EXP: Mesh Resource Definition (GEP-3949)

[kflynn]

Sponsors: None yet!

Chihiro and Ian would like a Mesh resource, parallel to the Gateway resource, that allows them to supply mesh-wide configuration and shows what features a given mesh implementation supports.

This will first be used for conformance, and then likely for off-cluster Gateways second.

[shaneutt]

This issue is targeting Experimental in the the v1.4.0 release-cycle, so this is just a reminder that we're looking to do code-freeze on August 26th, which is two weeks from now. Ideally we should have any finalizing PRs up within the next few days to allow some time for review. Let us know if you have any troubles or need any extra support.

[kflynn]

Requesting an extension here; PR will be up today.

[shaneutt]

Extension granted until September 3rd. Please stay in touch and ping @kubernetes-sigs/gateway-api-admins if you get blocked or need support to keep things moving forward. After Sept 3 we'll start locking in v1.4.0 for code freeze; if more time is needed at that point, we'll switch this over to v1.5.0 (planning for that starts pretty soon).

[kflynn]

(This is PR #4030.)

[mikemorris]

Should this issue be closed now that #3950 has merged (and leave #3792 and/or #3951 open as the tracking issue?)

[dgn]

hi @kflynn, would you be open to extending the Mesh resource to also cover cryptographic identity, e.g. by referencing a TrustBundle that contains the CA certificate used by the mesh? That could help with interoperability between gateway and mesh, e.g. to route traffic from a gateway straight to a mesh workload

[mikemorris]

Hmmm, that's a really interesting idea @dgn, I'd be curious to hear thoughts from @keithmattix @howardjohn @LiorLieberman too

[youngnick]

Cilium will definitely look at doing this once I can get some developer bandwidth allocated to it - not having this to key conformance tests for Mesh off has meant a lot of extra work for us.