Skip to content

API: TLS API for dynamic resolver Backend#5794

Merged
zhaohuabing merged 3 commits intoenvoyproxy:mainfrom
zhaohuabing:dynamic-resolver-tls-api
Apr 23, 2025
Merged

API: TLS API for dynamic resolver Backend#5794
zhaohuabing merged 3 commits intoenvoyproxy:mainfrom
zhaohuabing:dynamic-resolver-tls-api

Conversation

@zhaohuabing
Copy link
Copy Markdown
Member

@zhaohuabing zhaohuabing commented Apr 23, 2025
edited
Loading

This PR introduces the TLS configuration API for the DynamicResolver Backend type.

We are not using the gateway API BackendTLSPolicy to configure TLS for DynamicResolver, because it requires a fixed hostname, which isn't compatible with the dynamic nature of these backends.

Release note: the release note will be added in the implementation PR.

CEL validation for API will be added in the implementation PR.

@zhaohuabing
TLS API for dynamic resolver Backend
56b51e3 
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing requested a review from a team as a code owner April 23, 2025 02:01
arkodg
arkodg reviewed Apr 23, 2025
View reviewed changes
api/v1alpha1/backend_types.go
}

// BackendTLSSettings holds the TLS settings for the backend.
// Only used for DynamicResolver backends.
Copy link
Copy Markdown
Contributor

@arkodg arkodg Apr 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// +kubebuilder:validation:XValidation:message="must not contain both CACertificateRefs and WellKnownCACertificates",rule="!(has(self.caCertificateRefs) && size(self.caCertificateRefs) > 0 && has(self.wellKnownCACertificates) && self.wellKnownCACertificates != "")"
// +kubebuilder:validation:XValidation:message="must specify either CACertificateRefs or WellKnownCACertificates",rule="(has(self.caCertificateRefs) && size(self.caCertificateRefs) > 0 || has(self.wellKnownCACertificates) && self.wellKnownCACertificates != "")"

@arkodg arkodg added this to the v1.4.0-rc.1 milestone Apr 23, 2025
@arkodg
Copy link
Copy Markdown
Contributor

arkodg commented Apr 23, 2025

minor comment around CEL, else LGTM, thanks for adding this !

@arkodg arkodg requested review from a team April 23, 2025 02:06
@zhaohuabing
fix gen
f78f2d5 
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
@zhaohuabing
Copy link
Copy Markdown
Member Author

zhaohuabing commented Apr 23, 2025

minor comment around CEL, else LGTM, thanks for adding this !

I plan to add CEL and CEL tests in the implementation PR to focus this one on the API itself :-)

@zhaohuabing zhaohuabing requested a review from arkodg April 23, 2025 02:09
arkodg
arkodg previously approved these changes Apr 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg requested review from a team April 23, 2025 02:12
@zhaohuabing
hide
ba96375 
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing requested a review from arkodg April 23, 2025 02:12
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 23, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.32%. Comparing base (096cb8d) to head (ba96375).
Report is 28 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5794      +/-   ##
==========================================
+ Coverage   65.19%   65.32%   +0.12%     
==========================================
  Files         214      216       +2     
  Lines       34321    34691     +370     
==========================================
+ Hits        22377    22662     +285     
- Misses      10591    10641      +50     
- Partials     1353     1388      +35

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@zhaohuabing zhaohuabing requested review from a team April 23, 2025 02:25
@zhaohuabing zhaohuabing merged commit 1eaac08 into envoyproxy:main Apr 23, 2025
26 of 27 checks passed
@zhaohuabing zhaohuabing deleted the dynamic-resolver-tls-api branch April 23, 2025 02:38
@zhaohuabing zhaohuabing mentioned this pull request Apr 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zirain zirain zirain approved these changes

@arkodg arkodg arkodg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.4.0-rc.1

Development

Successfully merging this pull request may close these issues.

3 participants

@zhaohuabing @arkodg @zirain