Description
In Kuma there is a function that builds SNI from real resource:
|
func SniForBackendRef( |
|
backendRef *resolve.RealResourceBackendRef, |
|
meshCtx xds_context.MeshContext, |
|
systemNamespace string, |
|
) string { |
|
var name string |
|
var port int32 |
|
dest := meshCtx.GetServiceByKRI(pointer.Deref(backendRef.Resource)) |
|
if p, ok := dest.FindPortByName(backendRef.Resource.SectionName); ok { |
|
port = p.GetValue() |
|
} |
|
resource := dest.(core_model.Resource) |
|
name = core_model.GetDisplayName(resource.GetMeta()) |
|
if backendRef.Resource.ResourceType == meshservice_api.MeshServiceType { |
|
name = resource.(*meshservice_api.MeshServiceResource).SNIName(systemNamespace) |
|
} |
|
|
|
return tls.SNIForResource(name, resource.GetMeta().GetMesh(), resource.Descriptor().Name, port, nil) |
If we don't find port from sectionName port will be 0, and we will use this 0 to build SNI:
|
return fmt.Sprintf("%s%x.%s.%d.%s.%s", sniFormatVersion, hashBytes, resName, port, meshName, resTypeAbbrv) |
We should investigate if this is ok to have 0 port in SNI, and if not we should handle this case properly
Description
In Kuma there is a function that builds SNI from real resource:
kuma/pkg/plugins/policies/core/xds/meshroute/clusters.go
Lines 146 to 163 in 4eddb73
If we don't find port from sectionName port will be 0, and we will use this 0 to build SNI:
kuma/pkg/xds/envoy/tls/sni.go
Line 79 in 8dc904d
We should investigate if this is ok to have 0 port in SNI, and if not we should handle this case properly