Hello! TLS is supported by thin client: https://apacheignite-sql.readme.io/docs/jdbc-driver#jdbc-thin-driver
Moreover, with sslFactory parameter you can specify SSL factory class, which can be customized to initialize SNI properly. Can you try it with SSL factory, see if you can get SNI to work? Regards, -- Ilya Kasnacheev чт, 16 мая 2019 г. в 19:45, Oliver Cole <[email protected]>: > > Do I understand correctly that you want to have several services use > same ingress point, i.e. host and port, to access multiple services in your > K8 cluster? > > That's correct. > > > Can you guide me whether this controller will keep SSL on (so that > service has to support SSL too) or if it will strip SSL so that service > will only need to work with uncompressed stream? In either case, I'm > positive that IgniteJdbcDriver will NOT work, since it is a thick driver > that needs to be able to connect to all nodes in the cluster, so it needs > to be inside your K8 cluster. > > I can do either - I hadn't considered the implications yet. However > that is useful info, thanks. > > > But, there is hope that IgniteJdbcThinDriver might. > > The documented limitations might be a problem in the long-run, but > it's worth trying. I note that the docs don't mention any TLS support > - did you mean there's hope that if TLS was added to the thin driver, > it could also support SNI? > > Thanks again, > > Oli > > > On Thu, May 16, 2019 at 5:35 PM Ilya Kasnacheev > <[email protected]> wrote: > > > > Hello! > > > > Do I understand correctly that you want to have several services use > same ingress point, i.e. host and port, to access multiple services in your > K8 cluster? > > > > Can you guide me whether this controller will keep SSL on (so that > service has to support SSL too) or if it will strip SSL so that service > will only need to work with uncompressed stream? > > > > In either case, I'm positive that IgniteJdbcDriver will NOT work, since > it is a thick driver that needs to be able to connect to all nodes in the > cluster, so it needs to be inside your K8 cluster. > > > > But, there is hope that IgniteJdbcThinDriver might. > > > > Regards, > > -- > > Ilya Kasnacheev > > > > > > чт, 16 мая 2019 г. в 17:42, Oliver Cole <[email protected]>: > >> > >> Hi! > >> > >> I was pleased to see that the JDBC driver supports TLS[1]. However, > after inspecting traffic with Wireshark, it doesn't appear to support > Server Name Indication. > >> > >> My use case is Ignite on Kubrnetes, behind an ingress controller that > uses SNI to route connections to services. > >> > >> I note that the javax.net.ssl libraries do support SNI, but from what I > can see those aren't used? > >> Is SNI support something that would be easy to add, if someone could > point me in the right direction? > >> > >> Oli > >> > >> [1] > https://ignite.apache.org/releases/latest/javadoc/org/apache/ignite/IgniteJdbcDriver.html >
