Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Status Condition logic for BackendTLSPolicies #6137

Closed
christianang opened this issue Jan 29, 2024 · 2 comments · Fixed by #6151
Closed

Status Condition logic for BackendTLSPolicies #6137

christianang opened this issue Jan 29, 2024 · 2 comments · Fixed by #6151
Assignees
@christianang
Labels
area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@christianang
Copy link
Contributor

christianang commented Jan 29, 2024
edited
Loading

Please describe the problem you have

From #6119, Contour does not set any conditions on the BackendTLSPolicies yet, we should conform to what is describe in GEP-713#conditions.
@christianang christianang added kind/feature Categorizes issue or PR as related to a new feature. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels Jan 29, 2024
@christianang
Copy link
Contributor Author

Some validation that should be done and exposed in the Conditions, so the user can correct Invalid BackendTLSPolicies:

  • Invalid if WellKnownCACerts is provided
  • Invalid if both WellKnownCACerts and caCertRefs is provided, may be taken care of by above
  • Invalid if targetRef is not a Service
  • Invalid if certRef is not a ConfigMap or Secret
  • Invalid if hostname is malformed i.e doesn't match RFC 1123 (except no numeric ip addresses and no wildcard domain names)
  • Invalid if SectionName does not exist on Service

@christianang christianang added the area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. label Jan 29, 2024
@christianang christianang self-assigned this Jan 31, 2024
@christianang
Copy link
Contributor Author

Planning to take this issue, assigned myself.

@christianang christianang mentioned this issue Feb 1, 2024
Merged
@christianang christianang removed the lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@christianang christianang

Labels
area/gateway-api Issues or PRs related to the Gateway (Gateway API working group) API. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Accepted condition to BackendTLSPolicy christianang/contour
1 participant
@christianang