gateway-api
gateway-api copied to clipboard
kubernetes-sigs
GEP 713: merged inherited policy may cause unexpected result
Considering people have two inherited policies like this:
Gateway level:
spec:
targetRef:
...
kind: Gateway
default:
ext_auth:
http_service:
...
HTTPRoute level:
spec:
targetRef:
...
kind: HTTPRoute
default:
ext_auth:
grpc_service:
...
The merged result will be:
default:
ext_auth:
http_service:
...
grpc_service:
...
If the ext_auth is defined to use either http_service or grpc_service, then merging between sane policies may cause an unexpected result.
If we change the definition of ext_auth to:
kind: http / grpc
http_service:
...
grpc_service:
...
the problem will be solved.
It would be better to mention that people need to take care of their definition when defining inherited policy.
Another case is to merge field with a default value. For example, considering we want to merge rule B into A,
the rule A is:
feature:
foo: true
bar: 1
the rule B is:
feature:
bar: 2
so it seems the result is:
feature:
foo: true
bar: 2
However, if the feature section has a default value false for field foo (either because the Go language provides a default value for unset field or because the CRD has a default value), then the final result is:
feature:
foo: false
bar: 2
even the foo: false is not explicitly written out in rule B!
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle rotten - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue with
/reopen - Mark this issue as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue with
/reopen- Mark this issue as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
