feat: adding support for ext auth and backend mtls
What this PR does / why we need it: This enables the use of a shared client certificate with Envoy proxies when accessing external services or backends.
Approach: We introduce the capability to associate a TLS client certificate with the global configuration of an Envoy proxy. When configured, this client certificate will be used by the proxies when connecting to specified backends or external services, as determined by the presence of TLS routes.
- Extra e2e tests are added
Which issue(s) this PR fixes: https://github.com/envoyproxy/gateway/issues/2536
Codecov Report
Attention: Patch coverage is 67.36842% with 31 lines in your changes are missing coverage. Please review.
Project coverage is 67.18%. Comparing base (
2880a55) to head (5edafcd).
Additional details and impacted files
@@ Coverage Diff @@
## main #3441 +/- ##
==========================================
+ Coverage 67.15% 67.18% +0.02%
==========================================
Files 166 166
Lines 19463 19544 +81
==========================================
+ Hits 13071 13131 +60
- Misses 5447 5469 +22
+ Partials 945 944 -1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
@alexwo Thanks for working on this!
Could you please add e2e tests to this PR directly? This is not a very large PR, incorporating these tests would not be a burden for reviewers.
Hi @zhaohuabing ,
Sure, I have added the e2e tests as part of this PR.
/retest
/retest
/retest
/retest
/retest
/retest
/retest
/retest
/retest
/retest
@alexwo - can you maybe make some of the suggested test improvements in a follow-up PR?
@alexwo - can you maybe make some of the suggested test improvements in a follow-up PR?
yes sounds good! , thanks for the quick review & feedback.