
+metadata:
+  name: dns-lookup
+spec:
+  image: image
+  port: 8080
+  accessPolicy:
+    outbound:
+      external:
+        - host: directory.example.com
+          ports:
+            - name: ldaps
+              port: 636
+              protocol: TLS