Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure the ext-proc connect in epp #225

Closed
Tracked by #73
ahg-g opened this issue Jan 25, 2025 · 5 comments · Fixed by #335
Closed
Tracked by #73

Secure the ext-proc connect in epp #225

ahg-g opened this issue Jan 25, 2025 · 5 comments · Fixed by #335
Assignees
@ahg-g
Milestone
v0.1.0

Comments

@ahg-g
Copy link
Contributor

ahg-g commented Jan 25, 2025

Specifically the grpc server we create at

gateway-api-inference-extension/pkg/ext-proc/main.go

Line 219 in 1c49986

svr := grpc.NewServer()
must be configured with a certificate

See example: https://github.com/GoogleCloudPlatform/service-extensions/blob/44fe708096efabadd3cb6fe30d6063a7f46fc9ea/callouts/go/extproc/internal/server/callout_server.go#L82

We can also create the certificate on the fly as we typically do for webhooks that we setup for CRDs, see example https://github.com/kubernetes-sigs/jobset/blob/c5f94e124d7bbf602baebc3ca3f4f25868f4791a/pkg/util/cert/cert.go#L51
@danehans
Copy link
Contributor

@ahg-g Is this issue required for #73?

@ahg-g
Copy link
Contributor Author

ahg-g commented Jan 27, 2025

I prefer yes, will you be able to help with it and submit something today or tomorrow?

This was referenced Jan 28, 2025
Merged
Closed
@danehans danehans self-assigned this Jan 28, 2025
@danehans
Copy link
Contributor

@ahg-g I assigned myself this issue and added it to the v0.1 meta issue.

@danehans
Copy link
Contributor

Note that #222 is refactoring this section of the code.

@ahg-g ahg-g mentioned this issue Jan 28, 2025
Merged
@danehans danehans added this to the v0.1.0-rc.1 milestone Jan 30, 2025
@ahg-g
Copy link
Contributor Author

ahg-g commented Feb 3, 2025
edited
Loading

I think we can delay this until after the first release if it is not yet ready as we will not recommend deploying this in any production setting for now.

@danehans danehans modified the milestones: v0.1.0-rc.1, v0.1.0 Feb 6, 2025
@danehans danehans assigned ahg-g and unassigned danehans Feb 11, 2025
@ahg-g ahg-g mentioned this issue Feb 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ahg-g ahg-g

Labels
None yet
Projects
None yet
Milestone
v0.1.0
Development

Successfully merging a pull request may close this issue.

Add TLS support with self-signed certificate. ahg-g/gateway-api-inference-extension
2 participants
@danehans @ahg-g