fix: add BackendTLSPolicy features to GATEWAY-HTTP profile #4199
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
cncf-cla: yes
snorwin
force-pushed
the
fix-profiles
branch
2 times, most recently
from
b8c43d4 to
7e1bdec
Compare
Signed-off-by: Norwin Schnyder <[email protected]>
| features.GatewayExtendedFeatures, | ||
| features.HTTPRouteExtendedFeatures, | ||
| features.BackendTLSPolicyCoreFeatures, | ||
| features.BackendTLSPolicyExtendedFeatures, |
There was a problem hiding this comment.
I added now the BackendTLSPolicy Core feature to the Extended features of the profile, I wasn’t sure if the overall BackendTLSPolicy is considered Core or Extended.
There was a problem hiding this comment.
I wonder if we should create a new profile for Policies.
There was a problem hiding this comment.
In my opinion, I don’t think it’s worth creating a new profile at this point. Currently, there are only two features that would be part of such a dedicated profile, and both require the Gateway and HTTPRoute feature to execute the tests anyway. Therefore, it would make much more sense to include them under GATEWAY-HTTP for now, and potentially later also under GATEWAY-GRPC and GATEWAY-TLS, once we’ve written the corresponding conformance tests.
The main question for me is whether BackendTLSPolicy is considered part of the Core or Extended. I couldn’t find any information about this in the GEP. If we add it to Core, all implementations would need to support it before achieving conformance for version 1.4, which, in my opinion, would be quite challenging for some. Therefore, I’d suggest adding it as part of the Extended features for now.
There was a problem hiding this comment.
The guideline is that all additional objects should be considered Extended unless there is a good reason.
This comes back to "what does Extended mean?". The word "Extended" is relevant for a field and all of its child features. So, when a whole object is Extended, that means that you don't have to support that object. However, if you do support it, then within that object, Core features are MUST, and Extended features are SHOULD.
So, the BackendTLSPolicyExtendedFeatures really require BackendTLSPolicyCoreFeatures and BackendTLSPolicyExtendedFeatures.
So, yes, I agree that BackendTLSPolicy should be Extended. At some point, it may be worth moving it into overall Core support for the HTTP Profile, but not yet.
There was a problem hiding this comment.
@youngnick Just to make sure I understand correctly, are you suggesting that we add BackendTLSPolicyCoreFeatures to BackendTLSPolicyExtendedFeatures, or should we keep the change as it is?
There was a problem hiding this comment.
I'd like to see features.BackendTLSPolicyCoreFeatures added to a new conformanceProfile for policies.
| features.BackendTLSPolicyExtendedFeatures, | |
| PolicyConformanceProfile = ConformanceProfile{ | |
| Name: GatewayHTTPConformanceProfileName, | |
| CoreFeatures: sets.New( | |
| features.BackendTLSPolicyCoreFeatures, | |
| ), | |
| ExtendedFeatures: sets.New[features.FeatureName](). | |
| Insert(features.SetsToNamesSet( | |
| features.BackendTLSPolicyExtendedFeatures, | |
| ... |
|
@youngnick here is an example of how the conformance profile for (If an implementation does not support BackendTLSPolicy, the related features will be listed under |
|
Okay, thanks for checking @snorwin. This LGTM then. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: snorwin, youngnick The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
I think this is ready to merge and to be cherry-picked into /assign @robscott |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/cherry-pick release-1.4 |
|
@snorwin: new pull request created: #4223 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
…s-sigs#4199) Signed-off-by: Norwin Schnyder <[email protected]>
6 participants
What type of PR is this?
/kind bug
/area conformance-test
What this PR does / why we need it:
This PR ensures that the
BackendTLSPolicyconformance tests are properly included in the conformance profiles and reflected in the generated reports. Currently, these tests run successfully but don’t appear in the report because they aren’t associated with any profileWhich issue(s) this PR fixes:
Fixes #3936
Does this PR introduce a user-facing change?: