docs: skipping TLS verification #6653

zhaohuabing · 2025-07-31T06:43:15Z

No description provided.

codecov · 2025-07-31T06:52:00Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.08%. Comparing base (0dc1ea4) to head (daee31e).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6653      +/-   ##
==========================================
+ Coverage   71.03%   71.08%   +0.05%     
==========================================
  Files         225      225              
  Lines       39525    39525              
==========================================
+ Hits        28075    28095      +20     
+ Misses       9825     9812      -13     
+ Partials     1625     1618       -7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

site/content/en/latest/tasks/security/backend-skip-tls-verification.md

public/tags/index.xml

public/categories/index.xml

zhaohuabing · 2025-08-01T02:15:38Z

Hahaha, that's added by accident.

arkodg

LGTM thanks

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

* docs for skipping TLS verification Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove btlsp for skiptlsverify Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove public Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]>

* docs for skipping TLS verification Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove btlsp for skiptlsverify Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove public Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]>

* chore: cleanups from #6597 (#6647) Cleanup Signed-off-by: jukie <[email protected]> Signed-off-by: zirain <[email protected]> * fix: set order for grpc_web and grpc_stats filters (#6626) * set order for grpc_web and grpc_stats filters Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix: nil pointer when InsecureSkipVerify is true (#6652) * fix nil pointer when InsecureSkipVerify is true Signed-off-by: Huabing (Robin) Zhao <[email protected]> * add test Signed-off-by: Huabing (Robin) Zhao <[email protected]> * delete cacert for the xds translator test Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix: allow imageRepository contains port (#6658) (#6660) (cherry picked from commit c988ec5) Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: 聪 <[email protected]> Signed-off-by: zirain <[email protected]> * docs: improve policy concepts section (#6663) better explain * targets * precedence * merge types Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * docs: observability pre req not required in admin console page (#6662) Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * docs: xds name scheme v2 (#6656) * name scheme v2 Signed-off-by: Huabing (Robin) Zhao <[email protected]> name scheme v2 Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * docs: highlight wait step (#6665) * docs: highlight wait step Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * fix: populate status for custom backendRef not found (#6670) Signed-off-by: bitliu <[email protected]> Signed-off-by: zirain <[email protected]> * fix: xds name schema v2 (#6638) * rename route config Signed-off-by: Huabing (Robin) Zhao <[email protected]> * rename HCM statPrefix Signed-off-by: Huabing (Robin) Zhao <[email protected]> * rename virtual host Signed-off-by: Huabing (Robin) Zhao <[email protected]> * fix test Signed-off-by: Huabing (Robin) Zhao <[email protected]> * minor change Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * docs: expand Gateway Namespace Mode doc on client/server auth (#6616) * Expand Gateway Namespace Mode doc on client/server auth Signed-off-by: Karol Szwaj <[email protected]> * Add additional explanation to the overview Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: zirain <[email protected]> * increase earlyRequestHeaders from 16 to 64 (#6673) * created a new definition of HTTPFilterHeader that supports 64 items for `set`, `add`, and `remove` * sanitizing request headers from untrusted downstream traffic is a common use case and 16 items may not be adequate enough at times. This action needs to be performed route processing for cases and the HTTPRoute filters cannot be used Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * docs: skipping TLS verification (#6653) * docs for skipping TLS verification Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove btlsp for skiptlsverify Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * address comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove public Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * feat: add listener metadata (#6639) * add listener metadata Signed-off-by: Huabing (Robin) Zhao <[email protected]> * remove sort Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: zirain <[email protected]> * fix: Fix BTP ZoneAware translation (#6668) * Fix BTP ZoneAware translation Signed-off-by: jukie <[email protected]> * Add e2e Signed-off-by: jukie <[email protected]> --------- Signed-off-by: jukie <[email protected]> Signed-off-by: zirain <[email protected]> * docs: unhide zoneaware api for docs (#6683) unhide api docs Signed-off-by: jukie <[email protected]> Signed-off-by: zirain <[email protected]> * watchable: use Store directly instead of HandleStore wrapper (#6680) * watchable: use Store directly instead of HandleStore wrapper GC is unable to collect the temporary references created in `HandleStore` Relates to #6406 Signed-off-by: Arko Dasgupta <[email protected]> * fix test Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * docs: Update Zone Aware Routing for BackendTrafficPolicy configuration example (#6667) Update zone aware routing docs Signed-off-by: jukie <[email protected]> Signed-off-by: zirain <[email protected]> * combine the xds-translator and xds-server runner into one (#6586) * combine the xds-translator and xds-server into one xds runner * primarily to reduce memory and convergence time Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * build(deps): bump the gomod group across 1 directory with 6 updates (#6691) * build(deps): bump the gomod group across 1 directory with 6 updates Bumps the gomod group with 4 updates in the / directory: [github.com/miekg/dns](https://github.com/miekg/dns), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang), [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) and [go.opentelemetry.io/proto/otlp](https://github.com/open-telemetry/opentelemetry-proto-go). Updates `github.com/miekg/dns` from 1.1.67 to 1.1.68 - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.67...v1.1.68) Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.0 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.22.0...v1.23.0) Updates `github.com/quic-go/quic-go` from 0.52.0 to 0.54.0 - [Release notes](https://github.com/quic-go/quic-go/releases) - [Commits](quic-go/quic-go@v0.52.0...v0.54.0) Updates `go.opentelemetry.io/proto/otlp` from 1.7.0 to 1.7.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-proto-go/releases) - [Commits](open-telemetry/opentelemetry-proto-go@v1.7.0...v1.7.1) Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20250603155806-513f23925822 to 0.0.0-20250728155136-f173205681a0 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250603155806-513f23925822 to 0.0.0-20250728155136-f173205681a0 - [Commits](https://github.com/googleapis/go-genproto/commits) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-version: 1.1.68 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/quic-go/quic-go dependency-version: 0.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: go.opentelemetry.io/proto/otlp dependency-version: 1.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/genproto/googleapis/api dependency-version: 0.0.0-20250728155136-f173205681a0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20250728155136-f173205681a0 dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: zirain <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> Signed-off-by: zirain <[email protected]> * fix: controller panic when reloading config (#6688) * fix controller panic when reloading config Signed-off-by: zirain <[email protected]> * use gwapiv1.Duration instead of metav1.Duration (#6664) * use gwapiv1.Duration instead of metav1.Duration fixes: #4746 Signed-off-by: Arko Dasgupta <[email protected]> * add charts Signed-off-by: Arko Dasgupta <[email protected]> * go back to metav1 in IR to make YAML tests happy Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: zirain <[email protected]> * fix: don't block deployment creating when missing secret in EnvoyProxy (#6692) * fix: don't block deployment creating when missing secret in EnvoyProxy Signed-off-by: zirain <[email protected]> * [release/v1.5] release notes for rc.2 (#6697) * [release/v1.5] release notes for rc.2 Signed-off-by: zirain <[email protected]> --------- Signed-off-by: jukie <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Isaac <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: 聪 <[email protected]> Co-authored-by: Xunzhuo <[email protected]> Co-authored-by: Karol Szwaj <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

zhaohuabing requested a review from a team as a code owner July 31, 2025 06:43

zhaohuabing marked this pull request as draft July 31, 2025 06:43

zhaohuabing force-pushed the docs-skip-tls-verification branch from 1f1527c to cb2f817 Compare July 31, 2025 07:24

zhaohuabing marked this pull request as ready for review July 31, 2025 07:24

zhaohuabing added this to the v1.5.0 Release milestone Jul 31, 2025

arkodg reviewed Jul 31, 2025

View reviewed changes

site/content/en/latest/tasks/security/backend-skip-tls-verification.md Show resolved Hide resolved

zhaohuabing force-pushed the docs-skip-tls-verification branch 4 times, most recently from 9bc7d0f to b001ddf Compare July 31, 2025 23:47

zhaohuabing requested a review from arkodg August 1, 2025 00:07

zhaohuabing force-pushed the docs-skip-tls-verification branch from 70623f2 to c38cdbd Compare August 1, 2025 00:08

arkodg reviewed Aug 1, 2025

View reviewed changes

public/tags/index.xml Outdated Show resolved Hide resolved

zirain reviewed Aug 1, 2025

View reviewed changes

public/categories/index.xml Outdated Show resolved Hide resolved

zhaohuabing requested review from arkodg and zirain August 1, 2025 02:15

arkodg approved these changes Aug 2, 2025

View reviewed changes

zirain approved these changes Aug 2, 2025

View reviewed changes

zhaohuabing added 5 commits August 2, 2025 10:44

docs for skipping TLS verification

e805a42

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

remove btlsp for skiptlsverify

063f6b5

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

address comment

d405d36

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

address comment

b08fb65

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

remove public

daee31e

Signed-off-by: Huabing (Robin) Zhao <[email protected]>

zirain force-pushed the docs-skip-tls-verification branch from 0903cf2 to daee31e Compare August 2, 2025 02:44

zirain enabled auto-merge (squash) August 2, 2025 02:44

zirain merged commit ec3340c into envoyproxy:main Aug 2, 2025
52 of 54 checks passed

arkodg mentioned this pull request Aug 6, 2025

docs: Configure TLS to the Backend using the Backend TLS config #6621

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

docs: skipping TLS verification #6653

docs: skipping TLS verification #6653

Uh oh!

zhaohuabing commented Jul 31, 2025

Uh oh!

codecov bot commented Jul 31, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

zhaohuabing commented Aug 1, 2025

Uh oh!

arkodg left a comment

Uh oh!

Uh oh!

Uh oh!

docs: skipping TLS verification #6653

docs: skipping TLS verification #6653

Uh oh!

Conversation

zhaohuabing commented Jul 31, 2025

Uh oh!

codecov bot commented Jul 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

zhaohuabing commented Aug 1, 2025

Uh oh!

arkodg left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

codecov bot commented Jul 31, 2025 •

edited

Loading