Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSConfig.mode is "optional", but has no default #2070

Closed
tommie opened this issue May 27, 2023 · 7 comments · May be fixed by #2460
Closed

TLSConfig.mode is "optional", but has no default #2070

tommie opened this issue May 27, 2023 · 7 comments · May be fixed by #2460
Assignees
@robscott
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/documentation Categorizes issue or PR as related to documentation. release-blocker MUST be completed to complete the milestone triage/accepted Indicates an issue or PR is ready to be actively worked on.
Milestone
v1.0.0

Comments

@tommie
Copy link

tommie commented May 27, 2023

What happened:
Looking at https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1beta1.GatewayTLSConfig, the mode is optional, but it is not explained what it means if this is missing.

The certificateRefs field says:

This field is required to have at least one element when the mode is set to “Terminate” (default) and is optional otherwise.

Which suggests that "terminate" is actually the default.

What you expected to happen:
It is clearly stated what happens if the field isn't present.

Anything else we need to know?:
Neither Envoy Gateway nor cert-manager handle "terminate" as the default.
@tommie tommie added the kind/bug Categorizes issue or PR as related to a bug. label May 27, 2023
@shaneutt shaneutt added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label May 30, 2023
@shaneutt
Copy link
Member

We talked about this in our sync today, we need to do a little more thinking about what we wanna do next with this one, I'll triage it forward:

/assign @shaneutt

@shaneutt
Copy link
Member

Discussed this with the other maintainers, we definitely need some updates here.

/triage accepted
/milestone v1.0.0
/unassign

We need to start by documenting that the unset behavior is dependent on protocol.

/kind documentation
/help

@k8s-ci-robot
Copy link
Contributor

@shaneutt:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

Discussed this with the other maintainers, we definitely need some updates here.

/triage accepted
/milestone v1.0.0
/unassign

We need to start by documenting that the unset behavior is dependent on protocol.

/kind documentation
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/documentation Categorizes issue or PR as related to documentation. labels May 30, 2023
@shaneutt shaneutt added this to the v1.0.0 milestone May 30, 2023
@shaneutt shaneutt removed the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jul 10, 2023
@shaneutt
Copy link
Member

Talked about this one in the sync, looks like Terminate IS the default? https://github.com/kubernetes-sigs/gateway-api/blob/bf76bd0499cffa94966a218678bef86aac948943/apis/v1beta1/gateway_types.go#L310C35-L310C35

/assign @robscott

@shaneutt shaneutt added release-blocker MUST be completed to complete the milestone and removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Sep 27, 2023
@robscott
Copy link
Member

robscott commented Oct 5, 2023

Confirmed that Terminate is the default, closing this one out.

API:

gateway-api/apis/v1beta1/gateway_types.go

Lines 352 to 353 in d4ff2d4

// +kubebuilder:default=Terminate
Mode *TLSModeType `json:"mode,omitempty"`

CRD:

gateway-api/config/crd/standard/gateway.networking.k8s.io_gateways.yaml

Lines 445 to 446 in d4ff2d4

mode:
default: Terminate

/close

@robscott robscott closed this as completed Oct 5, 2023
@tommie
Copy link
Author

tommie commented Oct 6, 2023

Should I make a PR to add this to the docs?

This issue was about the docs not stating it. Other optional enum fields explain what missing means.

@robscott
Copy link
Member

robscott commented Oct 6, 2023

@tommie yep, that makes sense, sorry for the confusion here!

@tommie tommie mentioned this issue Oct 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robscott robscott

Labels
kind/bug Categorizes issue or PR as related to a bug. kind/documentation Categorizes issue or PR as related to documentation. release-blocker MUST be completed to complete the milestone triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
No open projects
Gateway API: The Road to GA
Status: Done
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

Explain the default for TLSConfig.mode in documentation tommie/gateway-api
4 participants
@tommie @robscott @shaneutt @k8s-ci-robot