Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding GEP-3567: Gateway TLS Updates for HTTP/2 Connection Coalescing #3572

Merged
merged 1 commit into from
Jan 31, 2025
Merged

Adding GEP-3567: Gateway TLS Updates for HTTP/2 Connection Coalescing #3572

merged 1 commit into from
Jan 31, 2025

Conversation

robscott
Copy link
Member

What type of PR is this?
/kind gep

What this PR does / why we need it:
This is a relatively small GEP that may not need to be a GEP, but creating one for the purpose of record keeping. Hoping to get at least A and B in v1.3. This is tracked by #3567.

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/gep PRs related to Gateway Enhancement Proposal(GEP) cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Jan 28, 2025
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 28, 2025
howardjohn
howardjohn reviewed Jan 28, 2025
View reviewed changes
geps/gep-3567/index.md Outdated

### C) Top Level Gateway TLS Config for Client Cert Validation

GEP-91 will be updated to move this configuration to a new top level Gateway TLS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this expected to interact with gateway merging/ListenerSets?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question. While I think it's reasonable/natural to have SNI determine the cert you're served, I'm less clear on if there's a safe way to have per-SNI client cert validation. This will have to be a follow up in GEP-91, but I'd suggest leaving this concept entirely out of ListenerSet.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the record, I have verified that the current ListenerSet GEP excludes client cert validation.

@mlavacca
Copy link
Member

/cc

@k8s-ci-robot k8s-ci-robot requested a review from mlavacca January 28, 2025 16:59
@arkodg arkodg mentioned this pull request Jan 28, 2025
Open
mlavacca
mlavacca reviewed Jan 30, 2025
View reviewed changes
Copy link
Member

@mlavacca mlavacca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this GEP, @robscott!

mlavacca
mlavacca reviewed Jan 31, 2025
View reviewed changes
Copy link
Member

@mlavacca mlavacca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, I've left a minor not blocking nit in a comment (feel free to address or discard it).
Once we fix yaml linting, I'm good with merging it.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mlavacca, robscott

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kflynn
Copy link
Contributor

kflynn commented Jan 31, 2025

/lgtm

even though the whole situation is awful, as previously discussed. 🙂

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 31, 2025
@robscott
Copy link
Member Author

even though the whole situation is awful

Haha thanks @kflynn, completely agree.

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 31, 2025
@k8s-ci-robot k8s-ci-robot merged commit a1161fd into kubernetes-sigs:main Jan 31, 2025
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@howardjohn howardjohn howardjohn left review comments

@arkodg arkodg arkodg left review comments

@mlavacca mlavacca mlavacca left review comments

@candita candita Awaiting requested review from candita

Assignees

@kflynn kflynn

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/gep PRs related to Gateway Enhancement Proposal(GEP) lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@robscott @mlavacca @k8s-ci-robot @kflynn @howardjohn @arkodg