仓库指标
- Star
- (27,997 star)
- PR 合并指标
- (平均合并 8天) (30 天内合并 378 个 PR)
描述
Title: Passing the client CN as a header variable or a header
Description:
When using Envoy for client-cert proxy authentication, it would be useful to be able to specify a Header where the client CN is passed. Or a header variable like
%SSL_CLIENT_S_CN%or similar.
Use case
We currently have a need to pass the client certificate common name to the envoy backend. Particularly via a header. (The name does not matter in that case) Unfortunately the value of the header can not be parsed further down (Leaving us unable to use the xfcc header.)
Apache,hap,nginx (with some lua) are able to pass that informations along fairly easily. We however want to keep using envoy for the cool apm/tracing integration , hitless reload etc. We're particularly interested in the seamless restarts on certificate rotations and plan to have a SDS sidecar dedicated to that effect. Also because as we move to istio we're gonna use envoy more an more and having it everywhere means we get to know it better.
[Relevant Links] One of those backend could be kubernetes apiserver apache