🌱 Add envoy: Postgres filter: implement Postgres SSL termination and mission (#1709)

clubanderson · github-actions[bot] · web-flow · commit 02f87a507fe7 · 2026-03-24T07:57:08.000+01:00
Signed-off-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
diff --git a/solutions/cncf-generated/envoy/envoy-10942-postgres-filter-implement-postgres-ssl-termination-and-monitoring.json b/solutions/cncf-generated/envoy/envoy-10942-postgres-filter-implement-postgres-ssl-termination-and-monitoring.json
@@ -0,0 +1,77 @@
+{
+  "version": "kc-mission-v1",
+  "name": "envoy-10942-postgres-filter-implement-postgres-ssl-termination-and-monitoring",
+  "missionClass": "solution",
+  "author": "KubeStellar Bot",
+  "authorGithub": "kubestellar",
+  "mission": {
+    "title": "envoy: Postgres filter: implement Postgres SSL termination and monitoring",
+    "description": "Postgres filter: implement Postgres SSL termination and monitoring. Requested by 14+ users.",
+    "type": "feature",
+    "status": "completed",
+    "steps": [
+      {
+        "title": "Check current envoy deployment",
+        "description": "Verify your envoy version and configuration:\n```bash\nkubectl get pods -n envoy -l app.kubernetes.io/name=envoy\nhelm list -n envoy 2>/dev/null || echo \"Not installed via Helm\"\n```\nThis feature requires a working envoy installation."
+      },
+      {
+        "title": "Review envoy configuration",
+        "description": "Inspect the relevant envoy configuration:\n```bash\nkubectl get all -n envoy -l app.kubernetes.io/name=envoy\nkubectl get configmap -n envoy -l app.kubernetes.io/part-of=envoy\n```\nEncrypting the communications with the database is a hard requirement in many environments. And while cryptography is currently very fast on modern hardware, it still imposes some penalty where it is executed."
+      },
+      {
+        "title": "Apply the fix for Postgres filter: implement Postgres SSL termination and…",
+        "description": "Commit Message:\nAdds ability to use _starttls_ transport socket to terminate SSL at Envoy and pass unencrypted traffic upstream to Postgres server.\n\nAdditional Description:\nRisk Level: Low\nTesting: Added unit and integration tests.\nDocs Changes: Yes.\nRelease Notes: Yes.\n```yaml\ntls_context:\n  common_tls_context:\n    tls_certificates:\n      - certificate_chain:\n          filename: \"/etc/example-com.crt\"\n        private_key:\n          filename: \"/etc/example-com.key\"\n```"
+      },
+      {
+        "title": "Verify the feature works",
+        "description": "Test that the new capability is working as expected:\n```bash\nkubectl get pods -n envoy -l app.kubernetes.io/name=envoy\nkubectl get events -n envoy --sort-by='.lastTimestamp' | tail -10\n```\nConfirm the feature described in \"Postgres filter: implement Postgres SSL termination and…\" is functioning correctly."
+      }
+    ],
+    "resolution": {
+      "summary": "Commit Message:\nAdds ability to use _starttls_ transport socket to terminate SSL at Envoy and pass unencrypted traffic upstream to Postgres server.\n\nAdditional Description:\nRisk Level: Low\nTesting: Added unit and integration tests.\nDocs Changes: Yes.\nRelease Notes: Yes.",
+      "codeSnippets": [
+        "tls_context:\n  common_tls_context:\n    tls_certificates:\n      - certificate_chain:\n          filename: \"/etc/example-com.crt\"\n        private_key:\n          filename: \"/etc/example-com.key\""
+      ]
+    }
+  },
+  "metadata": {
+    "tags": [
+      "envoy",
+      "graduated",
+      "networking",
+      "feature"
+    ],
+    "cncfProjects": [
+      "envoy"
+    ],
+    "targetResourceKinds": [
+      "Pod"
+    ],
+    "difficulty": "intermediate",
+    "issueTypes": [
+      "feature"
+    ],
+    "maturity": "graduated",
+    "sourceUrls": {
+      "issue": "https://github.com/envoyproxy/envoy/issues/10942",
+      "repo": "https://github.com/envoyproxy/envoy",
+      "pr": "https://github.com/envoyproxy/envoy/pull/14634"
+    },
+    "reactions": 14,
+    "comments": 15,
+    "synthesizedBy": "copilot"
+  },
+  "prerequisites": {
+    "kubernetes": ">=1.24",
+    "tools": [
+      "kubectl"
+    ],
+    "description": "A running Kubernetes cluster with envoy installed or the issue environment reproducible."
+  },
+  "security": {
+    "scannedAt": "2026-03-24T06:28:37.246Z",
+    "scannerVersion": "cncf-gen-3.0.0",
+    "sanitized": true,
+    "findings": []
+  }
+}
