gateway icon indicating copy to clipboard operation
gateway copied to clipboard

Published 20 hours ago verified publisher icon envoyproxy

Add Upstream TLS Support

Open TasdidurRahman opened this issue 1 year ago • 13 comments

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #https://github.com/envoyproxy/gateway/issues/2033

TasdidurRahman avatar Nov 28 '23 12:11 TasdidurRahman

BTW, did upstream has a test for this? if not, can you add a new e2e test?

zirain avatar Dec 01 '23 13:12 zirain

BTW, did upstream has a test for this? if not, can you add a new e2e test?

ok, will add e2e test for upstream tls

TasdidurRahman avatar Dec 01 '23 15:12 TasdidurRahman

Thanks for working on this! This PR is in a good shape, but there're a few things I'd like to improve:

  • Error handling
  • Policy status update
  • unit and e2e tests

thanks @zhaohuabing for the review, I am working on it

TasdidurRahman avatar Dec 05 '23 05:12 TasdidurRahman

hey @TasdidurRahman, can you address the comments ?

arkodg avatar Jan 04 '24 00:01 arkodg

hey @TasdidurRahman, can you address the comments ?

hello @arkodg , I have checked the comments and working accordingly. thanks!

TasdidurRahman avatar Jan 04 '24 09:01 TasdidurRahman

hey @TasdidurRahman any update on this PR ? (this feature unblocks many users from adopting envoy gateway)

arkodg avatar Jan 17 '24 19:01 arkodg

hey @TasdidurRahman any update on this PR ? (this feature unblocks many users from adopting envoy gateway)

the status update is working fine. adding the e2e test. will be done by next week @arkodg

TasdidurRahman avatar Jan 18 '24 13:01 TasdidurRahman

hey @TasdidurRahman ive started working on downstream mTLS https://github.com/envoyproxy/gateway/pull/2490 which is very similar to this PR, will try and wrap this up by this week, so this PR can reuse the same components for upstream tls

arkodg avatar Jan 23 '24 22:01 arkodg

Sorry for the delay @TasdidurRahman , #2490 has merged, recommend using those helper xds methods for this PR as well, tia

arkodg avatar Feb 14 '24 01:02 arkodg

Sorry for the delay @TasdidurRahman , #2490 has merged, recommend using those helper xds methods for this PR as well, tia

np, will do it asap

TasdidurRahman avatar Feb 14 '24 05:02 TasdidurRahman

Codecov Report

Attention: Patch coverage is 50.43478% with 171 lines in your changes are missing coverage. Please review.

Project coverage is 63.42%. Comparing base (ca572b8) to head (a3b39f2).

Files Patch % Lines
internal/provider/kubernetes/controller.go 22.03% 41 Missing and 5 partials :warning:
internal/provider/kubernetes/status.go 9.09% 19 Missing and 1 partial :warning:
internal/provider/kubernetes/indexers.go 10.52% 16 Missing and 1 partial :warning:
internal/ir/zz_generated.deepcopy.go 0.00% 14 Missing and 1 partial :warning:
internal/status/backendtlspolicy.go 0.00% 15 Missing :warning:
internal/gatewayapi/route.go 88.34% 9 Missing and 3 partials :warning:
internal/provider/kubernetes/predicates.go 0.00% 10 Missing :warning:
internal/gatewayapi/zz_generated.deepcopy.go 0.00% 9 Missing :warning:
internal/xds/translator/translator.go 82.00% 6 Missing and 3 partials :warning:
internal/gatewayapi/backendtlspolicy.go 76.92% 5 Missing and 1 partial :warning:
... and 4 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2247      +/-   ##
==========================================
- Coverage   63.63%   63.42%   -0.21%     
==========================================
  Files         123      125       +2     
  Lines       20189    20532     +343     
==========================================
+ Hits        12847    13023     +176     
- Misses       6519     6671     +152     
- Partials      823      838      +15

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Feb 14 '24 21:02 codecov[bot]

@TasdidurRahman are you still working on this, we're close to release, I'd like see this happen in next release. if not, I can pick this up.

zirain avatar Feb 27 '24 08:02 zirain

working on it

TasdidurRahman avatar Feb 28 '24 04:02 TasdidurRahman

please add e2e and user doc if you can.

zirain avatar Mar 01 '24 05:03 zirain

Hey @TasdidurRahman can you rebase ?

arkodg avatar Mar 01 '24 05:03 arkodg

Hey @TasdidurRahman can you rebase ?

hi @arkodg , I have rebased

TasdidurRahman avatar Mar 01 '24 09:03 TasdidurRahman

@TasdidurRahman can you fix the lint errors, running make lint locally should highlight the errors

arkodg avatar Mar 02 '24 02:03 arkodg

/retest

zirain avatar Mar 02 '24 09:03 zirain

/retest

Xunzhuo avatar Mar 03 '24 10:03 Xunzhuo

@TasdidurRahman all the conformance tests are failing, can you ptal

arkodg avatar Mar 03 '24 23:03 arkodg

@TasdidurRahman all the conformance tests are failing, can you ptal

hi @arkodg , can you rerun the test? ig it was rbac issue

TasdidurRahman avatar Mar 04 '24 06:03 TasdidurRahman

@TasdidurRahman all the conformance tests are failing, can you ptal

hi @arkodg , can you rerun the test? ig it was rbac issue

you can retrigger ci /retest

zirain avatar Mar 04 '24 13:03 zirain

/retest

zirain avatar Mar 04 '24 13:03 zirain