chore: improve HTTPRoute status errors#5747
Conversation
28a1b84 to
1dd25b5
Compare
18a6b48 to
4267457
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5747 +/- ##
==========================================
- Coverage 65.19% 65.15% -0.05%
==========================================
Files 214 217 +3
Lines 34321 34865 +544
==========================================
+ Hits 22377 22717 +340
- Misses 10591 10753 +162
- Partials 1353 1395 +42 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
07edb2a to
536d226
Compare
...gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml
Outdated
Show resolved
Hide resolved
536d226 to
32c8846
Compare
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
cd532e8 to
f37c41c
Compare
internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml
Show resolved
Hide resolved
| mergeSlashes: true | ||
| port: 10080 | ||
| routes: | ||
| - directResponse: |
There was a problem hiding this comment.
This change is actually irrelevant to the status: I found that httproute-with-multiple-gateways-from-different-ns.in.yaml is invalid, missing the backend, so I added it.
The purpose of this test is to verify we have the right namespace for the parent Gateway in the route status, not 500 direct response, so it should have valid backends in it.
see: #4592
|
@zhaohuabing can we try to make sure only the status messages are updated in the test file and not the reasons or conditions, we'll need to revisit the entire status spec again if changes are made In that area |
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
| message: 'Failed to process route rule 0 backendRef 0: no ca found in configmap | ||
| no-ca-cmap.' | ||
| reason: InvalidBackendTLS | ||
| status: "False" |
There was a problem hiding this comment.
We should set ResolvedResf to false here, since according to the Gateway API, "ResolvedRefs which is set to true when all references to other resources have been successfully resolved."
Surfacing the TLS-related failures to Route status will help users - it gives them a single place to understand why a Route isn't working, rather than having to dig through all the related resources.
Reference: https://gateway-api.sigs.k8s.io/geps/gep-1364/#all-conditions-positive
| secret for client auth: envoy-gateway-system/client-auth-not-found specified | ||
| in EnvoyProxy envoy-gateway-system/test.' | ||
| reason: InvalidBackendTLS | ||
| status: "False" |
| - lastTransitionTime: null | ||
| message: 'backend Service validation failed: TCP Port 8081 not found on Service | ||
| default/service-1' | ||
| message: TCP Port 8081 not found on Service default/service-1 |
There was a problem hiding this comment.
I plan to handle this in a follow-up PR, and use the same message format as HTTPRoute.
...testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml
Outdated
Show resolved
Hide resolved
| message: Resolved all the Object references for the Route | ||
| reason: ResolvedRefs | ||
| status: "True" | ||
| type: ResolvedRefs |
There was a problem hiding this comment.
The behavior follows the existing logic: Even though the Accepted condition is false, the ResolveRefs can be true if all the Backends are successfully resolved.
Existing tests:
| Secret is not located in the same namespace as Envoyproxy. Secret namespace: | ||
| envoy-gateway-user-ns does not match Envoyproxy namespace: envoy-gateway-system.' | ||
| reason: InvalidBackendTLS | ||
| status: "False" |
| type: Accepted | ||
| - lastTransitionTime: null | ||
| message: Mixed endpointslice address type between backendRefs is not supported | ||
| reason: ResolvedRefs |
| type: Accepted | ||
| - lastTransitionTime: null | ||
| message: mixed endpointslice address type for the same backendRef is not supported | ||
| reason: ResolvedRefs |
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
| type: Accepted | ||
| - lastTransitionTime: null | ||
| message: Mixed endpointslice address type between backendRefs is not supported | ||
| reason: ResolvedRefs |
| reason: UnsupportedValue | ||
| status: "False" | ||
| type: Accepted | ||
| - lastTransitionTime: null |
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
@arkodg I’ve reverted the standard status reasons back to their original values. A few non-standard ones have been updated to better reflect the specific errors — but if you prefer keeping the older ones for consistency, I’m happy to revert those as well. |
| name: policy-btls/envoy-gateway-ca | ||
| sni: example.com | ||
| weight: 1 | ||
| directResponse: |
There was a problem hiding this comment.
Fixes tests inputs in the Gateway API translator tests. Some tests were missing services and endpointSlices resources, which led to 500 errors in the output files. This PR adds the missing services and endpointSlices to ensure the expected behavior.
| type: Accepted | ||
| - lastTransitionTime: null | ||
| message: Service envoy-gateway/service-1 not found | ||
| reason: BackendNotFound |
There was a problem hiding this comment.
There was a problem hiding this comment.
looks like you are intentionally cleaning up / fixing these tests ? are these tests for the happy path or error path ?
There was a problem hiding this comment.
Yes, I fixed these tests, which are missing services and endpoints in their inputs.
Fixes tests inputs in the Gateway API translator tests. Some tests were missing services and endpointSlices resources, which led to 500 errors in the output files. This PR adds the missing services and endpointSlices to ensure the expected behavior.
| mergeSlashes: true | ||
| port: 10080 | ||
| routes: | ||
| - directResponse: |
There was a problem hiding this comment.
why did these get removed ?
There was a problem hiding this comment.
Fixes tests inputs in the Gateway API translator tests. Some tests were missing services and endpointSlices resources, which led to 500 errors in the output files. This PR adds the missing services and endpointSlices to ensure the expected behavior.
This PR includes the following improvements:
processHTTPRouteParentRefs) rather than updating status throughout the code. This simplifies the HTTPRoute translation logic and allows us to aggregate all errors into a single status message for better clarity. This is not totally done yet, will clean them up in a follow-up PR after handling TCP/TLS/UDP route statuses.To keep the scope managed and make this easier to review, this PR only modifies the HTTPRoute. If this makes sense, I'll raise a follow-up PR to also clean up the status for other routes.