Validate all HTTPRoute features

[mlavacca]

Is there an existing issue for this?

• I have searched the existing issues

Problem Statement

The current admission logic in the validatingWebhook for HTTPRoutes checks only a subset of the conditions that make an HTTPRoute invalid for our implementation:

• QueryParamMatching if expression router is disabled
• ParentRef different from core/Service

We need to check ALL the below conditions that make a HTTPRoute invalid for our implementation:

• requestMirror rule filter
• urlRewrite rule filter
• HTTPBackendRef.Filters should be empty
• rules Timeouts
• ParentRef should always be gateway.networking.k8s.io/Gateway or /Gateway

Proposed Solution

No response

Additional information

No response

Acceptance Criteria

• all the conditions specified above are checked in the validation webhook

[randmonkey]

I found such comments in the spec of v1.Listener:

	// All valid rules within a Route attached to this Listener should be
	// implemented. Invalid Route rules can be ignored (sometimes that will mean
	// the full Route). If a Route rule transitions from valid to invalid,
	// support for that Route rule should be dropped to ensure consistency. For
	// example, even if a filter specified by a Route rule is invalid, the rest
	// of the rules within that Route should still be supported.

According to the comments, if a rule is invalid while there are other valid routes, should we reject this HTTPRoute?

[mlavacca]

I found such comments in the spec of v1.Listener:

	// All valid rules within a Route attached to this Listener should be
	// implemented. Invalid Route rules can be ignored (sometimes that will mean
	// the full Route). If a Route rule transitions from valid to invalid,
	// support for that Route rule should be dropped to ensure consistency. For
	// example, even if a filter specified by a Route rule is invalid, the rest
	// of the rules within that Route should still be supported.

According to the comments, if a rule is invalid while there are other valid routes, should we reject this HTTPRoute?

A route can be invalid for many reasons, and usage of unsupported features is only one of them. In that case, there is no condition that can be used to mark the route as invalid.
Since there is a lack of status condition upstream to mark a route as rejected because of unsupported features (this discussion is about it), I think that (at least for the time being) what we should do is rejecting a route in such a scenario via the validating webhook. Hence, I think that even if a route has a single rule declaring an unsupported feature, we should reject it.