Skip to content

Clarify that connections to EPP should use TLS by default #1085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 8, 2025
Merged

Clarify that connections to EPP should use TLS by default #1085

merged 1 commit into from
Jul 8, 2025

Conversation

robscott
Copy link
Member

This is intended to clarify the default expectation of using TLS when Gateways are connecting to Endpoint Picker(s). This matches the default mode of Endpoint Picker. While it leaves room for configuration of plain-text or other protocols altogether, I think it's sensible for the default behavior here to rely on TLS.

Thanks to @aslakknutsen for raising this as he was reviewing conformance tests earlier. Our conformance tests made this assumption of default behavior without any corresponding guidance in the API spec. This PR intends to resolve that.

/cc @danehans @LiorLieberman @aslakknutsen @zetxqx

@k8s-ci-robot
Copy link
Contributor

@robscott: GitHub didn't allow me to request PR reviews from the following users: aslakknutsen, zetxqx.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

This is intended to clarify the default expectation of using TLS when Gateways are connecting to Endpoint Picker(s). This matches the default mode of Endpoint Picker. While it leaves room for configuration of plain-text or other protocols altogether, I think it's sensible for the default behavior here to rely on TLS.

Thanks to @aslakknutsen for raising this as he was reviewing conformance tests earlier. Our conformance tests made this assumption of default behavior without any corresponding guidance in the API spec. This PR intends to resolve that.

/cc @danehans @LiorLieberman @aslakknutsen @zetxqx

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 27, 2025
@netlify Netlify
Copy link

netlify bot commented Jun 27, 2025
edited
Loading

Deploy Preview for gateway-api-inference-extension ready!

Name Link
🔨 Latest commit 8a16f85
🔍 Latest deploy log https://app.netlify.com/projects/gateway-api-inference-extension/deploys/6864d15b83d3e60008fe4323
😎 Deploy Preview https://deploy-preview-1085--gateway-api-inference-extension.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

zetxqx
zetxqx reviewed Jun 27, 2025
View reviewed changes
Copy link
Contributor

@zetxqx zetxqx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Thanks @robscott . Just a nit, probably b/c my change is just merged.

@k8s-ci-robot
Copy link
Contributor

@zetxqx: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Thanks @robscott . Just a nit, probably b/c my change is just merged.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@robscott robscott force-pushed the tls-extension-clarification branch from a748ab4 to 270bbfb Compare June 27, 2025 23:38
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 27, 2025
LiorLieberman
LiorLieberman reviewed Jun 30, 2025
View reviewed changes
LiorLieberman
LiorLieberman approved these changes Jun 30, 2025
View reviewed changes
Copy link
Member

@LiorLieberman LiorLieberman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me, added one nit

@robscott robscott force-pushed the tls-extension-clarification branch from 270bbfb to 8a16f85 Compare July 2, 2025 06:27
@ahg-g
Copy link
Contributor

ahg-g commented Jul 8, 2025

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 8, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahg-g, LiorLieberman, robscott

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 8, 2025
@k8s-ci-robot k8s-ci-robot merged commit caebcc6 into kubernetes-sigs:main Jul 8, 2025
9 checks passed
EyalPazz pushed a commit to EyalPazz/gateway-api-inference-extension that referenced this pull request Jul 9, 2025
@robscott @EyalPazz
Clarify that connections to EPP should use TLS by default (kubernetes…
ecd116f 
…-sigs#1085)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Miciah Miciah Miciah left review comments

@zetxqx zetxqx zetxqx left review comments

@LiorLieberman LiorLieberman LiorLieberman approved these changes

@danehans danehans Awaiting requested review from danehans

Assignees

@ahg-g ahg-g

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@robscott @k8s-ci-robot @ahg-g @Miciah @LiorLieberman @zetxqx