feat(gateway-api): Add initial support for tls and grpc routes #238
Conversation
|
Thanks for enabling ci, I'll fix those linting issues |
larivierec
force-pushed
the
feature/support-tls-grpc-routes
branch
2 times, most recently
from
96b73b0
to
d22df0a
Compare
|
hi @networkop , i'm going to have to find a better way to test. from what i understand, i'll need an SSL cert in order to do proper integration tests, this might be complicated to do or perhaps i should spoof them with self signed certs? do you have any ideas? side note: i fixed the linting and added tls/grpc to the tests controller i was sure i had previously done that but apparently not. |
I think doing tests with self-signed certs should be good enough. |
|
just letting you know, i'm having issues running kind on my arm Mac. i was able to generate the cert locally and create with just letting you know i didn't forget, trying to configure my local env on m2 properly. |
|
hi @networkop I was finally able to get some very basic integration tests done Below is the output for k8s-gateway plugin accepting the new tls/grpc routes You can see that it properly matches the IP of (⎈|local:kube-system)➜ home-cluster git:(main) ✗ k -n default get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 2d14h
istiod ClusterIP 10.43.18.104 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 19m
backend ClusterIP 10.43.204.227 <none> 80/TCP 19m
annotation-bad LoadBalancer 10.43.249.147 198.51.100.5 80:31092/TCP 19m
annotation-bad-2 LoadBalancer 10.43.16.121 198.51.100.148 80:32460/TCP 19m
annotation-good LoadBalancer 10.43.196.200 198.51.100.99 80:30094/TCP 19m
gateway LoadBalancer 10.43.7.176 198.51.100.111 15021:32018/TCP,80:30444/TCP,443:31129/TCP 19m
ingress-nginx-controller LoadBalancer 10.43.102.214 198.51.100.53 80:32344/TCP,443:30830/TCP 19m
nginxinc-nginx-ingress-controller LoadBalancer 10.43.95.164 198.51.100.82 80:32342/TCP,443:30857/TCP 19m
test LoadBalancer 10.43.199.34 198.51.100.66 80:31382/TCP 19m
gateway-one-istio LoadBalancer 10.43.59.247 198.51.100.116 15021:32366/TCP,80:32636/TCP 17m
gateway-two-istio LoadBalancer 10.43.36.109 198.51.100.200 15021:30421/TCP,80:32122/TCP 17mcolima:/Users/christopher$ nslookup myservicetls.gw.foo.org 10.43.150.78
Server: 10.43.150.78
Address: 10.43.150.78:53
Name: myservicetls.gw.foo.org
Address: 198.51.100.116I had to heavily modify the tiltfiles and had to seperate the stacks into single-stack (ipv4) and dual-stack(ipv6) because I was unable to test ipv6 with Colima on M2 Pro. I took the liberty of updating the Tiltfiles with latest chart versions.
I'll be committing all these changes |
larivierec
force-pushed
the
feature/support-tls-grpc-routes
branch
from
4261eb2
to
d088b80
Compare
|
also, 1.0.0 of gateway-apis was just released, should probably consider adding v1 afterwards in a seperate PR. i was able to bump at least the CRDs to 1.0.0 without impact. |
larivierec
force-pushed
the
feature/support-tls-grpc-routes
branch
2 times, most recently
from
20694b4
to
5f0ee52
Compare
|
nice, thanks @larivierec , let me know when the PR is ready for review |
Oh, yeah @networkop you can go ahead. |
larivierec
force-pushed
the
feature/support-tls-grpc-routes
branch
from
5f0ee52
to
a538b2c
Compare
|
sorry @larivierec , been a bit busy. will try to review this week |
|
No rush :) |
larivierec
changed the title
README.md
Outdated
|
|
||
| ### Steps | ||
|
|
||
| 1. In `Tiltfile.single`, ensure that you have commented out the `docker` portion and uncommented the `nerdctl` portion. |
There was a problem hiding this comment.
So I understand the only purpose Tiltfile.single is for lima VM development? Why do you need to uncomment something then? Is there another purpose for this tiltfile?
There was a problem hiding this comment.
You have a good point actually.
Since the .single is already aimed towards Lima I could simply remove the docker commands and use nerdctl directly.
I'll do that yeah
There was a problem hiding this comment.
perfect. so there's one file for linux and one file for mac
There was a problem hiding this comment.
can you just update the readme and maybe rename the file to something reflecting that it's for mac or nerdctl.
otherwise single is a bit confusing.
There was a problem hiding this comment.
done, i opted for Tiltfile.nerdctl finally, it made more sense because nerdctl any os and the tiltfile isn't restricted to M powered macs
There was a problem hiding this comment.
hey @larivierec , thanks for the massive PR and apologies for the delay in reviewing.
I've left a few comments, let me know what you think
|
i'll have another review for Gateway APIs v1.0.0 update after this one gets merged. |
|
@larivierec so apart from tiltfile updates this PR is good to be merged. |
|
Awesome, do you want me to rename the file to something else maybe? Tiltfile.mac |
|
yep. Tiltfile.mac sounds good. |
Ok for the tiltfile. I'll go ahead and make the changes and squash everything nicely. |
- use nerdctl and cilium for integration tests
- update tiltfile dependencies
- update Golang dependencies
- seperate into 2 stacks
- update CRDs for Gateway-API to 1.0.0 GA
- update helm chart values for updates
- add unit tests for TLSRoute, GRPCRoute
- keep same kind registry as default (for makefile)
- update README.md - 0.8.1+ minimum for CRDs + dev notes
- fix variable GOATCH to GOARCH in both Tiltiles
- add nerdctl tiltfile when we are using containerd
Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>
larivierec
force-pushed
the
feature/support-tls-grpc-routes
branch
from
9d82ef9
to
2a53d47
Compare
|
everything should be good, let me know if I need to do something else. |
|
awesome 🎉 |
would close #237