Engnode 569#3996
Conversation
|
@codex review |
|
Codex Review: Didn't find any major issues. Keep them coming! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review please |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 482e1e6469
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
janekbaraniewski
left a comment
janekbaraniewski
left a comment
There was a problem hiding this comment.
2 nit comments, other than that lgtm
Pin ReferenceGrant, TLSRoute, and BackendTLSPolicy syncing to the v1 Gateway API versions instead of negotiating older served versions against the host. Hosts whose Gateway API CRDs do not serve v1 fail fast at startup with an actionable error. Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
- route controllers watch virtual ReferenceGrants regardless of
sync.toHost.gatewayApi.referenceGrants.enabled; with the flag "false"
the CRD was never installed and the watch failed forever, silently
blocking all HTTPRoute/TLSRoute sync
- extract EnsureReferenceGrantCRD and call it from the HTTPRoute and
TLSRoute mappers, keeping "false" semantics: grants never sync to the
host and virtual grants stay authoritative for cross-namespace refs
- add gatewayapi-grants-disabled e2e suite plus a unit test asserting
route mappers ensure the grant CRD when grant sync is disabled
Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
|
@codex review |
|
Codex Review: Didn't find any major issues. Keep them coming! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation and see the Github Action logs for details |
* feat: use latest gateway api versions only
Pin ReferenceGrant, TLSRoute, and BackendTLSPolicy syncing to the v1
Gateway API versions instead of negotiating older served versions
against the host. Hosts whose Gateway API CRDs do not serve v1 fail
fast at startup with an actionable error.
Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
* fix: install tenant referencegrant crd whenever route sync is enabled
- route controllers watch virtual ReferenceGrants regardless of
sync.toHost.gatewayApi.referenceGrants.enabled; with the flag "false"
the CRD was never installed and the watch failed forever, silently
blocking all HTTPRoute/TLSRoute sync
- extract EnsureReferenceGrantCRD and call it from the HTTPRoute and
TLSRoute mappers, keeping "false" semantics: grants never sync to the
host and virtual grants stay authoritative for cross-namespace refs
- add gatewayapi-grants-disabled e2e suite plus a unit test asserting
route mappers ensure the grant CRD when grant sync is disabled
Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
---------
Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
(cherry picked from commit 2a1c7db)
#3996 pinned ReferenceGrant/TLSRoute/BackendTLSPolicy syncing to the v1 Gateway API versions but left the v1alpha2/v1alpha3/v1beta1 packages (vendored in fe771bb) without an importer. go mod vendor prunes them, so the lint vendor-sync check fails on every new PR against main. Regenerate vendor/ to remove the 29 orphaned files.
4 participants
What issue type does this pull request address? (keep at least one, remove the others)
/kind bugfix
What does this pull request do? Which issues does it resolve? (use
resolves #<issue_number>if possible)resolves #ENGNODE-569
resolves #ENGNODE-566
resolves #ENGNODE-577
Please provide a short message that should be published in the vcluster release notes
Sync Gateway API resources using only the latest
v1versions: ReferenceGrant (wasv1beta1), TLSRoute (wasv1alpha2), and BackendTLSPolicy (wasv1alpha3).install tenant referencegrant crd whenever route sync is enabled
What else do we need to know?
E2E Tests
Default Test Execution
The mandatory PR suite runs automatically. Only specify additional test suites below if needed.
Adding New Test Suites
When adding a new ginkgo test suite:
Additional test suites
Additional test suite(s) that will be executed before the mandatory PR suite: