Clarifying TLS Spec on HTTPRoute, Moving to Extended Support #739
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -113,21 +113,26 @@ type HTTPRouteSpec struct { | |
|
|
||
| // TLS defines the TLS certificate to use for Hostnames defined in this | ||
| // Route. This configuration only takes effect if the AllowRouteOverride | ||
| // field is set to true in the associated Gateway Listener. | ||
| // | ||
| // Attaching a TLS certificate to HTTPRoutes provides a way for HTTPRoute | ||
| // owners to effectively populate certificates on Gateway Listeners. Note | ||
| // that only one certificate may be attached to a Gateway Listener for a | ||
| // specified hostname. It is not possible to use different certificates for | ||
|
Contributor
There was a problem hiding this comment. Only one secret can be attached to a listener, but we don't specify what is in that secret. You could have a whole pile of certificates if you want :) |
||
| // different HTTPRoutes for the same hostname on the same Gateway Listener. | ||
| // | ||
| // If multiple HTTPRoutes define a TLS certificate for the same hostname and | ||
| // are bound to the same Gateway Listener, precedence MUST be determined in | ||
|
Contributor
There was a problem hiding this comment. Are you are referring to the precedence of the certificate here? So in this case
|
||
| // order of the following criteria, continuing on ties: | ||
| // | ||
| // * The oldest Route based on creation timestamp. For example, a Route with | ||
| // a creation timestamp of "2021-07-28 01:02:03" is given precedence over | ||
| // a Route with a creation timestamp of "2021-07-28 01:02:04". | ||
|
Contributor
There was a problem hiding this comment. Shouldn't we apply latest timestamp win previous timestamp, which is similar to overwrite.
Contributor
There was a problem hiding this comment. https://gateway-api.sigs.k8s.io/concepts/guidelines/#conflicts Oldest-wins is least likely to break existing configurations. |
||
| // * The Route appearing first in alphabetical order by | ||
| // "<namespace>/<name>". For example, foo/bar is given precedence over | ||
| // foo/baz. | ||
| // | ||
| // Support: Extended | ||
| // | ||
| // +optional | ||
| TLS *RouteTLSConfig `json:"tls,omitempty"` | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to talk about how wildcards are handled?