GEP-1713: ListenerSets - Standard Mechanism to Merge Gateway Listeners (rev 2) #3213
Conversation
k8s-ci-robot
added
kind/gep
|
Reading back over this, I think the main things outstanding are:
|
I'm strongly in favor of this, and the idea seems to be gaining some traction on the corresponding issue.
I would like to ensure that this has a well documented path forward to supporting all ports on a single Listener. That could either be a port range or an empty port. We don't have to start with either of those, I'd just like to have a documented plan for how we could get there.
I'm on the fence on this one, left a comment above. |
Could make sense to align with NetPol conventions on this (omitting an optional port field implies all), refs kubernetes-sigs/network-policy-api#247 (comment) |
|
I was thinking an empty port could be allow the implementation to pick a random port. Though I realize now we could also accomplish that by relaxing our constraints on I think use of port in netpol is fundamentally different than that of a listener - eg. firewall rules semantics (no port == all) vs listener semantics (0 port = wildcard) |
| } | ||
| // ListenerEntry embodies the concept of a logical endpoint where a Gateway accepts | ||
| // network connections. | ||
| type ListenerEntry struct { |
There was a problem hiding this comment.
I think that including L4 considerations at the very first stage of the design, before having the actual API in place is too much of a stretch. Getting rid of L4 routes in favor of including L4 routing information (i.e., backends) is a controversial one (for which I am on the fence honestly) and I don't think that should block this GEP which has been in the work for a long time and needs to be moved forward.
Putting here L4 will likely require a lot of discussion, partially off-topic with the broader goal of this GEP.
k8s-ci-robot
added
the
approved
|
So an observation I have regarding multiple For example we're talking about making Also reasoning about policy might be simpler because we can say this ListenerSet has this inherited policy from the Gateway. With multiple |
|
/hold given that |
dprotaso
force-pushed
the
gep-1713-rev-2
branch
from
20c04e8 to
0e635d9
Compare
|
Thanks @dprotaso! This looks good to move forward to the next phase of the v1.3 cycle. Of course we'll still need to do some refinement in the next phase, and should probably have some more discussion around the most recent changes (single ParentRef, optional port), so let's start that discussion very early to ensure we can get a final API merged in. /lgtm |
k8s-ci-robot
removed
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dprotaso, mlavacca, robscott The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
let me make the single parentRef changes to the GEP before merge |
k8s-ci-robot
added
the
do-not-merge/hold
k8s-ci-robot
removed
the
lgtm
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/lgtm |
k8s-ci-robot
added
the
lgtm
This replaces #1863
What type of PR is this?
/kind gep
What this PR does / why we need it:
Outlines a mechanism to merge Gateway Listeners
Which issue(s) this PR fixes:
Fixes #1713
Does this PR introduce a user-facing change?: