conformance: TLSRoute with Terminate mode

[phuhung273]

What type of PR is this?
/kind test
/area conformance-test

What this PR does / why we need it:
This PR introduces basic same namespace conformance tests for TLSRoute with Terminate mode

Contour test

$ go test -v ./conformance -run TestConformance/TLSRouteTerminateSimpleSameNamespace -args \
        --gateway-class=contour \
        --supported-features=Gateway,TLSRoute
=== RUN   TestConformance
    conformance.go:129: Running conformance tests with:
    conformance.go:147:   GatewayClass: contour
    conformance.go:148:   Cleanup Resources: true
    conformance.go:149:   Debug: false
    conformance.go:150:   Enable All Features: false
    conformance.go:151:   Supported Features: [Gateway TLSRoute]
    conformance.go:152:   ExemptFeatures: []
    conformance.go:153:   ConformanceProfiles: []
    suite.go:364: 2025-09-30T08:11:52.048872627Z: Test Setup: Ensuring GatewayClass has been accepted
    suite.go:370: 2025-09-30T08:11:52.051740056Z: Test Setup: Applying base manifests
    apply.go:275: 2025-09-30T08:11:52.056820449Z: Creating gateway-conformance-infra Namespace
    apply.go:275: 2025-09-30T08:11:52.078152902Z: Creating same-namespace Gateway
    apply.go:275: 2025-09-30T08:11:52.088340023Z: Creating same-namespace-with-https-listener Gateway
    apply.go:275: 2025-09-30T08:11:52.095007369Z: Creating all-namespaces Gateway
    apply.go:275: 2025-09-30T08:11:52.103135367Z: Creating backend-namespaces Gateway
    apply.go:275: 2025-09-30T08:11:52.109476941Z: Creating infra-backend-v1 Service
    apply.go:275: 2025-09-30T08:11:52.121574428Z: Creating infra-backend-v1 Deployment
    apply.go:275: 2025-09-30T08:11:52.129506583Z: Creating infra-backend-v2 Service
    apply.go:275: 2025-09-30T08:11:52.140964918Z: Creating infra-backend-v2 Deployment
    apply.go:275: 2025-09-30T08:11:52.155485043Z: Creating infra-backend-v3 Service
    apply.go:275: 2025-09-30T08:11:52.178414611Z: Creating infra-backend-v3 Deployment
    apply.go:275: 2025-09-30T08:11:52.198928484Z: Creating tls-backend Service
    apply.go:275: 2025-09-30T08:11:52.222659864Z: Creating tls-backend Deployment
    apply.go:275: 2025-09-30T08:11:52.237857963Z: Creating gateway-conformance-app-backend Namespace
    apply.go:275: 2025-09-30T08:11:52.254575366Z: Creating tls-backend Service
    apply.go:275: 2025-09-30T08:11:52.274262305Z: Creating tls-backend Deployment
    apply.go:275: 2025-09-30T08:11:52.283831811Z: Creating app-backend-v1 Service
    apply.go:275: 2025-09-30T08:11:52.303736279Z: Creating app-backend-v1 Deployment
    apply.go:275: 2025-09-30T08:11:52.315454954Z: Creating app-backend-v2 Service
    apply.go:275: 2025-09-30T08:11:52.334553566Z: Creating app-backend-v2 Deployment
    apply.go:275: 2025-09-30T08:11:52.345446915Z: Creating gateway-conformance-web-backend Namespace
    apply.go:275: 2025-09-30T08:11:52.363085037Z: Creating web-backend Service
    apply.go:275: 2025-09-30T08:11:52.377709662Z: Creating web-backend Deployment
    apply.go:275: 2025-09-30T08:11:52.387339453Z: Creating grpc-infra-backend-v1 Service
    apply.go:275: 2025-09-30T08:11:52.397904829Z: Creating grpc-infra-backend-v1 Deployment
    apply.go:275: 2025-09-30T08:11:52.405987021Z: Creating grpc-infra-backend-v2 Service
    apply.go:275: 2025-09-30T08:11:52.415631872Z: Creating grpc-infra-backend-v2 Deployment
    apply.go:275: 2025-09-30T08:11:52.422221247Z: Creating grpc-infra-backend-v3 Service
    apply.go:275: 2025-09-30T08:11:52.43593766Z: Creating grpc-infra-backend-v3 Deployment
    apply.go:275: 2025-09-30T08:11:52.444953236Z: Creating coredns Service
    apply.go:275: 2025-09-30T08:11:52.455280519Z: Creating coredns Deployment
    apply.go:275: 2025-09-30T08:11:52.469251843Z: Creating coredns ConfigMap
    suite.go:373: 2025-09-30T08:11:52.4736249Z: Test Setup: Applying programmatic resources
    apply.go:226: 2025-09-30T08:11:52.986906298Z: Creating certificate
    apply.go:226: 2025-09-30T08:11:53.580610251Z: Creating tls-validity-checks-certificate
    apply.go:226: 2025-09-30T08:11:53.688813603Z: Creating tls-passthrough-checks-certificate
    apply.go:226: 2025-09-30T08:11:54.076388083Z: Creating tls-passthrough-checks-certificate
    apply.go:226: 2025-09-30T08:11:54.53174724Z: Creating tls-checks-ca-certificate
    apply.go:226: 2025-09-30T08:11:54.690666305Z: Creating tls-checks-certificate
    apply.go:226: 2025-09-30T08:11:57.206052851Z: Creating mismatch-ca-certificate
    suite.go:391: 2025-09-30T08:11:57.301008484Z: Test Setup: Ensuring Gateways and Pods from base manifests are ready
    helpers.go:216: 2025-09-30T08:11:57.431622423Z: Gateway gateway-conformance-infra/all-namespaces expected observedGeneration to be updated to 1 for all conditions, only 1/2 were updated. stale conditions are: Programmed (generation 0)
    helpers.go:216: 2025-09-30T08:11:15.39120614Z: Gateway gateway-conformance-infra/all-namespaces expected observedGeneration to be updated to 1 for all conditions, only 1/2 were updated. stale conditions are: Programmed (generation 0)
    helpers.go:240: 2025-09-30T08:12:00.207736133Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:00.207835265Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:00.20784886Z: Pod gateway-conformance-infra/contour-all-namespaces-8966ff59-54k86 not ready yet
    helpers.go:240: 2025-09-30T08:12:01.156427139Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:01.1564767Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:01.156486225Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:02.161385108Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:02.161488739Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:02.161503713Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:03.159342432Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:03.15938721Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:03.159395978Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:04.159906949Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:04.159959787Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:04.159969503Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:05.159295888Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:05.159350375Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:05.159359883Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:06.158401406Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:06.158470693Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:06.158481897Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:07.15936774Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:07.159451337Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:07.159461019Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:240: 2025-09-30T08:12:08.157992903Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:08.158047402Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:08.158060262Z: Pod gateway-conformance-infra/envoy-all-namespaces-5shc6 not ready yet
    helpers.go:248: 2025-09-30T08:12:09.168564582Z: Gateways and Pods in gateway-conformance-infra, gateway-conformance-app-backend, gateway-conformance-web-backend namespaces ready
=== RUN   TestConformance/TLSRouteTerminateSimpleSameNamespace
    conformance.go:70: 2025-09-30T08:12:09.170681456Z: Applying tests/tlsroute-terminate-simple-same-namespace.yaml
    apply.go:275: 2025-09-30T08:12:09.1792438Z: Creating gateway-conformance-infra-test TLSRoute
    apply.go:275: 2025-09-30T08:12:09.190948993Z: Creating gateway-tlsroute-terminate Gateway
    conformance.go:75: 2025-09-30T08:12:09.196549189Z: Running TLSRouteTerminateSimpleSameNamespace, relying on the following features: Gateway-standard, TLSRoute-experimental
    helpers.go:216: 2025-09-30T08:12:09.200228311Z: Gateway gateway-conformance-infra/gateway-tlsroute-terminate expected observedGeneration to be updated to 1 for all conditions, only 0/2 were updated. stale conditions are: Accepted (generation 0), Programmed (generation 0)
    helpers.go:216: 2025-09-30T08:12:10.239406379Z: Gateway gateway-conformance-infra/gateway-tlsroute-terminate expected observedGeneration to be updated to 1 for all conditions, only 1/2 were updated. stale conditions are: Programmed (generation 0)
    helpers.go:240: 2025-09-30T08:12:11.20680715Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:11.206883527Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:11.206961803Z: Pod gateway-conformance-infra/contour-gateway-tlsroute-terminate-846cc868bd-22kdh not ready yet
    helpers.go:240: 2025-09-30T08:12:12.248032574Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:12.248120022Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:12.248129099Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:13.205918136Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:13.205975056Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:13.205984538Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:14.256804932Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:14.256857602Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:14.256866593Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:15.20731436Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:15.207397576Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:15.207409558Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:16.257488314Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:16.257540761Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:16.257549734Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:17.206445618Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:17.206506821Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:17.206516594Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:240: 2025-09-30T08:12:18.263918756Z: Ready condition set to False, expected True
    helpers.go:240: 2025-09-30T08:12:18.26399753Z: Ready was not in conditions list
    helpers.go:243: 2025-09-30T08:12:18.264007732Z: Pod gateway-conformance-infra/envoy-gateway-tlsroute-terminate-9b7tn not ready yet
    helpers.go:248: 2025-09-30T08:12:19.207163526Z: Gateways and Pods in gateway-conformance-infra namespaces ready
    helpers.go:661: 2025-09-30T08:12:19.213533379Z: Conditions matched expectations
    helpers.go:661: 2025-09-30T08:12:19.213594792Z: Route gateway-conformance-infra/gateway-conformance-infra-test Parents matched expectations
=== RUN   TestConformance/TLSRouteTerminateSimpleSameNamespace/Simple_TLS_request_matching_TLSRoute_should_reach_infra-backend
    tlsroute-terminate-simple-same-namespace.go:62: 2025-09-30T08:12:19.216755079Z: Making GET request to host abc.example.com via https://172.18.0.8/
    tls.go:65: 2025-09-30T08:12:19.229007144Z: Request passed
=== NAME  TestConformance/TLSRouteTerminateSimpleSameNamespace
    apply.go:283: 2025-09-30T08:12:19.229233969Z: Deleting gateway-tlsroute-terminate Gateway
    apply.go:283: 2025-09-30T08:12:19.237252039Z: Deleting gateway-conformance-infra-test TLSRoute
=== NAME  TestConformance
    apply.go:239: 2025-09-30T08:12:19.248621905Z: Deleting mismatch-ca-certificate
    apply.go:239: 2025-09-30T08:12:19.266314948Z: Deleting tls-checks-certificate
    apply.go:239: 2025-09-30T08:12:19.281470548Z: Deleting tls-checks-ca-certificate
    apply.go:239: 2025-09-30T08:12:19.290502102Z: Deleting tls-passthrough-checks-certificate
    apply.go:239: 2025-09-30T08:12:19.300054844Z: Deleting tls-passthrough-checks-certificate
    apply.go:239: 2025-09-30T08:12:19.308821699Z: Deleting tls-validity-checks-certificate
    apply.go:239: 2025-09-30T08:12:19.322864314Z: Deleting certificate
    apply.go:283: 2025-09-30T08:12:19.353156252Z: Deleting coredns ConfigMap
    apply.go:283: 2025-09-30T08:12:19.372607158Z: Deleting coredns Deployment
    apply.go:283: 2025-09-30T08:12:19.390805591Z: Deleting coredns Service
    apply.go:283: 2025-09-30T08:12:19.432307061Z: Deleting grpc-infra-backend-v3 Deployment
    apply.go:283: 2025-09-30T08:12:19.459084082Z: Deleting grpc-infra-backend-v3 Service
    apply.go:283: 2025-09-30T08:12:19.521751016Z: Deleting grpc-infra-backend-v2 Deployment
    apply.go:283: 2025-09-30T08:12:19.536002136Z: Deleting grpc-infra-backend-v2 Service
    apply.go:283: 2025-09-30T08:12:19.603174005Z: Deleting grpc-infra-backend-v1 Deployment
    apply.go:283: 2025-09-30T08:12:19.632449722Z: Deleting grpc-infra-backend-v1 Service
    apply.go:283: 2025-09-30T08:12:19.688532219Z: Deleting web-backend Deployment
    apply.go:283: 2025-09-30T08:12:19.709622653Z: Deleting web-backend Service
    apply.go:283: 2025-09-30T08:12:19.764992114Z: Deleting gateway-conformance-web-backend Namespace
    apply.go:283: 2025-09-30T08:12:19.801698513Z: Deleting app-backend-v2 Deployment
    apply.go:283: 2025-09-30T08:12:19.81923787Z: Deleting app-backend-v2 Service
    apply.go:283: 2025-09-30T08:12:19.859596465Z: Deleting app-backend-v1 Deployment
    apply.go:283: 2025-09-30T08:12:19.870958577Z: Deleting app-backend-v1 Service
    apply.go:283: 2025-09-30T08:12:19.906017356Z: Deleting tls-backend Deployment
    apply.go:283: 2025-09-30T08:12:19.915395624Z: Deleting tls-backend Service
    apply.go:283: 2025-09-30T08:12:19.942809718Z: Deleting gateway-conformance-app-backend Namespace
    apply.go:283: 2025-09-30T08:12:19.948881649Z: Deleting tls-backend Deployment
    apply.go:283: 2025-09-30T08:12:19.956192731Z: Deleting tls-backend Service
    apply.go:283: 2025-09-30T08:12:19.985083767Z: Deleting infra-backend-v3 Deployment
    apply.go:283: 2025-09-30T08:12:19.99987096Z: Deleting infra-backend-v3 Service
    apply.go:283: 2025-09-30T08:12:20.014925625Z: Deleting infra-backend-v2 Deployment
    apply.go:283: 2025-09-30T08:12:20.019739303Z: Deleting infra-backend-v2 Service
    apply.go:283: 2025-09-30T08:12:20.063289329Z: Deleting infra-backend-v1 Deployment
    apply.go:283: 2025-09-30T08:12:20.069829919Z: Deleting infra-backend-v1 Service
    apply.go:283: 2025-09-30T08:12:20.116193941Z: Deleting backend-namespaces Gateway
    apply.go:283: 2025-09-30T08:12:20.145190176Z: Deleting all-namespaces Gateway
    apply.go:283: 2025-09-30T08:12:20.199085937Z: Deleting same-namespace-with-https-listener Gateway
    apply.go:283: 2025-09-30T08:12:20.235801743Z: Deleting same-namespace Gateway
    apply.go:283: 2025-09-30T08:12:20.267017648Z: Deleting gateway-conformance-infra Namespace
--- PASS: TestConformance (27.48s)
    --- PASS: TestConformance/TLSRouteTerminateSimpleSameNamespace (10.08s)
        --- PASS: TestConformance/TLSRouteTerminateSimpleSameNamespace/Simple_TLS_request_matching_TLSRoute_should_reach_infra-backend (0.01s)
PASS
ok      sigs.k8s.io/gateway-api/conformance     27.502s

Which issue(s) this PR fixes:
Relates #3466

Does this PR introduce a user-facing change?:

NONE

[k8s-ci-robot]

Welcome @phuhung273!

It looks like this is your first PR to kubernetes-sigs/gateway-api 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gateway-api has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @phuhung273. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mikemorris]

/ok-to-test

I'm not quite sure if this is specified explicitly (I don't see it mentioned in https://gateway-api.sigs.k8s.io/reference/spec/#listenertlsconfig or https://gateway-api.sigs.k8s.io/geps/gep-2907), but is mode: Terminate with TLSRoute a core conformance expectation now, or extended conformance and thus should have a new, specific feature flag like features.SupportTLSRouteModeTerminate?

[phuhung273]

is mode: Terminate with TLSRoute a core conformance expectation now, or extended ?

Thanks for taking a look @mikemorris. I'm not sure about that, but can see we have a current features.SupportTLSRoute

gateway-api/conformance/tests/tlsroute-simple-same-namespace.go

Line 45 in 530c1ee

features.SupportTLSRoute,

[youngnick]

Yeah, this absolutely should have a new feature name, so that implementations can support as they are ready to.

[youngnick]

@phuhung273, thanks for getting us started!

Also, while it's valid to use HTTP as the inner protocol, we should also end up testing bare TCP functions as well.

[phuhung273]

Also, while it's valid to use HTTP as the inner protocol, we should also end up testing bare TCP functions as well.

Thank you also for taking a look @youngnick. Absolutely i will try this (although having no idea what youre saying currently 😅)

Right now Im just trying to complete a simple case. This one seems useful https://github.com/projectcontour/contour/blob/main/internal/featuretests/v3/tlsroute_test.go, im trying to replicate the same.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: phuhung273
Once this PR has been reviewed and has the lgtm label, please assign danwinship for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[phuhung273]

Verified with Contour, please see PR description for test output. Also added features.SupportTLSRouteModeTerminate as discussed. Let me know what you think @mikemorris @youngnick. Thank you so much.

[rikatz]

So, just clarifying: per our TLS Guide we have the following supports and cases:

• TLS = Passthrough + TLSRoute = Passthrough
• TLS = Terminate + TLSRoute = Not supported (and you should be achieving this with HTTPRoute?)
• TLS = Passthrough + TCPRoute = Not supported (you need to do it with PT + TLSRoute)
• TLS = Terminate + TCPRoute = TLS offload (supported)
• TLS = Terminate + HTTP/GRPCRoutes = supported

I am wondering why we are considering a TLS = Terminate + TLSRoute here? Is this just an alternative to TLS = Terminate + TCPRoute?

I think in this case it may be a bit misleading on which route I want / should use, if 2 do the same job.

Also, we are explicitly saying on the TLSRoute GEP that we don't support TLSRoute termination (https://github.com/kubernetes-sigs/gateway-api/pull/4064/files#diff-7e6544694a096dc122ce2ef4d38e4a47bfe14b72d5ae3603af9c17f6ccf23339R33) so if we can first agree on the GEP on if we should or not, then move to Conformance I would appreciate for my own sanity 😅

Thanks!

[phuhung273]

Ok can see this table in the guide

Thanks @rikatz for the update. I will wait for GEP-2643 to finalize.

But currently we don't have any conformance for TCPRoute in Terminate mode. So I can add one rite ?

[mikemorris]

@rikatz TLSRoute support for attaching to Gateway listeners with mode: Terminate was added in #3458. More detail on the use cases for this combination can be found in #2111 and #3458 (comment).

It sounds like we may need to resolve some inconsistent documentation as mentioned in #1474?

[rikatz]

thanks Mike. I have missed those, or maybe and inconsistently left them behind. Will take a look on them, but I am wondering if it would be good/proper that we have all of this mapped on the GEP before moving with more conformance that may not reflect the final state of the GEP

[mikemorris]

wondering if it would be good/proper that we have all of this mapped on the GEP before moving with more conformance that may not reflect the final state of the GEP

We've been somewhat inconsistent about this, but we generally haven't enforced substantial retroactive edits to older GEPs, instead allowing newer GEPs to supercede and prioritizing conformance tests and docs reflecting the current state while allowing older GEPs to stay as historical documents.

[rikatz]

yeah but in this case we don't have a TLSRoute GEP at all, and my plan is to have some covering all of the features/conformance that are already in place for TLSRoute

[rikatz]

Updated the GEP proposal to add TLSRoute termination: 23c275e

[candita]

If it's not covered in that summary table, and we have no GEP mentioning it, then we can't just change the docs and call it done. We can add it to the TLSRoute GEP as a new area, but it then needs to be reviewed and debated. Right now I don't see the use case for TLSRoute termination.

[mikemorris]

TLSRoute support for listeners with mode: Terminate already went through review previously and was added in #3458 as an update to GEP-2907, @rikatz latest updates are just ensuring for completeness this functionality is also covered within the complete TLSRoute GEP.