From 82b0822d87b9687fb2d6036431ee16e60e603442 Mon Sep 17 00:00:00 2001 From: phuhung273 Date: Tue, 30 Sep 2025 15:11:19 +0700 Subject: [PATCH 1/2] conformance: TLSRoute simple Terminate mode --- ...lsroute-terminate-simple-same-namespace.go | 70 +++++++++++++++++++ ...route-terminate-simple-same-namespace.yaml | 37 ++++++++++ 2 files changed, 107 insertions(+) create mode 100644 conformance/tests/tlsroute-terminate-simple-same-namespace.go create mode 100644 conformance/tests/tlsroute-terminate-simple-same-namespace.yaml diff --git a/conformance/tests/tlsroute-terminate-simple-same-namespace.go b/conformance/tests/tlsroute-terminate-simple-same-namespace.go new file mode 100644 index 0000000000..9634fb6e8a --- /dev/null +++ b/conformance/tests/tlsroute-terminate-simple-same-namespace.go @@ -0,0 +1,70 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package tests + +import ( + "testing" + + "k8s.io/apimachinery/pkg/types" + + "sigs.k8s.io/gateway-api/conformance/utils/http" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + "sigs.k8s.io/gateway-api/conformance/utils/suite" + "sigs.k8s.io/gateway-api/conformance/utils/tls" + "sigs.k8s.io/gateway-api/pkg/features" +) + +func init() { + ConformanceTests = append(ConformanceTests, TLSRouteTerminateSimpleSameNamespace) +} + +var TLSRouteTerminateSimpleSameNamespace = suite.ConformanceTest{ + ShortName: "TLSRouteTerminateSimpleSameNamespace", + Description: "A single TLSRoute in the gateway-conformance-infra namespace attaches to a Gateway using Terminate mode in the same namespace", + Features: []features.FeatureName{ + features.SupportGateway, + features.SupportTLSRoute, + }, + Manifests: []string{"tests/tlsroute-terminate-simple-same-namespace.yaml"}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + ns := "gateway-conformance-infra" + routeNN := types.NamespacedName{Name: "gateway-conformance-infra-test", Namespace: ns} + gwNN := types.NamespacedName{Name: "gateway-tlsroute-terminate", Namespace: ns} + certNN := types.NamespacedName{Name: "tls-checks-certificate", Namespace: ns} + + kubernetes.NamespacesMustBeReady(t, suite.Client, suite.TimeoutConfig, []string{ns}) + + gwAddr, hostnames := kubernetes.GatewayAndTLSRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + if len(hostnames) != 1 { + t.Fatalf("unexpected error in test configuration, found %d hostnames", len(hostnames)) + } + serverStr := string(hostnames[0]) + + cPem, keyPem, err := GetTLSSecret(suite.Client, certNN) + if err != nil { + t.Fatalf("unexpected error finding TLS secret: %v", err) + } + t.Run("Simple TLS request matching TLSRoute should reach infra-backend", func(t *testing.T) { + tls.MakeTLSRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, cPem, keyPem, serverStr, + http.ExpectedResponse{ + Request: http.Request{Host: serverStr, Path: "/"}, + Backend: "infra-backend-v2", + Namespace: "gateway-conformance-infra", + }) + }) + }, +} diff --git a/conformance/tests/tlsroute-terminate-simple-same-namespace.yaml b/conformance/tests/tlsroute-terminate-simple-same-namespace.yaml new file mode 100644 index 0000000000..b1ec56341c --- /dev/null +++ b/conformance/tests/tlsroute-terminate-simple-same-namespace.yaml @@ -0,0 +1,37 @@ +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: TLSRoute +metadata: + name: gateway-conformance-infra-test + namespace: gateway-conformance-infra +spec: + parentRefs: + - name: gateway-tlsroute-terminate + namespace: gateway-conformance-infra + hostnames: + - abc.example.com + rules: + - backendRefs: + - name: infra-backend-v2 + port: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: gateway-tlsroute-terminate + namespace: gateway-conformance-infra +spec: + gatewayClassName: "{GATEWAY_CLASS_NAME}" + listeners: + - name: https + port: 443 + protocol: TLS + hostname: abc.example.com + allowedRoutes: + namespaces: + from: Same + kinds: + - kind: TLSRoute + tls: + mode: Terminate + certificateRefs: + - name: tls-checks-certificate From 2f66249a885d7017593ae6a2c46bcaa189db9670 Mon Sep 17 00:00:00 2001 From: phuhung273 Date: Tue, 30 Sep 2025 15:52:15 +0700 Subject: [PATCH 2/2] add feature --- ...lsroute-terminate-simple-same-namespace.go | 1 + conformance/utils/suite/profiles.go | 5 +++- pkg/features/features.go | 1 + pkg/features/tlsroute.go | 27 +++++++++++++++---- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/conformance/tests/tlsroute-terminate-simple-same-namespace.go b/conformance/tests/tlsroute-terminate-simple-same-namespace.go index 9634fb6e8a..0849c67ac1 100644 --- a/conformance/tests/tlsroute-terminate-simple-same-namespace.go +++ b/conformance/tests/tlsroute-terminate-simple-same-namespace.go @@ -38,6 +38,7 @@ var TLSRouteTerminateSimpleSameNamespace = suite.ConformanceTest{ Features: []features.FeatureName{ features.SupportGateway, features.SupportTLSRoute, + features.SupportTLSRouteModeTerminate, }, Manifests: []string{"tests/tlsroute-terminate-simple-same-namespace.yaml"}, Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { diff --git a/conformance/utils/suite/profiles.go b/conformance/utils/suite/profiles.go index 996fe346dd..f7e21f7f6c 100644 --- a/conformance/utils/suite/profiles.go +++ b/conformance/utils/suite/profiles.go @@ -93,7 +93,10 @@ var ( features.SupportReferenceGrant, features.SupportTLSRoute, ), - ExtendedFeatures: features.SetsToNamesSet(features.GatewayExtendedFeatures), + ExtendedFeatures: features.SetsToNamesSet( + features.GatewayExtendedFeatures, + features.TLSRouteExtendedFeatures, + ), } // GatewayGRPCConformanceProfile is a ConformanceProfile that covers testing GRPC diff --git a/pkg/features/features.go b/pkg/features/features.go index 1fbf43f0e6..52e58cc8c2 100644 --- a/pkg/features/features.go +++ b/pkg/features/features.go @@ -58,6 +58,7 @@ var ( Insert(HTTPRouteCoreFeatures.UnsortedList()...). Insert(HTTPRouteExtendedFeatures.UnsortedList()...). Insert(TLSRouteCoreFeatures.UnsortedList()...). + Insert(TLSRouteExtendedFeatures.UnsortedList()...). Insert(MeshCoreFeatures.UnsortedList()...). Insert(MeshExtendedFeatures.UnsortedList()...). Insert(GRPCRouteCoreFeatures.UnsortedList()...). diff --git a/pkg/features/tlsroute.go b/pkg/features/tlsroute.go index 90d68c3d34..b0dd499fba 100644 --- a/pkg/features/tlsroute.go +++ b/pkg/features/tlsroute.go @@ -25,16 +25,33 @@ import "k8s.io/apimachinery/pkg/util/sets" const ( // This option indicates support for TLSRoute SupportTLSRoute FeatureName = "TLSRoute" + + // This option indicates support for TLSRoute mode Terminate (extended conformance) + SupportTLSRouteModeTerminate FeatureName = "TLSRouteModeTerminate" ) -// TLSRouteFeature contains metadata for the TLSRoute feature. -var TLSRouteFeature = Feature{ - Name: SupportTLSRoute, - Channel: FeatureChannelExperimental, -} +var ( + // TLSRouteFeature contains metadata for the TLSRoute feature. + TLSRouteFeature = Feature{ + Name: SupportTLSRoute, + Channel: FeatureChannelExperimental, + } + // TLSRouteModeTerminate contains metadata for the TLSRouteModeTerminate feature. + TLSRouteModeTerminateFeature = Feature{ + Name: SupportTLSRouteModeTerminate, + Channel: FeatureChannelExperimental, + } +) // TLSCoreFeatures includes all the supported features for the TLSRoute API at // a Core level of support. var TLSRouteCoreFeatures = sets.New( TLSRouteFeature, ) + +// TLSRouteExtendedFeatures includes all extended features for TLSRoute +// conformance and can be used to opt-in to run all TLSRoute extended features tests. +// This does not include any Core Features. +var TLSRouteExtendedFeatures = sets.New( + TLSRouteModeTerminateFeature, +)