Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify Conformance Expectations for Gateway Ports and Listeners #1842

Closed
robscott opened this issue Mar 17, 2023 · 9 comments
Closed

Clarify Conformance Expectations for Gateway Ports and Listeners #1842

robscott opened this issue Mar 17, 2023 · 9 comments
Labels
area/conformance help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-blocker MUST be completed to complete the milestone
Milestone
v1.0.0

Comments

@robscott
Copy link
Member

What would you like to be added:
As described in #1827 (comment), it would be helpful to describe what we expect from implementations in terms of supported combinations of ports, protocols, and listeners. It seems like the minimum bar is that L7 implementations can handle one HTTP listener on 80 and one HTTPS listener on 443.

What is less clear is what happens beyond that:

  1. Is support for additional ports considered "Extended" conformance?
  2. Is support for multiple listeners on the same port considered "Extended" as well?
  3. What about non-standard combinations like "HTTPS" on 80 or "HTTP" on 443?

Why this is needed:
There's some variation among implementations in terms of what's supported today, it would be good to ensure expectations are clearly stated for conformance.
@robscott robscott added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 17, 2023
@robscott robscott mentioned this issue Mar 17, 2023
Merged
@shaneutt shaneutt added this to the v0.7.0 milestone Mar 20, 2023
@shaneutt
Copy link
Member

/help

@k8s-ci-robot
Copy link
Contributor

@shaneutt:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Mar 20, 2023
@dprotaso
Copy link
Contributor

Is support for additional ports considered "Extended" conformance?

It would be nice if this was "Core" and didn't require unique manual configuration of each implementation to support.

Is support for multiple listeners on the same port considered "Extended" as well?

A use case here is how easy it is to manage multiple certificates on a gateway. Adding multiple listeners with the same port but different certificateRefs could be a valid option.

An alternative that scales better in K8s clusters would be #1713

What about non-standard combinations like "HTTPS" on 80 or "HTTP" on 443?

Is there a list of standard combinations?

This was referenced Mar 20, 2023
Closed
Merged
Closed
@dprotaso
Copy link
Contributor

dprotaso commented Mar 21, 2023
edited
Loading

I created a PR (#1859) that includes a conformance tests for dynamic listener ports

@dprotaso dprotaso mentioned this issue Mar 22, 2023
Closed
@dprotaso
Copy link
Contributor

Is support for multiple listeners on the same port considered "Extended" as well?

Note: the TLS examples on the website here show multiple listeners using the same port
https://gateway-api.sigs.k8s.io/guides/tls/#wildcard-tls-listeners

@youngnick
Copy link
Contributor

This is one we can't decide from first principles, we need to review implementations and see what can be done first, so that we can build a baseline.

It's definitely been my expectation that the tuple that controls "distinct listener" includes, at least: Protocol, Port, TLS details, and name if present. So sharing a Port and Protocol is okay if the TLS details are distinct. I don't know if this is the common view however.

@dprotaso dprotaso mentioned this issue Apr 4, 2023
Merged
@robscott
Copy link
Member Author

robscott commented Apr 4, 2023

sharing a Port and Protocol is okay if the TLS details are distinct. I don't know if this is the common view however.

@youngnick To clarify, are you including "Hostname" in the general category of "TLS Details"? So far we've said that the combination of "Hostname", "Protocol", and "Port" must be unique for each listener. I think that would cover your use case if I'm understanding it correctly.

@shaneutt shaneutt modified the milestones: v0.7.0, v0.7.1 Apr 6, 2023
@shaneutt shaneutt added kind/documentation Categorizes issue or PR as related to documentation. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels May 18, 2023
@shaneutt shaneutt modified the milestones: v0.7.1, v1.0.0 May 18, 2023
@shaneutt shaneutt added the release-blocker MUST be completed to complete the milestone label May 18, 2023
@dprotaso dprotaso mentioned this issue May 25, 2023
Merged
@dprotaso
Copy link
Contributor

FYI with #2065 merging we now have

gateway-api/apis/v1beta1/gateway_types.go

Lines 72 to 79 in 7c7c0b3

// Each listener in a Gateway must have a unique combination of Hostname,
// Port, and Protocol. Below combinations are considered Core and MUST be
// supported:
//
// 1. Port: 80, Protocol: HTTP
// 2. Port: 443, Protocol: HTTPS
//
// Port and protocol combinations not in this list are considered Extended.

@robscott
Copy link
Member Author

I think we can close this now that #2065 has merged. Feel free to reopen if I missed anything.

@candita candita mentioned this issue Aug 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/conformance help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-blocker MUST be completed to complete the milestone
Projects
No open projects
Gateway API: The Road to GA
Status: Done
Milestone
v1.0.0
Development

No branches or pull requests
5 participants
@dprotaso @robscott @shaneutt @youngnick @k8s-ci-robot