Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GEP-1713: ListenerSets - Standard Mechanism to Merge Gateway Listeners (rev 2) #3213

Merged
merged 45 commits into from
Jan 31, 2025
Merged
Changes from 1 commit
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
71a9bab
Second Revision of GEP-1713
dprotaso Mar 22, 2023
02c6a05
fix minor nits
dprotaso Jul 30, 2024
72b6b1e
Drop section highlighting failure cases we can't handle
dprotaso Jul 30, 2024
bb40ff6
add enum validation
dprotaso Jul 30, 2024
9baad11
Describe the 'meta' details about this feature
dprotaso Jul 30, 2024
41b1b21
attaching to the Gateway's sectionName but through the ListenerSet ki…
dprotaso Jul 30, 2024
e221a16
ListenerSet can have multiple parents
dprotaso Jul 30, 2024
67ec44f
Allow multiple parentRefs and adjust language around PolicyAttachment
dprotaso Jul 30, 2024
228a4f8
clarify which section has listener ordering
dprotaso Jul 30, 2024
4ff2eb0
fix heading levels
dprotaso Jul 30, 2024
879c011
allow no listeners on the Gateway spec
dprotaso Jul 30, 2024
dd175c6
add back istio use case
dprotaso Jul 30, 2024
6890bc3
update gateway conditions paragraph
dprotaso Jul 30, 2024
460576f
don't say concatenate
dprotaso Jul 30, 2024
a46a001
drop clause saying invalid listeners affects other listeners
dprotaso Jul 30, 2024
70261a1
clarify route attachment
dprotaso Jul 30, 2024
aa382cc
split listenersetconditions into two sections: top-level and listener…
dprotaso Jul 31, 2024
32fc59f
clarify where the conflicted condition is set
dprotaso Jul 31, 2024
46dbf4e
relabel introduction => use cases
dprotaso Aug 1, 2024
cf29a9a
limit parents to 2 and listeners to 16
dprotaso Aug 1, 2024
9356e1c
use separate listener and status types
dprotaso Aug 1, 2024
947af4f
ListenerSet attachment is opt-in
dprotaso Aug 1, 2024
de19b26
fix formatting
dprotaso Aug 1, 2024
6b8b753
fix more formatting
dprotaso Aug 1, 2024
32308c9
include potential goals from the gateway hierarchy document
dprotaso Aug 1, 2024
d01d705
fix language that allows a route to attach to both a listener set and…
dprotaso Aug 1, 2024
dd8a0f6
if a route tries to attach to a non-existent listener on the listener…
dprotaso Aug 1, 2024
cc11438
ListenerStatus => ListenerEntryStatus
dprotaso Aug 1, 2024
5c00375
add a blurb about listenerset+gateway listeners are joined as a list
dprotaso Aug 1, 2024
54de622
Gateways that fail should also fail their attached ListenerSets
dprotaso Aug 1, 2024
8b338bc
don't leak secrets
dprotaso Aug 1, 2024
c656a65
update title
dprotaso Dec 20, 2024
67fbed4
mention dummy listener for the first release
dprotaso Dec 20, 2024
02a50a2
tweak the name of the AttachedListenerSets condition
dprotaso Dec 20, 2024
4ca38a6
rob's suggestions
dprotaso Dec 20, 2024
3fdd031
bump listener count
dprotaso Dec 20, 2024
1c33b84
just re-use GatewayTLSConfig
dprotaso Dec 20, 2024
59cc00b
use v1 api version for httproute
dprotaso Dec 20, 2024
cb906b9
replace route with ListenerSet in godoc
dprotaso Dec 20, 2024
c015961
include listener precedence in godoc
dprotaso Dec 20, 2024
59e46e2
address mlavacca comments
dprotaso Jan 29, 2025
0e635d9
ListenerSet in now in the x-k8s.io API group
dprotaso Jan 31, 2025
9cd9391
make port optional
dprotaso Jan 31, 2025
6d1cca4
update section on ListenerEntry changes
dprotaso Jan 31, 2025
4dcb98f
single parentRef for now
dprotaso Jan 31, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
split listenersetconditions into two sections: top-level and listener…
…status
dprotaso committed Jul 31, 2024
commit aa382cc2bc8f53f5dbbdc337aa1e0c359d42f5b4
27 changes: 17 additions & 10 deletions geps/gep-1713/index.md
Original file line number Diff line number Diff line change
@@ -357,19 +357,26 @@ Parent `Gateways` MUST NOT have `ListenerSet` listeners in their `status.listene

### ListenerSet Conditions

`ListenerSets` MUST NOT have their parent `Gateway`'s' listeners in the associated `status.parents.listeners` conditions list. An implementation MAY reject listeners with `ListenerConditionAccepted=False` and Reason `TooManyListeners` `ListenerSets`, like a `Gateway`, also have two top-level conditions: `Accepted` and `Programmed`. These conditions, when surfacing details about listeners, MUST only summarize the `status.listener` conditions that are exclusive to the `ListenerSet`.
`ListenerSets` have a top-level `Accepted` and `Programmed` conditions.

These conditions MUST also surface top-level `Gateway` conditions that impact the `ListenerSet`. For example, if a `Gateway` requests an invalid address and it cannot be accepted/programmed then the `ListenerSet`'s' `Accepted` condition MUST be set to `False`.
The `Accepted` condition MUST be set on every `ListenerSet`, and indicates that the `ListenerSet` is semantically valid and accepted by its `parentRefs`.

For example, if I have a `Gateway` named `parent`, and two `ListenerSets` named `child-1`, and `child-2` then:
* If `parent` is entirely invalid (for example, an invalid `address`) and `Accepted=False`, all two `ListenerSets` will reported `Accepted=False`.
* If `child-1` has an invalid listener, `parent` and `child-1` will report `ListenersNotValid`, while `child-2` will not.
* If `child-1` references a parent that doesn't allow merging then `child-1` will report `Accepted=False`
* If `child-1` references another child (eg. `child-2`) then `child-1` will report `Accepted=False`
* If `child-1` is valid, then when `child-2` is created if it conflicts with `child-1` then `child-2` will report `Accepted=False`. `child-1` status conditions will remain unchanged. `parent` will report `ListenersNotValid`
Valid reasons for `Accepted` being `False` are:
- `NotAllowed` - the `parentRef` doesn't allow attachment
- `ParentNotAccepted` - the `parentRef` isn't accepted (eg. invalid address)
- `UnsupportedValue` - a listener in the set is using an unsupported feature/value

When reporting status of a child, an implementation SHOULD be cautious about what information from the parent or siblings are reported
to avoid accidentally leaking sensitive information that the child would not otherwise have access to.
The `Programmed` condition MUST be set on every `ListenerSet` and have a similar meaning to the Gateway `Programmed` condition but only reflect the listeners in this `ListenerSet`.

`Accepted` and `Programmed` conditions when surfacing details about listeners, MUST only summarize the `status.parents.listeners` conditions that are exclusive to the `ListenerSet`.

`ListenerSets` MUST NOT have their parent `Gateway`'s' listeners in the associated `status.parents.listeners` conditions list.

### ListenerSetStatus.Parents.ListenerConditions

An implementation MAY reject listeners by setting the ListenerStatus `Accepted` condition to `False` with the `Reason` `TooManyListeners`

Implementation SHOULD be cautious about what information from the parent or siblings are reported to avoid accidentally leaking sensitive information that the child would not otherwise have access to.

### Policy Attachment