-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gateway-api: Race condition between routes and Gateway #25573
Conversation
Commit 6d958fc44bc78fee2fe108c9214953f99e96b866 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
6d958fc
to
029dbb9
Compare
Commit 6d958fc44bc78fee2fe108c9214953f99e96b866 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
029dbb9
to
13ed109
Compare
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/83/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
/test-runtime |
/test-1.26-net-next Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/130/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
Re-run as the report is not accessible. |
hitting the flake #25605, all other CI are ✔️ , required review is in. Marking this ready to merge. |
@sayboras needs rebase |
13ed109
to
912e619
Compare
There was a race condition between http/tls routes and the underlying Gateway resource. Basically, if the HTTP or TLS Route resource is created before Gateway resource, its status will be updated with the value `gateway not found`. However, the reconciliation for HTTP or TLS routes is not triggered even after mentioned Gateway is created. The issue is due to an unnecessary predicate on GenerationChangedPredicate, which only checks for changes in spec. This commit is to remove GenerationChangedPredicate predicate in HTTP and TLS routes. Status for gateway not found ```json { "lastTransitionTime": "2023-05-22T05:24:01Z", "message": "Gateway.gateway.networking.k8s.io \"gateway-tlsroute\" not found", "observedGeneration": 1, "reason": "InvalidTLSRoute", "status": "False", "type": "Accepted" } ``` Testing was done before and after the changes with below step: - Create one TLSRoute with a non-existent Gateway. This TLSRoute status should say `gateway not found` - Create mentioned Gateway Resource with a valid GatewayClass - Verify the TLSRoute status, which should be updated to Accepted. Fixes: cilium#25487 Signed-off-by: Tam Mach <tam.mach@cilium.io>
912e619
to
4cbd87c
Compare
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/179/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
Hit another flake #25524, marking this ready to merge after rebase. |
/test-1.26-net-next |
This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
[ upstream commit 30d3a6f ] This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
There was a race condition between http/tls routes and the underlying Gateway resource. Basically, if the HTTP or TLS Route resource is created before Gateway resource, its status will be updated with the value
gateway not found
. However, the reconciliation for HTTP or TLS routes is not triggered even after mentioned Gateway is created. The issue is due to an unnecessary predicate on GenerationChangedPredicate, which only checks for changes in spec.This commit is to remove GenerationChangedPredicate predicate in HTTP and TLS routes.
Status for gateway not found
Testing was done before and after the changes with below step:
gateway not found
Fixes: #25487