Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ReferenceGrant events should trigger Gateway events #2786

Closed
1 of 5 tasks
mlavacca opened this issue Aug 8, 2022 · 0 comments · Fixed by #2797
Closed
1 of 5 tasks

ReferenceGrant events should trigger Gateway events #2786

mlavacca opened this issue Aug 8, 2022 · 0 comments · Fixed by #2797
Assignees
@rainest
Labels
area/feature New feature or request
Milestone
Gateway API - Next

Comments

@mlavacca
Copy link
Member

mlavacca commented Aug 8, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Problem Statement

Since #2774 introduced the gateway status related to TLS secret ResolvedRefs, every time a gateway event is triggered, the listener status is enriched with a new condition related to the eligibility for the gateway to reference a certain secret as a source for certificates. This condition ResolvedRef checks that either:

  • the referenced secret Is in the same gateway's namespace
  • a ReferenceGrant that allows that reference exists in the secret namespace

If one of these conditions is satisfied, the ResolvedRefs condition is set to true, otherwise false.

A problem occurs when:

  • The Gateway is created but no ReferenceGrant exists: once the ReferenceGrant is created, the Gateway status must be updated accordingly.
  • The ReferenceGrant is deleted: the Gateway status must be updated accordingly.

Proposed Solution

The Gateway controller should watch the ReferenceGrant objects and trigger a reconciliation loop for all the gateways possibly involved.

Additional information

This issue should be fixed after #2785, after which the listener status will be enforced upon every Gateway reconciliation loop, no matter if the Gateway is ready.

Acceptance Criteria

  • The Gateway is created or updated but no ReferenceGrant exists: the ResolvedRef condition of the listener status must be set to false
  • The Gateway is created or updated and the ReferenceGrant exists: the ResolvedRef condition of the listener status must be set to true
  • The ReferenceGrant enabling a Reference is created: the corresponding Listener status is updated
  • The ReferenceGrant enabling a Reference is deleted: the corresponding Listener status is updated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rainest rainest

Labels
area/feature New feature or request
Projects
None yet
Milestone
Gateway API - Next
Development

Successfully merging a pull request may close this issue.

Update Gateway status on ReferenceGrant changes Kong/kubernetes-ingress-controller
4 participants
@rainest @mflendrich @shaneutt @mlavacca