You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since #2774 introduced the gateway status related to TLS secret ResolvedRefs, every time a gateway event is triggered, the listener status is enriched with a new condition related to the eligibility for the gateway to reference a certain secret as a source for certificates. This condition ResolvedRef checks that either:
the referenced secret Is in the same gateway's namespace
a ReferenceGrant that allows that reference exists in the secret namespace
If one of these conditions is satisfied, the ResolvedRefs condition is set to true, otherwise false.
A problem occurs when:
The Gateway is created but no ReferenceGrant exists: once the ReferenceGrant is created, the Gateway status must be updated accordingly.
The ReferenceGrant is deleted: the Gateway status must be updated accordingly.
Proposed Solution
The Gateway controller should watch the ReferenceGrant objects and trigger a reconciliation loop for all the gateways possibly involved.
Additional information
This issue should be fixed after #2785, after which the listener status will be enforced upon every Gateway reconciliation loop, no matter if the Gateway is ready.
Acceptance Criteria
The Gateway is created or updated but no ReferenceGrant exists: the ResolvedRef condition of the listener status must be set to false
The Gateway is created or updated and the ReferenceGrant exists: the ResolvedRef condition of the listener status must be set to true
The ReferenceGrant enabling a Reference is created: the corresponding Listener status is updated
The ReferenceGrant enabling a Reference is deleted: the corresponding Listener status is updated
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Problem Statement
Since #2774 introduced the gateway status related to TLS secret
ResolvedRefs
, every time a gateway event is triggered, the listener status is enriched with a new condition related to the eligibility for the gateway to reference a certain secret as a source for certificates. This conditionResolvedRef
checks that either:ReferenceGrant
that allows that reference exists in the secret namespaceIf one of these conditions is satisfied, the
ResolvedRefs
condition is set totrue
, otherwisefalse
.A problem occurs when:
ReferenceGrant
exists: once the ReferenceGrant is created, the Gateway status must be updated accordingly.Gateway
status must be updated accordingly.Proposed Solution
The Gateway controller should watch the
ReferenceGrant
objects and trigger a reconciliation loop for all the gateways possibly involved.Additional information
This issue should be fixed after #2785, after which the listener status will be enforced upon every
Gateway
reconciliation loop, no matter if theGateway
is ready.Acceptance Criteria
ReferenceGrant
exists: theResolvedRef
condition of the listener status must be set to falseReferenceGrant
exists: theResolvedRef
condition of the listener status must be set to trueReferenceGrant
enabling a Reference is created: the correspondingListener
status is updatedReferenceGrant
enabling a Reference is deleted: the correspondingListener
status is updatedThe text was updated successfully, but these errors were encountered: