-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(*) add support for TLSRoute #2476
Conversation
Apparent test race condition if TCPRoute and TLSRoute tests run concurrently, guessing from:
|
Add TLSRoute controller. Add TLSRoute store functions. Add TLSRoute translation to the parser. Add TLSRoute example and test. Add TLSRoute integration tests. Fix copy/paste error in TCPRoute fakestore and add missing TCPRoute fakestore test. Disable parallel execution for example tests that had it. As these tests do not use isolated namespaces and use similar resources (namely Gateways and GatewayClasses) they can interfere with each other.
My initial read of "oh, the TCPRoute example test is parallel, the rest should be too! most tests are!" was backwards. None should be parallel. Those tests are unique in that they all operate in Also, apparently I've hit the threshold for tests being close enough to their global timeout that they actually hit it. |
Enterprise has started failing due to a timeout often with no obvious cause. Bumping to 25m.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So after reading this over my take is that this really isn't a complete implementation without certificateRefs, but that's OK. It looks like once certificateRefs are implemented where' in good shape with minimal changes to get TLSRoute set up to work with custom certs. LGTM and we can continue to iterate from here 👍
What this PR does / why we need it:
It's TLSRoute 🤷
Basically the same as the other non-HTTP routes, but it populates route.snis instead of route.destination.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #2088Special notes for your reviewer:
protocols
annotation totls_passthrough
manually. The spec handles it in the listener, which raises some interesting questions. TLSRoute code will change to pull info from ParentRefs when we implement that for Listeners: Implement Listener Hostnames and associated TLS mode on matching TLSRoutes #2475PR Readiness Checklist:
Complete these before marking the PR as
ready to review
:CHANGELOG.md
release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR