Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.16] Warn on missing TLS secret #9974

Merged
merged 7 commits into from
Sep 4, 2024
Merged

[1.16] Warn on missing TLS secret #9974

merged 7 commits into from
Sep 4, 2024

Conversation

jbohanon
Copy link
Contributor

@jbohanon jbohanon commented Aug 29, 2024
edited
Loading

Backport #9875

Description

Updates the condition of a VirtualService referencing a TLS secret that does not exist from an error state to a warning state. This is to allow for eventual consistency with VS creation and TLS secret creation.

Fill out any of the following sections that are relevant and remove the others

API changes

  • Added warnings to Listener validation API

Code changes

  • Report missing tls secret errors as a Listener Warning instead of error

Test changes

  • Added kube2e tests for case when allowWarnings=true to validate that we have differing and correct behavior dependent on the value of warnMissingTlsSecret. The logic for these tests largely mirrors that of the secret validation test for [Describe] Kube2e: gateway [Context] Validation configuration [When] allowWarnings=false [Context] secret validation

Docs changes

TODO

Context

Users ran into this eventual consistency issue when applying a cert-manager Certificate resource at the same time as a VirtualService resource. Because the Certificate does not synchronously create the TLS secret, the VirtualService is rejected by validation.

Testing steps

# if you don't have a cluster, create one 
kind create cluster
# Install gloo
helm repo add gloo https://storage.googleapis.com/solo-public-helm
helm repo update
# we are disabling validation here to allow the async application of secret/VS
helm install -n gloo-system gloo gloo/gloo --version v1.16.19 --create-namespace --set gateway.validation.alwaysAcceptResources=true --set gateway.validation.allowWarnings=true

# Create a VS and TLS secret
k apply -f - << EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: tls-secret-1
  namespace: gloo-system
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVQVENDQWlXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFiTVFvd0NBWURWUVFEREFFcU1RMHcKQ3dZRFZRUUtEQVJ5YjI5ME1CNFhEVEl6TVRFd09ERTJORFExTjFvWERUTXpNVEV3TlRFMk5EUTFOMW93SGpFSwpNQWdHQTFVRUF3d0JLakVRTUE0R0ExVUVDZ3dIWjJGMFpYZGhlVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTit0V2hoa3QvNVFQTUw4UGorZ1JScUM1blp5TG9Sem5iK3hPazdQTVozRndtYUcKNThvbVhPRm16ZmJlK0VaaGE0UlBhK1BpdFhFbitjZkM5allYRU42dGM1WExWUjlKK1dCRXRhSUpoZlh2VzAvbgpraEg0MWFZa2NCQVMyTEh1U3l4WWd3VERMRzI1OUxVdVJFT3VGSVhtWUZJaGVlZTZ6V3dRMXk0Ujk1VzRoVGFzCi9JVk9wYmttbSsyM0ZVQ1Q3RTcvNzN0RFh3Q1dpekc3UnUyZ1p2aS9tK0ZRVUJCZmFPTGxzelQvVHNwNTB3YmUKY0hxY29UbWJNWUJpWDk1RFBYTWtnZ2g5M1R2bnBWb0taYVZhWDNOdHlGRGJOZnEyLzZaT2daNFlNZVgzb0VMUgpiVllpY01rU3lZRHJWbW9jeHZBMWdQQUsxd2NkVE1OcjlnY0F1b0VDQXdFQUFhT0JpRENCaFRBSkJnTlZIUk1FCkFqQUFNQXNHQTFVZER3UUVBd0lGNERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3RXcKREFZRFZSMFJCQVV3QTRJQktqQWRCZ05WSFE0RUZnUVVxaW40SEhXN08wR3NLbGgwUEJ2SFFZSzRQT013SHdZRApWUjBqQkJnd0ZvQVVZb3l3TXpJN1BpWGtJd3FMSTdkNzA5SmJnVmN3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCCkFCQ3p2NUUrb3hYT3RBUi9UWWE2YWJMVm94WENPWFZVeVFRell5VFJoekJOY0Vjbk1NeDBHc2V1NHRXeUlmem8KNmQ5LzRkOWdmdDlRNnVTS1RZUkhYU0VIQUFsMmlEWGdQTTZoSk0vNmpxQlE2N1ErVkVrUTJWVUMySDZEYjF1Qwo2VGdldk9MdlA1eDhrS2FjZVNnYTdmSHZJcW95OHVmbm1BSzlhd2ZobE9hajBjUWcxQXV6aW14blhzTVQvdkNVCm9Xa2xPZSt0TDA2OEd3LytIMFJQMTJ6N2t6VGJDbXZuRWU4bk1QSXNrU21NZTcvUnZLcUFuYTd0NHFDOVdyRXgKWlFZK0NlOVhrTnI3RGJaZnprTmpqUFV2OEozdHN2dzY5Zm1HcVBEWVpHMm1HQjRzeGFyNy9mZG4rbGd3MDVsRwpBbEhhaWpXTlVGTWtmcXgvUzZnampEL0NPZVpRcVltM1hLY3RCWkFSUjNJRUR0RWNEUkRzNllvczhCUTBzbS9ECkhnNG1XWWR4Y283WlpnUzF6ZWlhdkNwRWxDaXEzWnB5c0EvS1NLS056Y1RIRk5acXBxYWFNdVQvaTBuaUI1MmEKZmpFSDUzdk1wYXhUK1IvcFIxQ1NMREZ6VDI3OTFMaEprZkJWVWwzQkdnOVY2VCt6bkl1Nkk1aVU1RlZZbVl3UApubS9EYitncE9JalEyU0w5Wm1nVkNvdjFvNTBTU3ZLN1RYSFVIaXFoZXlucDAyR1ZYYXpFT295ODBWcG04dW9JCklvS2NFOS9IUldOT0F5Uk41cWtYRDBnalpJOWM1aUtjV25kQ1B1cnBFZENNZUdiems1cWRUNGhZSFFsM2RKeW8KNHJoZm9MN051R1VUa0o1ZCtGdFBwaXRISkNEVGdUb05LTVNGcTcxbzRoMXkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktVd2dnU2hBZ0VBQW9JQkFRRGZyVm9ZWkxmK1VEekMKL0Q0L29FVWFndVoyY2k2RWM1Mi9zVHBPenpHZHhjSm1odWZLSmx6aFpzMzIzdmhHWVd1RVQydmo0clZ4Si9uSAp3dlkyRnhEZXJYT1Z5MVVmU2ZsZ1JMV2lDWVgxNzF0UDU1SVIrTldtSkhBUUV0aXg3a3NzV0lNRXd5eHR1ZlMxCkxrUkRyaFNGNW1CU0lYbm51czFzRU5jdUVmZVZ1SVUyclB5RlRxVzVKcHZ0dHhWQWsreE8vKzk3UTE4QWxvc3gKdTBidG9HYjR2NXZoVUZBUVgyamk1Yk0wLzA3S2VkTUczbkI2bktFNW16R0FZbC9lUXoxekpJSUlmZDA3NTZWYQpDbVdsV2w5emJjaFEyelg2dHYrbVRvR2VHREhsOTZCQzBXMVdJbkRKRXNtQTYxWnFITWJ3TllEd0N0Y0hIVXpECmEvWUhBTHFCQWdNQkFBRUNnZjhQVjFhUUwxaEVteTl0amc1WkR0SFFxRGFJZGZ0UUhwVmdCY0ZtMVVyZzBnSzAKWjZHa204V0REZ2ZqYlNlTlZ1RXhlRnFqV2RwWDkyeFhHbGNJdUV4SFgvZStsTXNRdnBWUllMcGhQblRuQU1YVgp0MG9rN1NYTFBVRll4OC8vcUcvWkZHTzA0UHJYNmFMRFNuZ0NBYXhxOFpNbFpFUkMyaUJKaTAwVXhGNHNKR25WCklJeHFLeVRnbWpBcFV6c1BDWXF5ci9aNmJTRkVnbVNxNzJobmt2Rm1PV3NYcldzRlZLY05iUUplWTRMMEJuWUsKWk5xODNmemt6ekpxbVh3OEVncWFPNlhWMmJtVmYrM1hSL3ViMDRGeXRya0Y5bE1JU0pWOUhkQmtRaGV2VzZhVApoSG5pblV6VkgyUlh4M1piYWw3ck1ZL0lOMWNmaFVlWm9BZDQ0ZGtDZ1lFQTh1bHorbXpPWXg0QVNnWUo0eVNICkdmc1VQeXpJUU9vaEVJQmtxMWNrUHJlbVhsdEdoWTcrRmtYYmh5cnVuOTRIREJJZWR0RWt0YjlZSDkvT0xNME8KK056TlhTYnlaQ3ZTa1U1ZlNNeUpDc3E3L01JTlVpNUxGN1FLQVF1ZXk3WDgvUGU3NHhFQ29hN1AvSlJkTnYrdgpjUnkyUEZOSlNGbTJGdkxGeDA4TDFWa0NnWUVBNjdxV3Q5dENpQ24zRXVPM2hEeFptZ3VSWU55Tk9TWkowdjR5Cm9zaXZ0WFl2ZGVYWGxGZWFWSEJtZG5vZUYrVTZ6TXpUQUY0d09jNmZpenpCMjlGVkxjWjJmTE5tWXc0RmxENFEKR0wzMHVJckQ5WXJraGZWZm85TW9aVHo2cWJnc0xQQnNZTXljelpFOThyb3dmZVp2MkUzQ1lRaDhOL1lGbXRmOQptWTViNFdrQ2dZQkQyc2pHQkl6bWpTUGhpYXhMWWhISFJTYlR1dXU1am0xc0VhR05aMHM5cGNsNGhDREFBRUNqCjhpR3ZzV04xRHUyREJyQ3gyaHhhRkxoR054dDkwazVEWUZLUm1lYU42dHZvTVM5V3c2UG9ldGRtZE1LSjJWcXEKcFdWQ0EzLzVRYjRJNEI4QS8raHZSOGpic29vVGFmc1ZLc01ST09hNHFpNitYRlM1SnpDVUNRS0JnRmZLN2tjYgpTZlFjYlFDRC90MG8vTlg2YVBLQ01iYVBJLytJM0tMenl6engvMHNSaHZDZ2o4SFMrdFkxTlBBQlY1emV5OWJmClBXYktKWEZkOTNVK3lWSjdEN1h4dXJnNWlLcGxVdWxrRmJpRk5lWkZERWMzMDU3WURidG1zcFJ6RzBEQmFodkQKR01NV3pOT1J0RzJ2WFFoYUxZS2wvbDE1S3kwNE5DTDBlaFBCQW9HQkFMK2RmaVFmUjhYVGMwMzF6R0xwQm1kdQpOMU81aDM1cUdIT0s4M25MY1VQSnhzc0JTSGVxNTZEVHBic3VMRjY0V1c2bk5KSWRwckdRLzNpOFZldzhDa05ZCmtXY2ZGWkdUTGM4b2g4Tkw4bWpiZGtITCs3M3ZuVy9FbEZRRDlWZTE3WWN0cEZKbUcwcVBSaFVWQzhkSG5RYnAKWXRMTTQxb01qQlQ3NUdjRjBZZ2wKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: vs-1
  namespace: gloo-system
spec:
  sslConfig:
    sniDomains:
      - vs-1
    secretRef:
      name: tls-secret-1
      namespace: gloo-system
  virtualHost:
    domains:
    - 'vs-1'
    - 'vs-1:8443'
    routes:
    - matchers:
      - exact: /
      directResponseAction:
        status: 200
        body: "success from vs-1"
EOF
# Port-forward gateway-proxy
kubectl port-forward -n gloo-system deploy/gateway-proxy 8443 &
export PF_PID=$!
# curl to validate that we're getting traffic
curl -k --connect-to vs-1:8443:127.0.0.1 https://vs-1:8443
# Apply a second VS referencing a TLS secret that does not exist
k apply -f - << EOF
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: vs-2
  namespace: gloo-system
spec:
  sslConfig:
    sniDomains:
      - vs-2
    secretRef:
      name: tls-secret-2
      namespace: gloo-system
  virtualHost:
    domains:
    - 'vs-2'
    - 'vs-2:8443'
    routes:
    - matchers:
      - exact: /
      directResponseAction:
        status: 200
        body: "success from vs-2"
EOF
# curl to show we are still receiving traffic
curl -k --connect-to vs-1:8443:127.0.0.1 https://vs-1:8443
# restart gloo deployment to roll the pod
k rollout restart deploy/gloo -n gloo-system
k rollout status deploy/gloo -n gloo-system
# Port-forward gateway-proxy
kill $PF_PID
kubectl port-forward -n gloo-system deploy/gateway-proxy 8443 &
export PF_PID=$!
# curl to show that we are NO LONGER receiving traffic, even on the good VS
curl -k --connect-to vs-1:8443:127.0.0.1 https://vs-1:8443
# build and load this branch
# note that upgrading isn't causing resources to update to the locally built versions
make kind-build-and-load build-test-chart
helm delete -n gloo-system gloo --wait
helm install -n gloo-system gloo _test/gloo-1.0.1-dev.tgz  --set gateway.validation.alwaysAcceptResources=false --set gateway.validation.allowWarnings=true --set gateway.validation.warnMissingTlsSecret=true
# force retranslation of gateway resource by patching the VS
k patch vs -n gloo-system vs-1 --type merge --patch="{\"metadata\":{\"annotations\":{\"manually-updated-at\":\"$(date)\"}}}"
# restart gloo deployment to roll the pod
k rollout restart deploy/gloo -n gloo-system
k rollout status deploy/gloo -n gloo-system
# Port-forward gateway-proxy
kill $PF_PID
kubectl port-forward -n gloo-system deploy/gateway-proxy 8443 &
export PF_PID=$!
# curl to show that we are receiving traffic on the good VS, but not on the invalid VS
curl -k --connect-to vs-1:8443:127.0.0.1 https://vs-1:8443
curl -k --connect-to vs-2:8443:127.0.0.1 https://vs-2:8443
# in another terminal, watch the status on the gateway resource
watch -n1 "kubectl get -n gloo-system ggw gateway-proxy-ssl -o jsonpath='{.status}' | jq ."

# apply the secret that was missing
k apply -f - << EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: tls-secret-2
  namespace: gloo-system
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVQVENDQWlXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFiTVFvd0NBWURWUVFEREFFcU1RMHcKQ3dZRFZRUUtEQVJ5YjI5ME1CNFhEVEl6TVRFd09ERTJORFExTjFvWERUTXpNVEV3TlRFMk5EUTFOMW93SGpFSwpNQWdHQTFVRUF3d0JLakVRTUE0R0ExVUVDZ3dIWjJGMFpYZGhlVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTit0V2hoa3QvNVFQTUw4UGorZ1JScUM1blp5TG9Sem5iK3hPazdQTVozRndtYUcKNThvbVhPRm16ZmJlK0VaaGE0UlBhK1BpdFhFbitjZkM5allYRU42dGM1WExWUjlKK1dCRXRhSUpoZlh2VzAvbgpraEg0MWFZa2NCQVMyTEh1U3l4WWd3VERMRzI1OUxVdVJFT3VGSVhtWUZJaGVlZTZ6V3dRMXk0Ujk1VzRoVGFzCi9JVk9wYmttbSsyM0ZVQ1Q3RTcvNzN0RFh3Q1dpekc3UnUyZ1p2aS9tK0ZRVUJCZmFPTGxzelQvVHNwNTB3YmUKY0hxY29UbWJNWUJpWDk1RFBYTWtnZ2g5M1R2bnBWb0taYVZhWDNOdHlGRGJOZnEyLzZaT2daNFlNZVgzb0VMUgpiVllpY01rU3lZRHJWbW9jeHZBMWdQQUsxd2NkVE1OcjlnY0F1b0VDQXdFQUFhT0JpRENCaFRBSkJnTlZIUk1FCkFqQUFNQXNHQTFVZER3UUVBd0lGNERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3RXcKREFZRFZSMFJCQVV3QTRJQktqQWRCZ05WSFE0RUZnUVVxaW40SEhXN08wR3NLbGgwUEJ2SFFZSzRQT013SHdZRApWUjBqQkJnd0ZvQVVZb3l3TXpJN1BpWGtJd3FMSTdkNzA5SmJnVmN3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCCkFCQ3p2NUUrb3hYT3RBUi9UWWE2YWJMVm94WENPWFZVeVFRell5VFJoekJOY0Vjbk1NeDBHc2V1NHRXeUlmem8KNmQ5LzRkOWdmdDlRNnVTS1RZUkhYU0VIQUFsMmlEWGdQTTZoSk0vNmpxQlE2N1ErVkVrUTJWVUMySDZEYjF1Qwo2VGdldk9MdlA1eDhrS2FjZVNnYTdmSHZJcW95OHVmbm1BSzlhd2ZobE9hajBjUWcxQXV6aW14blhzTVQvdkNVCm9Xa2xPZSt0TDA2OEd3LytIMFJQMTJ6N2t6VGJDbXZuRWU4bk1QSXNrU21NZTcvUnZLcUFuYTd0NHFDOVdyRXgKWlFZK0NlOVhrTnI3RGJaZnprTmpqUFV2OEozdHN2dzY5Zm1HcVBEWVpHMm1HQjRzeGFyNy9mZG4rbGd3MDVsRwpBbEhhaWpXTlVGTWtmcXgvUzZnampEL0NPZVpRcVltM1hLY3RCWkFSUjNJRUR0RWNEUkRzNllvczhCUTBzbS9ECkhnNG1XWWR4Y283WlpnUzF6ZWlhdkNwRWxDaXEzWnB5c0EvS1NLS056Y1RIRk5acXBxYWFNdVQvaTBuaUI1MmEKZmpFSDUzdk1wYXhUK1IvcFIxQ1NMREZ6VDI3OTFMaEprZkJWVWwzQkdnOVY2VCt6bkl1Nkk1aVU1RlZZbVl3UApubS9EYitncE9JalEyU0w5Wm1nVkNvdjFvNTBTU3ZLN1RYSFVIaXFoZXlucDAyR1ZYYXpFT295ODBWcG04dW9JCklvS2NFOS9IUldOT0F5Uk41cWtYRDBnalpJOWM1aUtjV25kQ1B1cnBFZENNZUdiems1cWRUNGhZSFFsM2RKeW8KNHJoZm9MN051R1VUa0o1ZCtGdFBwaXRISkNEVGdUb05LTVNGcTcxbzRoMXkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktVd2dnU2hBZ0VBQW9JQkFRRGZyVm9ZWkxmK1VEekMKL0Q0L29FVWFndVoyY2k2RWM1Mi9zVHBPenpHZHhjSm1odWZLSmx6aFpzMzIzdmhHWVd1RVQydmo0clZ4Si9uSAp3dlkyRnhEZXJYT1Z5MVVmU2ZsZ1JMV2lDWVgxNzF0UDU1SVIrTldtSkhBUUV0aXg3a3NzV0lNRXd5eHR1ZlMxCkxrUkRyaFNGNW1CU0lYbm51czFzRU5jdUVmZVZ1SVUyclB5RlRxVzVKcHZ0dHhWQWsreE8vKzk3UTE4QWxvc3gKdTBidG9HYjR2NXZoVUZBUVgyamk1Yk0wLzA3S2VkTUczbkI2bktFNW16R0FZbC9lUXoxekpJSUlmZDA3NTZWYQpDbVdsV2w5emJjaFEyelg2dHYrbVRvR2VHREhsOTZCQzBXMVdJbkRKRXNtQTYxWnFITWJ3TllEd0N0Y0hIVXpECmEvWUhBTHFCQWdNQkFBRUNnZjhQVjFhUUwxaEVteTl0amc1WkR0SFFxRGFJZGZ0UUhwVmdCY0ZtMVVyZzBnSzAKWjZHa204V0REZ2ZqYlNlTlZ1RXhlRnFqV2RwWDkyeFhHbGNJdUV4SFgvZStsTXNRdnBWUllMcGhQblRuQU1YVgp0MG9rN1NYTFBVRll4OC8vcUcvWkZHTzA0UHJYNmFMRFNuZ0NBYXhxOFpNbFpFUkMyaUJKaTAwVXhGNHNKR25WCklJeHFLeVRnbWpBcFV6c1BDWXF5ci9aNmJTRkVnbVNxNzJobmt2Rm1PV3NYcldzRlZLY05iUUplWTRMMEJuWUsKWk5xODNmemt6ekpxbVh3OEVncWFPNlhWMmJtVmYrM1hSL3ViMDRGeXRya0Y5bE1JU0pWOUhkQmtRaGV2VzZhVApoSG5pblV6VkgyUlh4M1piYWw3ck1ZL0lOMWNmaFVlWm9BZDQ0ZGtDZ1lFQTh1bHorbXpPWXg0QVNnWUo0eVNICkdmc1VQeXpJUU9vaEVJQmtxMWNrUHJlbVhsdEdoWTcrRmtYYmh5cnVuOTRIREJJZWR0RWt0YjlZSDkvT0xNME8KK056TlhTYnlaQ3ZTa1U1ZlNNeUpDc3E3L01JTlVpNUxGN1FLQVF1ZXk3WDgvUGU3NHhFQ29hN1AvSlJkTnYrdgpjUnkyUEZOSlNGbTJGdkxGeDA4TDFWa0NnWUVBNjdxV3Q5dENpQ24zRXVPM2hEeFptZ3VSWU55Tk9TWkowdjR5Cm9zaXZ0WFl2ZGVYWGxGZWFWSEJtZG5vZUYrVTZ6TXpUQUY0d09jNmZpenpCMjlGVkxjWjJmTE5tWXc0RmxENFEKR0wzMHVJckQ5WXJraGZWZm85TW9aVHo2cWJnc0xQQnNZTXljelpFOThyb3dmZVp2MkUzQ1lRaDhOL1lGbXRmOQptWTViNFdrQ2dZQkQyc2pHQkl6bWpTUGhpYXhMWWhISFJTYlR1dXU1am0xc0VhR05aMHM5cGNsNGhDREFBRUNqCjhpR3ZzV04xRHUyREJyQ3gyaHhhRkxoR054dDkwazVEWUZLUm1lYU42dHZvTVM5V3c2UG9ldGRtZE1LSjJWcXEKcFdWQ0EzLzVRYjRJNEI4QS8raHZSOGpic29vVGFmc1ZLc01ST09hNHFpNitYRlM1SnpDVUNRS0JnRmZLN2tjYgpTZlFjYlFDRC90MG8vTlg2YVBLQ01iYVBJLytJM0tMenl6engvMHNSaHZDZ2o4SFMrdFkxTlBBQlY1emV5OWJmClBXYktKWEZkOTNVK3lWSjdEN1h4dXJnNWlLcGxVdWxrRmJpRk5lWkZERWMzMDU3WURidG1zcFJ6RzBEQmFodkQKR01NV3pOT1J0RzJ2WFFoYUxZS2wvbDE1S3kwNE5DTDBlaFBCQW9HQkFMK2RmaVFmUjhYVGMwMzF6R0xwQm1kdQpOMU81aDM1cUdIT0s4M25MY1VQSnhzc0JTSGVxNTZEVHBic3VMRjY0V1c2bk5KSWRwckdRLzNpOFZldzhDa05ZCmtXY2ZGWkdUTGM4b2g4Tkw4bWpiZGtITCs3M3ZuVy9FbEZRRDlWZTE3WWN0cEZKbUcwcVBSaFVWQzhkSG5RYnAKWXRMTTQxb01qQlQ3NUdjRjBZZ2wKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
EOF

# force retranslation of gateway resource by patching the VS
k patch vs -n gloo-system vs-1 --type merge --patch="{\"metadata\":{\"annotations\":{\"manually-updated-at\":\"$(date)\"}}}"
# Port-forward gateway-proxy
kill $PF_PID
kubectl port-forward -n gloo-system deploy/gateway-proxy 8443 &
export PF_PID=$!
# curl to show that we are receiving traffic on both, now valid VS
curl -k --connect-to vs-1:8443:127.0.0.1 https://vs-1:8443
curl -k --connect-to vs-2:8443:127.0.0.1 https://vs-2:8443

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@jbohanon jbohanon requested a review from a team as a code owner August 29, 2024 20:52
@github-actions github-actions bot added the keep pr updated signals bulldozer to keep pr up to date with base branch label Aug 29, 2024
@solo-changelog-bot
Copy link

Issues linked to changelog:
#6957

@jbohanon jbohanon added the work in progress signals bulldozer to keep pr open (don't auto-merge) label Aug 29, 2024
@jbohanon
Copy link
Contributor Author

jbohanon commented Sep 3, 2024

Validated in https://github.com/solo-io/solo-projects/pull/6840

sheidkamp
sheidkamp reviewed Sep 3, 2024
View reviewed changes
Copy link
Contributor

@sheidkamp sheidkamp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions about the tests

projects/gloo/pkg/translator/translator_test.go Show resolved Hide resolved
test/kube2e/gateway/gateway_test.go Show resolved Hide resolved
nfuden
nfuden reviewed Sep 4, 2024
View reviewed changes
Copy link
Contributor

@nfuden nfuden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

stepped through the tests and they make sense given the back port changes.

Only real thoughts arent related to the backport and rather about how we can be louder about configuration that is noeffect such as when this and allowwarnings is false

@jbohanon jbohanon removed the work in progress signals bulldozer to keep pr open (don't auto-merge) label Sep 4, 2024
@jbohanon
Copy link
Contributor Author

jbohanon commented Sep 4, 2024
edited
Loading

paging mr dozer... hellooooo

@soloio-bulldozer soloio-bulldozer bot merged commit 4e68822 into v1.16.x Sep 4, 2024
12 checks passed
@soloio-bulldozer soloio-bulldozer bot deleted the jbohanon/backports/v1.16.x/missing-tls-secret branch September 4, 2024 17:11
jbohanon added a commit that referenced this pull request Sep 4, 2024
@jbohanon
[1.16] Warn on missing TLS secret (#9974)
2178caf
@jbohanon jbohanon mentioned this pull request Sep 4, 2024
Merged
4 tasks
jbohanon added a commit that referenced this pull request Sep 6, 2024
@jbohanon
[1.16] Warn on missing TLS secret (#9974)
a19288e
@jbohanon jbohanon mentioned this pull request Sep 6, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sheidkamp sheidkamp sheidkamp approved these changes

@nfuden nfuden nfuden approved these changes

Assignees
No one assigned
Labels
keep pr updated signals bulldozer to keep pr up to date with base branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jbohanon @sheidkamp @nfuden