-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HTTPOption #437
base: main
Are you sure you want to change the base?
Conversation
Skipping CI for Draft Pull Request. |
/test all |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #437 +/- ##
==========================================
- Coverage 79.12% 79.02% -0.11%
==========================================
Files 17 17
Lines 1260 1373 +113
==========================================
+ Hits 997 1085 +88
- Misses 227 245 +18
- Partials 36 43 +7 ☔ View full report in Codecov by Sentry. |
Also not really sure about this change: 663d28b. Either unit tests complain about header mismatch (https://github.com/knative-sandbox/net-gateway-api/actions/runs/3949133837/jobs/6759963500#step:7:173) or golangci-lint complains about not preallocating the slice (https://github.com/knative-sandbox/net-gateway-api/actions/runs/3947688057/jobs/6756800214). |
/retest |
/test integration-tests-istio |
Thank you so much, Reto!
I wondered that upstream gateway-api can improve the two HTTPRoute objects for HTTPS redirection (I believe it is too redundant) and actually there are some on-going discussion:
Once the upstream's latest example httproute-redirect-https.yaml (currently invalid!) work, we can simply implement this feature, can't we? |
Interesting, haven't seen that. You are right about the verbosity, I agree there. But the discussion seems also unsure on how to resolve this. Seems like the current stable state is also the last discussed state (kubernetes-sigs/gateway-api#1185 (comment))? |
Hmm... As far as I tested, it keeps redirecting to HTTPS as explained in kubernetes-sigs/gateway-api#1185 and never reached out to the backendRefs( Anyway, kubernetes-sigs/gateway-api#1185 was tagged to 0.7.0 milestone so maybe it is better to wait a little bit for the upstream. |
This Pull Request is stale because it has been open for 90 days with |
/remove-lifecycle stale |
/retest |
@ReToCode gentle ping when you are back. |
/hold |
HTTP-Option test does not yet work on envoy gateway because of envoyproxy/gateway#2149. /unhold |
hey @ReToCode thanks for flagging this, the issue has been fixed, can we retry the test for Envoy Gateway ? |
@arkodg looks great. Thanks for the fix and the ping 👍 |
if err != nil { | ||
return err | ||
} | ||
|
||
if isHTTPRouteReady(httproute) { | ||
// For now, we only generate the redirected HTTPRoute for external visibility, | ||
// because currently we do not (yet) support HTTPs for cluster-local domains in net-gateway-api. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we support that for internal encryption and Kourier? 🤔
What is the status for the rest of the ingress implementations?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes Kourier supports it, net-istio does not need it and net-contour work was started but never finished.
But as this is quite niche and not in the conformance spec, I think we are fine without it here.
@dprotaso gentle ping, should we merge this? |
This PR introduces support for HTTPOption (introduced in knative/networking#415).
Changes
The implementation is based on the gateway-api example for redirects: https://github.com/kubernetes-sigs/gateway-api/blob/main/examples/standard/http-redirect.yaml. It was necessary to restructure some code, as two
HTTPRoute
objects need to be created, each referencing only a specific section in thegateway
usingsectionName
. We should further discuss if we should use that approach also for the "normal" use-case (as we currently bind to all the sections in the gateway only differentiated by thehostname
in the TLS case). Also The configuration keyvisibility
seems now a bit off, maybe we can find a better name?A full example of how the resources look like can be found here: https://gist.github.com/ReToCode/2e4d2b3223752c6f380348ef027c55b3
/kind cleanup
/kind enhancement
Fixes #130