Giter Site home page Giter Site logo

net-gateway-api's Issues

Use K Gateway with GatewayAllowFromList instead of GatewayAllowAll

#74 will points to the Gateway by GatewayAllowAll. We should use
It should use GatewayAllowFromList.

Note, the K Gateway needs some requirement:

  • Gateway for Istio to be deployed in the same namespace with Istio's istio-ingressgateway and knative-local-gateway svc.
  • Gateway for Contour does not matter about the namespace as Contour can specify the namespace.
  • Gateway for Istio needs to configure spec.addresses for knative-local-gateway.istio-system.svc.cluster.local.

Handle more than about 64 TLS Knative Routes

(update from @dprotaso) See this comment for the current limit: #317 (comment)

We add a Listener (and a certificate reference) per Knative Route (KIngress). Each one is around 300 bytes, which means that we can probably fit around 3000 Routes into one Gateway before we exceed etcd storage limits.

According to some of the gateway maintainers, we should be able to split these across multilpe Gateways that all share the same IP address (so that users can still get that nice wildcard DNS mapping).

This issue tracks packing Listeners into multiple Gateways, it's extracted from[ this PR comment

Missing steps in DEVELOPMENT.MD?

When trying to kick the tires on this project, I've followed the instructions found in DEVELOPMENT.MD.

When following these instructions, I expect to end up with a working knative using the ingressv2 apis, presumably by installing some sort of net-ingressv2 controller.

However, I observe that no controller is installed. I get errors on the last step (ko apply -f test/config/ -f config/) that config/ does not exist (it was removed in #10). When I create an empty directory there the command succeeds, but nothing is installed since the directory is empty.

I'm assuming there's some command to create and populate config/, but it's not in the documents that I can find. go build doesn't work so I don't think it's that.

Add TestIngressTLS test

  • Goal: Pass the test which is same with TestIngressTLS in networking repo by conformance test and controller e2e test.
  • Non-goal: Support of net-certmanager, net-http01 functionality.

HTTPRoute does not support tls setting on v1alpha2 (v0.4.0) so we need to use tls.certificateRefs in Gateway like this example.

Current blocker:

EPIC - Implement each Knative Networking (Gateway API) conformance test

These tests are reimplementation of the same conformance tests in https://github.com/knative/networking/tree/main/test/conformance/ingress. These tests are run without the net-gateway-api controller.

(test/kind-conformance-contour.sh)

Expanding Visibility Setting

The background is described in original issue - knative/serving#6642
The original design introduced Realm and Domain CRDs but it stopped developing as the design is difficult to align with Ingress v2 (Gateway API).

The new Gateway API controller has visibility based setting (it maps one Visibility to one Gateway) like:

https://github.com/knative-sandbox/net-gateway-api/blob/9218e0d7ff957b2ea4ec106abfdd018988bf72a3/config/config-gateway.yaml#L42-L50

So it will be possible to achieve the goal what knative/serving#6642 tried to address.

EPIC - Contour tests

Issues for adding/fixing Contour conformance and e2e tests.

Critical issue:

Contour & gateway-api:

Note: as these tests get successfully run, their corresponding features get dropped from the list of unavailable features.

Done

TestVisibilitySplit with istio is not stable

TestVisibilitySplit with istio often fails.
Here is some information:

  • example log 1, log 2
  • The issue is that this HTTPRouteFilter does not set the header so it shows 0% of request received.
  • It happens with conformance test only. e2e with controller does not have the issue.
  • TestPercentage, which is the same test but just public access, does not cause any error.
  • gateway-api v0.4.0 with istio-1.13-alpha.8aea949750d59a51b322d36ec7cac2c60cea5ac8 also has this issue.

Resolve HA / multi-thread concerns around Gateway updates

Currenty, we assume a single Gateway resource; when using auto-TLS, we need to update Spec.Listeners for each Knative Route.

The default controller implementation will attempt to reconcile multiple KIngress resources at once, which means that it's likely that we will get some number of update collisions on the Gateway. We should figure out a mechanism for spreading updates across multiple Gateways to enable HA / multi-threaded controllers without bottlenecking on a single Gateway instance.

This is extracted from this PR comment

Conformance test checklist for Contour

This checklist tracks that all Knative conformance tests for this Gateway API implementation are passing.

  • basics/TestBasics
  • basics/TestBasicsHTTP2
  • grpc/TestGRPC
  • grpc/TestGRPCSplit
  • headers/TestProbeHeaders
  • headers/TestPreSplitSetHeaders
  • headers/TestPostSplitSetHeaders
  • hosts/TestMultipleHosts
  • dispatch/TestPath
  • dispatch/TestPercentage
  • dispatch/TestPathAndPercentageSplit
  • dispatch/TestRule
  • retry/TestRetry
  • timeout/TestTimeout
  • tls/TestIngressTLS
  • update/TestUpdate
  • visibility/TestVisibility
  • visibility/TestVisibilitySplit
  • visibility/TestVisibilityPath
  • ingressclass/TestIngressClass
  • websocket/TestWebsocket
  • websocket/TestWebsocketSplit

Sources:

Updated: Aug, 8 2022.

ReconcileIngressFailed in Serving kind e2e testing

When trying to re-work serving's kind e2e workflow I couldn't get the gateway tests (e2e) to pass

Digging at the logs I saw the kingress had the status ReconcileIngressFailed

Looking at the logs it was full of 409 conflicts. It looked like something was mutating the httproutes constantly. This can happen when two controllers fight over the same resource etc.

Create a GH checklist template for conformance tests

These tests are reimplementation of the same conformance tests in https://github.com/knative/networking/tree/main/test/conformance/ingress. These tests are run without the net-gateway-api controller.

(test/kind-conformance-contour.sh)

With this checklist, a new issue can be opened for each implementation and each test checked off as the tests are confirmed as passing.

For visibility, maybe it would be useful to keep these issues pinned and check the tests on/off as the status of each changes.

These are all the tests: #348

Clean up Gateway Spec.Listeners

There are two cases where we might remove Spec.Listeners entries from a Gateway resource:

  1. The KIngress associated with the Listener has been deleted.
  2. The KIngress associated with the Listener has been changed to have (for example) a different hostname.

Right now, we don't handle either of these scenarios.

Scenario 2 may be somewhat harder; for case 1 we could use a finalizer to make sure that the Gateway entries are removed before the KIngress resource is deleted.

Another option is to turn the reconciliation around and reconcile the Gateway resource(s) across all the KIngresses. I'm not doing that right now because that's not the way the current code is structured, but given #318, that may be a good option.

config-gateway.yaml cannot be configurd

Current config-gateway.yaml does not work due to the following error:

error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go struct field GatewayConfig.gateway of type types.NamespacedName

The reason is that the NamespacedName fails to be marhaled in pkg/reconciler/ingress/config/gateway.go

        entry := make(map[v1alpha1.IngressVisibility]GatewayConfig)
        if err := yaml.Unmarshal([]byte(v), &entry); err != nil {
                return nil, err
        }

Conformance tests for the Gateway APIs

We need to set up the conformance tests with the way we use Gateway APIs so that the various networking implementations (e.g. Istio, contour) could run them and check if they can support those Gateway APIs.

/assign @nak3

Conformance test checklist for Istio

This checklist tracks that all Knative conformance tests for this Gateway API implementation are passing.

  • basics/TestBasics
  • basics/TestBasicsHTTP2
  • grpc/TestGRPC
  • grpc/TestGRPCSplit
  • headers/TestProbeHeaders
  • headers/TestPreSplitSetHeaders
  • headers/TestPostSplitSetHeaders
  • hosts/TestMultipleHosts
  • dispatch/TestPath
  • dispatch/TestPercentage
  • dispatch/TestPathAndPercentageSplit
  • dispatch/TestRule
  • retry/TestRetry
  • timeout/TestTimeout
  • tls/TestIngressTLS
  • update/TestUpdate
  • visibility/TestVisibility
  • visibility/TestVisibilitySplit
  • visibility/TestVisibilityPath
  • ingressclass/TestIngressClass
  • websocket/TestWebsocket
  • websocket/TestWebsocketSplit

Sources:

Updated: Aug, 8 2022.

Create a GH checklist template for e2e conformance tests

These tests are run with the net-gateway-api controller. They are the tests here: net-gateway-api/pkg/reconciler/ingress at main · knative-sandbox/net-gateway-api.

Ex: for how they are invoked:
(test/kind-e2e-contour.sh)

With this checklist, a new issue can be opened for each implementation and each test checked off as the tests are confirmed as passing.

For visibility, maybe it would be useful to keep these issues pinned and check the tests on/off as the status of each changes.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.