contour icon indicating copy to clipboard operation
contour copied to clipboard

Published 20 hours ago verified publisher icon projectcontour

Bump gateway-api to v1.1.0

Open sunjayBhatia opened this issue 1 year ago • 9 comments

Fixes: https://github.com/projectcontour/contour/issues/6397

sunjayBhatia avatar May 01 '24 22:05 sunjayBhatia

Codecov Report

Attention: Patch coverage is 91.20879% with 8 lines in your changes are missing coverage. Please review.

Project coverage is 81.61%. Comparing base (c07a0ba) to head (e25e4e5).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #6398      +/-   ##
==========================================
- Coverage   81.63%   81.61%   -0.03%     
==========================================
  Files         133      133              
  Lines       15862    15858       -4     
==========================================
- Hits        12949    12942       -7     
- Misses       2619     2621       +2     
- Partials      294      295       +1
Files Coverage Δ
internal/dag/cache.go 97.00% <100.00%> (-0.03%) :arrow_down:
internal/dag/policy.go 95.52% <100.00%> (ø)
internal/gatewayapi/helpers.go 88.18% <100.00%> (ø)
internal/k8s/helpers.go 57.14% <100.00%> (ø)
internal/k8s/kind.go 65.21% <100.00%> (ø)
internal/provisioner/controller/gatewayclass.go 71.13% <ø> (ø)
internal/provisioner/objects/rbac/util/util.go 100.00% <100.00%> (ø)
internal/provisioner/scheme.go 83.33% <100.00%> (ø)
internal/status/backendtlspolicyconditions.go 91.37% <100.00%> (ø)
internal/status/cache.go 93.22% <100.00%> (ø)
... and 4 more

... and 1 file with indirect coverage changes

codecov[bot] avatar May 01 '24 23:05 codecov[bot]

Looks like HTTPRouteHTTPSListener is failing, it expects a 404 for request to a HTTPS listener with an unknown hostname

Seems like we should either push back on this (expect a TLS error instead) or we'll have to ensure a fallback certificate is configured and enabled so we can terminate TLS and return an HTTP response

sunjayBhatia avatar May 01 '24 23:05 sunjayBhatia

Looks like HTTPRouteHTTPSListener is failing, it expects a 404 for request to a HTTPS listener with an unknown hostname

Seems like we should either push back on this (expect a TLS error instead) or we'll have to ensure a fallback certificate is configured and enabled so we can terminate TLS and return an HTTP response

hm looks like i approved this test and it passed before, will have to take another look into why its failing in CI

sunjayBhatia avatar May 01 '24 23:05 sunjayBhatia

Looks like HTTPRouteHTTPSListener is failing, it expects a 404 for request to a HTTPS listener with an unknown hostname Seems like we should either push back on this (expect a TLS error instead) or we'll have to ensure a fallback certificate is configured and enabled so we can terminate TLS and return an HTTP response

hm looks like i approved this test and it passed before, will have to take another look into why its failing in CI

looks like i approved before the negative hostname test was added and didnt re-check it later

opened https://github.com/kubernetes-sigs/gateway-api/issues/3044

sunjayBhatia avatar May 01 '24 23:05 sunjayBhatia

Looks like HTTPRouteHTTPSListener is failing, it expects a 404 for request to a HTTPS listener with an unknown hostname Seems like we should either push back on this (expect a TLS error instead) or we'll have to ensure a fallback certificate is configured and enabled so we can terminate TLS and return an HTTP response

hm looks like i approved this test and it passed before, will have to take another look into why its failing in CI

looks like i approved before the negative hostname test was added and didnt re-check it later

opened kubernetes-sigs/gateway-api#3044

realized this is probably a contour deficiency, I don't think we generate a filter chain if there is no httproute attached to a listener

sunjayBhatia avatar May 02 '24 00:05 sunjayBhatia

upgrade test probably failing since we started reconciling v1alpha3 backendtlspolicy and that has not been applied to the cluster as part of the upgrade

sunjayBhatia avatar May 02 '24 19:05 sunjayBhatia

Listener isolation test failing, needs this fix: https://github.com/projectcontour/contour/pull/6162

sunjayBhatia avatar May 03 '24 14:05 sunjayBhatia

disabled backendtlspolicy feature in provisioner upgrade test since the upgrade from v1.0.0 to v1.1.0 of gw api removes the old api version and adds v1alpha3 of the resource

i tried instead to install the newer crds as part of the upgrade but the grpcroute crd going to v1 also causes some issues, could be more surgical but this felt easier for now

sunjayBhatia avatar May 03 '24 20:05 sunjayBhatia

disabled backendtlspolicy feature in provisioner upgrade test since the upgrade from v1.0.0 to v1.1.0 of gw api removes the old api version and adds v1alpha3 of the resource

i tried instead to install the newer crds as part of the upgrade but the grpcroute crd going to v1 also causes some issues, could be more surgical but this felt easier for now

nvm, just fixed the crd install as part of the upgrade

found a bug when setting multiple disabled features in the provisioner

sunjayBhatia avatar May 06 '24 19:05 sunjayBhatia