Bump Gateway API to v0.7.1

[sunjayBhatia]

To ensure compatibility with upcoming release

Fixes: #5336
Fixes: #5414

[sunjayBhatia]

Will update dependency tag/PR title as new rc/GA versions become available, looks like rc2 is coming soon

[sunjayBhatia]

rc2 image not out yet

[codecov]

Codecov Report

Merging #5353 (ccd11ce) into main (5fc91fa) will not change coverage.
The diff coverage is 66.66%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5353   +/-   ##
=======================================
  Coverage   78.18%   78.18%           
=======================================
  Files         138      138           
  Lines       18496    18496           
=======================================
  Hits        14462    14462           
  Misses       3757     3757           
  Partials      277      277           

Impacted Files	Coverage Δ
internal/gatewayapi/helpers.go	87.94% <0.00%> (ø)
internal/dag/gatewayapi_processor.go	94.34% <100.00%> (ø)

[sunjayBhatia]

Re-running to see if the TLSRoute test failure was a flake

Otherwise, we have the ObservedGeneration bump test failing and more redirect tests failing

• TestGatewayConformance/GatewayObservedGenerationBump
  • Fails because the test adds a second HTTP Listener to the Gateway and expects Programmed=True: https://github.com/kubernetes-sigs/gateway-api/blob/v0.7.0-rc2/conformance/tests/gateway-observed-generation-bump.go#L67-L74
• TestGatewayConformance/HTTPRouteRedirectPortAndScheme
  • http-listener-on-8080/0_request_to_'/scheme-nil-and-port-nil'_should_receive_a_302 fails expecting port 8080 to be returned (since it does not specify a port redirect and envoy strips the original request port)
  • http-listener-on-80 tests all pass
  • https-listener-on-443 all the tests fail w/ status 421 since they are not setting a proper host, as-is the requested server name is example but the authority ends up actually just being the Gateway IP
    • once the tests are fixed, we also need to change this line to * rather than *. to cover the new case Gateway API has introduced, no hostnames on the GW or Route mean the SNI match is on *:

      contour/internal/envoy/v3/listener.go

      Line 696 in 020d782

      if strings.HasPrefix(fqdn, "*.") {

[2023-05-18 21:42:12.536][31][debug][conn_handler] [source/extensions/listener_managers/listener_manager/active_tcp_listener.cc:155] [C22] new connection from 172.18.0.1:48360
[2023-05-18 21:42:12.536][25][debug][filter] [source/extensions/filters/listener/tls_inspector/tls_inspector.cc:117] tls:onServerName(), requestedServerName: example
[2023-05-18 21:42:12.536][25][debug][conn_handler] [source/extensions/listener_managers/listener_manager/active_tcp_listener.cc:155] [C23] new connection from 172.18.0.1:48334
[2023-05-18 21:42:12.536][25][debug][filter] [source/extensions/filters/listener/tls_inspector/tls_inspector.cc:117] tls:onServerName(), requestedServerName: example
[2023-05-18 21:42:12.536][25][debug][conn_handler] [source/extensions/listener_managers/listener_manager/active_tcp_listener.cc:155] [C24] new connection from 172.18.0.1:48368
[2023-05-18 21:42:12.539][19][debug][filter] [source/extensions/filters/listener/tls_inspector/tls_inspector.cc:117] tls:onServerName(), requestedServerName: example
[2023-05-18 21:42:12.539][19][debug][conn_handler] [source/extensions/listener_managers/listener_manager/active_tcp_listener.cc:155] [C25] new connection from 172.18.0.1:48330
[2023-05-18 21:42:12.541][31][debug][http] [source/common/http/conn_manager_impl.cc:349] [C22] new stream
[2023-05-18 21:42:12.541][31][debug][http] [source/common/http/conn_manager_impl.cc:1039] [C22][S13650922495304120506] request headers complete (end_stream=true):
':authority', '172.18.255.202'
':path', '/scheme-nil-and-port-443'
':method', 'GET'
'user-agent', 'Go-http-client/1.1'
'x-echo-set-header', ''
'accept-encoding', 'gzip'

• TestGatewayConformance/TLSRouteSimpleSameNamespace looks like a flake

[sunjayBhatia]

made some updates to the comment above, will have a PR to fix GW API tests coming shortly

Issue: kubernetes-sigs/gateway-api#2038

PR: kubernetes-sigs/gateway-api#2039

[sunjayBhatia]

will undo changes here once we have another tagged patch release

[sunjayBhatia]

New failing test: TestConformance/HTTPRouteHostnameIntersection/HTTPRoutes_that_do_intersect_with_listener_hostnames/1_request_to_'very.specific.com:1234/s1'_should_go_to_infra-backend-v1

fails with error

http.go:222: Response expectation failed for request: {URL: {Scheme:http Opaque: User: Host:172.18.255.205 Path:/s1 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragment: RawFragment:}, Host: very.specific.com:1234, Protocol: HTTP, Method: GET, Headers: map[X-Echo-Set-Header:[]], UnfollowRedirect: false, Server: , CertPem: <truncated>, KeyPem: <truncated>} not ready yet: expected host to be very.specific.com:1234, got very.specific.com (after 1µs)

another instance of port stripping.

[sunjayBhatia]

Another failing test, looks like it was added after my review, see: https://github.com/kubernetes-sigs/gateway-api/pull/1984/files#r1200873543

We implement method matching using the :method pseudoheader, so if you have only a method in one route match and only a single header in another, I believe whichever one comes first in the list will currently "win"

We'll need to add some explicit logic to get this right regardless of match order once the spec is updated with a precedence order

[sunjayBhatia]

rebased on #5390 to get the fixes from there

[sunjayBhatia]

looks like the webhook image isn't out yet for 0.7.1

[sunjayBhatia]

Might have to undo #3458 to get TestGatewayConformance/HTTPRouteHostnameIntersection passing again as the tests expect the port from the Host header is passed upstream and right now we're stripping it

The test passes if we undo the strip host port configuration and add back the virtualhost domain match for hostname + ":*"

The reason we added this in the first place is you can't match on *.foo.com:* so wildcard hostname + "ignoring" port isn't allowed in Envoy: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-virtualhost-domains

[sunjayBhatia]

Filed kubernetes-sigs/gateway-api#2091

[sunjayBhatia]

rebased on #5437

[sunjayBhatia]

Conformance is all passing, just got to fix whatever is up with e2e tests from #5437

[skriss]

🚀 thanks for all the work on this one @sunjayBhatia!

[skriss]

I've confirmed that this test will pass with #5160, will update that PR to remove it from the skipped tests

[skriss]

This PR still needs its own changelog file