Skip to content

Commit cfec09f

Browse files
howardjohnhowardjohn
authored
gateway-api: update redirects to match spec (istio#44817)
* gateway-api: update redirects to match spec Needs https://github.com/kubernetes-sigs/gateway-api/pull/1880/files * bump gw * bump
1 parent 2488d98 commit cfec09f

File tree

5 files changed

+94
-46
lines changed

5 files changed

+94
-46
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ require (
102102
k8s.io/kubectl v0.27.1
103103
k8s.io/utils v0.0.0-20230505201702-9f6742963106
104104
sigs.k8s.io/controller-runtime v0.15.0-alpha.0
105-
sigs.k8s.io/gateway-api v0.7.0-rc1
105+
sigs.k8s.io/gateway-api v0.7.0-rc2
106106
sigs.k8s.io/mcs-api v0.1.0
107107
sigs.k8s.io/yaml v1.3.0
108108
)

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1480,8 +1480,8 @@ sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gE
14801480
sigs.k8s.io/controller-runtime v0.15.0-alpha.0 h1:ukmgReObs7FEUNBcn2NLxn/DiEQ8g1yC8YvpX0HGiyE=
14811481
sigs.k8s.io/controller-runtime v0.15.0-alpha.0/go.mod h1:icJQ1mtZAutJ9iOzS2V2VJQCBVV2ir+xahBeTHCCZGs=
14821482
sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI=
1483-
sigs.k8s.io/gateway-api v0.7.0-rc1 h1:dVUmLp5W4QBv9diU99ULf9n5v/incEmdVU98rkSa+7Y=
1484-
sigs.k8s.io/gateway-api v0.7.0-rc1/go.mod h1:Xv0+ZMxX0lu1nSSDIIPEfbVztgNZ+3cfiYrJsa2Ooso=
1483+
sigs.k8s.io/gateway-api v0.7.0-rc2 h1:LuxgWmjyRItkFB2/RAMRCzQW1Sfz7JPuiaRt1buUeOA=
1484+
sigs.k8s.io/gateway-api v0.7.0-rc2/go.mod h1:Xv0+ZMxX0lu1nSSDIIPEfbVztgNZ+3cfiYrJsa2Ooso=
14851485
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
14861486
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
14871487
sigs.k8s.io/kind v0.8.1/go.mod h1:oNKTxUVPYkV9lWzY6CVMNluVq8cBsyq+UgPJdvA3uu4=

pilot/pkg/config/kube/gateway/conversion.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1022,7 +1022,11 @@ func createRedirectFilter(filter *k8s.HTTPRequestRedirectFilter) *istio.HTTPRedi
10221022
} else {
10231023
// "When empty, port (if specified) of the request is used."
10241024
// this differs from Istio default
1025-
resp.RedirectPort = &istio.HTTPRedirect_DerivePort{DerivePort: istio.HTTPRedirect_FROM_REQUEST_PORT}
1025+
if filter.Scheme != nil {
1026+
resp.RedirectPort = &istio.HTTPRedirect_DerivePort{DerivePort: istio.HTTPRedirect_FROM_PROTOCOL_DEFAULT}
1027+
} else {
1028+
resp.RedirectPort = &istio.HTTPRedirect_DerivePort{DerivePort: istio.HTTPRedirect_FROM_REQUEST_PORT}
1029+
}
10261030
}
10271031
if filter.Path != nil {
10281032
switch filter.Path.Type {

tests/integration/pilot/gateway_conformance_test.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,7 @@ var conformanceNamespaces = []string{
4949
}
5050

5151
var skippedTests = map[string]string{
52-
"HTTPRouteRedirectPath": "spec is wrong, pending https://github.com/kubernetes-sigs/gateway-api/pull/1880",
53-
"HTTPRouteRedirectHostAndStatus": "spec is wrong, pending https://github.com/kubernetes-sigs/gateway-api/pull/1880",
54-
"MeshFrontendHostname": "https://github.com/istio/istio/issues/44702",
52+
"MeshFrontendHostname": "https://github.com/istio/istio/issues/44702",
5553
}
5654

5755
func TestGatewayConformance(t *testing.T) {

tests/integration/pilot/testdata/gateway-api-crd.yaml

Lines changed: 85 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
# Generated with `kubectl kustomize "https://github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v0.7.0-rc1"`
1+
# Generated with `kubectl kustomize "https://github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v0.7.0-rc2"`
22
apiVersion: apiextensions.k8s.io/v1
33
kind: CustomResourceDefinition
44
metadata:
55
annotations:
66
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
7-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
7+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
88
gateway.networking.k8s.io/channel: experimental
99
creationTimestamp: null
1010
name: gatewayclasses.gateway.networking.k8s.io
@@ -436,7 +436,7 @@ kind: CustomResourceDefinition
436436
metadata:
437437
annotations:
438438
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
439-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
439+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
440440
gateway.networking.k8s.io/channel: experimental
441441
creationTimestamp: null
442442
name: gateways.gateway.networking.k8s.io
@@ -1872,7 +1872,7 @@ kind: CustomResourceDefinition
18721872
metadata:
18731873
annotations:
18741874
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
1875-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
1875+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
18761876
gateway.networking.k8s.io/channel: experimental
18771877
creationTimestamp: null
18781878
name: grpcroutes.gateway.networking.k8s.io
@@ -3370,7 +3370,7 @@ kind: CustomResourceDefinition
33703370
metadata:
33713371
annotations:
33723372
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
3373-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
3373+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
33743374
gateway.networking.k8s.io/channel: experimental
33753375
creationTimestamp: null
33763376
name: httproutes.gateway.networking.k8s.io
@@ -3947,8 +3947,17 @@ spec:
39473947
port:
39483948
description: "Port is the port to be used in
39493949
the value of the `Location` header in the
3950-
response. \n When empty, the Gateway Listener
3951-
port is used. \n Implementations SHOULD NOT
3950+
response. \n If no port is specified, the
3951+
redirect port MUST be derived using the following
3952+
rules: \n * If redirect scheme is not-empty,
3953+
the redirect port MUST be the well-known port
3954+
associated with the redirect scheme. Specifically
3955+
\"http\" to port 80 and \"https\" to port
3956+
443. If the redirect scheme does not have
3957+
a well-known port, the listener port of the
3958+
Gateway SHOULD be used. * If redirect scheme
3959+
is empty, the redirect port MUST be the Gateway
3960+
Listener port. \n Implementations SHOULD NOT
39523961
add the port number in the 'Location' header
39533962
in the following cases: \n * A Location header
39543963
that will use HTTP (whether that is determined
@@ -3965,8 +3974,11 @@ spec:
39653974
description: "Scheme is the scheme to be used
39663975
in the value of the `Location` header in the
39673976
response. When empty, the scheme of the request
3968-
is used. \n Note that values may be added
3969-
to this enum, implementations must ensure
3977+
is used. \n Scheme redirects can affect the
3978+
port of the redirect, for more information,
3979+
refer to the documentation for the port field
3980+
of this filter. \n Note that values may be
3981+
added to this enum, implementations must ensure
39703982
that unknown values will not cause a crash.
39713983
\n Unknown values here must result in the
39723984
implementation setting the Accepted Condition
@@ -4588,16 +4600,24 @@ spec:
45884600
type: object
45894601
port:
45904602
description: "Port is the port to be used in the value
4591-
of the `Location` header in the response. \n When
4592-
empty, the Gateway Listener port is used. \n Implementations
4593-
SHOULD NOT add the port number in the 'Location'
4594-
header in the following cases: \n * A Location header
4595-
that will use HTTP (whether that is determined via
4596-
the Listener protocol or the Scheme field) _and_
4597-
use port 80. * A Location header that will use HTTPS
4598-
(whether that is determined via the Listener protocol
4599-
or the Scheme field) _and_ use port 443. \n Support:
4600-
Extended"
4603+
of the `Location` header in the response. \n If
4604+
no port is specified, the redirect port MUST be
4605+
derived using the following rules: \n * If redirect
4606+
scheme is not-empty, the redirect port MUST be the
4607+
well-known port associated with the redirect scheme.
4608+
Specifically \"http\" to port 80 and \"https\" to
4609+
port 443. If the redirect scheme does not have a
4610+
well-known port, the listener port of the Gateway
4611+
SHOULD be used. * If redirect scheme is empty, the
4612+
redirect port MUST be the Gateway Listener port.
4613+
\n Implementations SHOULD NOT add the port number
4614+
in the 'Location' header in the following cases:
4615+
\n * A Location header that will use HTTP (whether
4616+
that is determined via the Listener protocol or
4617+
the Scheme field) _and_ use port 80. * A Location
4618+
header that will use HTTPS (whether that is determined
4619+
via the Listener protocol or the Scheme field) _and_
4620+
use port 443. \n Support: Extended"
46014621
format: int32
46024622
maximum: 65535
46034623
minimum: 1
@@ -4606,7 +4626,10 @@ spec:
46064626
description: "Scheme is the scheme to be used in the
46074627
value of the `Location` header in the response.
46084628
When empty, the scheme of the request is used. \n
4609-
Note that values may be added to this enum, implementations
4629+
Scheme redirects can affect the port of the redirect,
4630+
for more information, refer to the documentation
4631+
for the port field of this filter. \n Note that
4632+
values may be added to this enum, implementations
46104633
must ensure that unknown values will not cause a
46114634
crash. \n Unknown values here must result in the
46124635
implementation setting the Accepted Condition for
@@ -5842,8 +5865,17 @@ spec:
58425865
port:
58435866
description: "Port is the port to be used in
58445867
the value of the `Location` header in the
5845-
response. \n When empty, the Gateway Listener
5846-
port is used. \n Implementations SHOULD NOT
5868+
response. \n If no port is specified, the
5869+
redirect port MUST be derived using the following
5870+
rules: \n * If redirect scheme is not-empty,
5871+
the redirect port MUST be the well-known port
5872+
associated with the redirect scheme. Specifically
5873+
\"http\" to port 80 and \"https\" to port
5874+
443. If the redirect scheme does not have
5875+
a well-known port, the listener port of the
5876+
Gateway SHOULD be used. * If redirect scheme
5877+
is empty, the redirect port MUST be the Gateway
5878+
Listener port. \n Implementations SHOULD NOT
58475879
add the port number in the 'Location' header
58485880
in the following cases: \n * A Location header
58495881
that will use HTTP (whether that is determined
@@ -5860,8 +5892,11 @@ spec:
58605892
description: "Scheme is the scheme to be used
58615893
in the value of the `Location` header in the
58625894
response. When empty, the scheme of the request
5863-
is used. \n Note that values may be added
5864-
to this enum, implementations must ensure
5895+
is used. \n Scheme redirects can affect the
5896+
port of the redirect, for more information,
5897+
refer to the documentation for the port field
5898+
of this filter. \n Note that values may be
5899+
added to this enum, implementations must ensure
58655900
that unknown values will not cause a crash.
58665901
\n Unknown values here must result in the
58675902
implementation setting the Accepted Condition
@@ -6483,16 +6518,24 @@ spec:
64836518
type: object
64846519
port:
64856520
description: "Port is the port to be used in the value
6486-
of the `Location` header in the response. \n When
6487-
empty, the Gateway Listener port is used. \n Implementations
6488-
SHOULD NOT add the port number in the 'Location'
6489-
header in the following cases: \n * A Location header
6490-
that will use HTTP (whether that is determined via
6491-
the Listener protocol or the Scheme field) _and_
6492-
use port 80. * A Location header that will use HTTPS
6493-
(whether that is determined via the Listener protocol
6494-
or the Scheme field) _and_ use port 443. \n Support:
6495-
Extended"
6521+
of the `Location` header in the response. \n If
6522+
no port is specified, the redirect port MUST be
6523+
derived using the following rules: \n * If redirect
6524+
scheme is not-empty, the redirect port MUST be the
6525+
well-known port associated with the redirect scheme.
6526+
Specifically \"http\" to port 80 and \"https\" to
6527+
port 443. If the redirect scheme does not have a
6528+
well-known port, the listener port of the Gateway
6529+
SHOULD be used. * If redirect scheme is empty, the
6530+
redirect port MUST be the Gateway Listener port.
6531+
\n Implementations SHOULD NOT add the port number
6532+
in the 'Location' header in the following cases:
6533+
\n * A Location header that will use HTTP (whether
6534+
that is determined via the Listener protocol or
6535+
the Scheme field) _and_ use port 80. * A Location
6536+
header that will use HTTPS (whether that is determined
6537+
via the Listener protocol or the Scheme field) _and_
6538+
use port 443. \n Support: Extended"
64966539
format: int32
64976540
maximum: 65535
64986541
minimum: 1
@@ -6501,7 +6544,10 @@ spec:
65016544
description: "Scheme is the scheme to be used in the
65026545
value of the `Location` header in the response.
65036546
When empty, the scheme of the request is used. \n
6504-
Note that values may be added to this enum, implementations
6547+
Scheme redirects can affect the port of the redirect,
6548+
for more information, refer to the documentation
6549+
for the port field of this filter. \n Note that
6550+
values may be added to this enum, implementations
65056551
must ensure that unknown values will not cause a
65066552
crash. \n Unknown values here must result in the
65076553
implementation setting the Accepted Condition for
@@ -7190,7 +7236,7 @@ kind: CustomResourceDefinition
71907236
metadata:
71917237
annotations:
71927238
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
7193-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
7239+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
71947240
gateway.networking.k8s.io/channel: experimental
71957241
creationTimestamp: null
71967242
name: referencegrants.gateway.networking.k8s.io
@@ -7469,7 +7515,7 @@ kind: CustomResourceDefinition
74697515
metadata:
74707516
annotations:
74717517
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
7472-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
7518+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
74737519
gateway.networking.k8s.io/channel: experimental
74747520
creationTimestamp: null
74757521
name: tcproutes.gateway.networking.k8s.io
@@ -7996,7 +8042,7 @@ kind: CustomResourceDefinition
79968042
metadata:
79978043
annotations:
79988044
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
7999-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
8045+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
80008046
gateway.networking.k8s.io/channel: experimental
80018047
creationTimestamp: null
80028048
name: tlsroutes.gateway.networking.k8s.io
@@ -8572,7 +8618,7 @@ kind: CustomResourceDefinition
85728618
metadata:
85738619
annotations:
85748620
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
8575-
gateway.networking.k8s.io/bundle-version: v0.7.0-rc1
8621+
gateway.networking.k8s.io/bundle-version: v0.7.0-rc2
85768622
gateway.networking.k8s.io/channel: experimental
85778623
creationTimestamp: null
85788624
name: udproutes.gateway.networking.k8s.io

0 commit comments

Comments
 (0)