Skip to content

Commit

Permalink
[contour] Re-enable TLS testing (knative-extensions#686)
Browse files Browse the repository at this point in the history
We now always have a permanent TLS port open on the Gateway in order
to workaround a GKE LB instability that occurs when updates to
listeners happen

Discovered in projectcontour/contour#6350 (comment)
  • Loading branch information
dprotaso authored Apr 17, 2024
1 parent ff3ca57 commit 7724433
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/test-version.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ The following Gateway API version and Ingress were tested as part of the release
| Ingress | Tested version | Unavailable features |
| ------- | ----------------------- | ------------------------------ |
| Istio | v1.21.1 | retry,httpoption,update |
| Contour | v1.28.3 | httpoption,update,tls |
| Contour | v1.28.3 | httpoption,update |
2 changes: 1 addition & 1 deletion hack/test-env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ export GATEWAY_API_VERSION="v1.0.0"
export ISTIO_VERSION="1.21.1"
export ISTIO_UNSUPPORTED_E2E_TESTS="retry,httpoption,update"
export CONTOUR_VERSION="v1.28.3"
export CONTOUR_UNSUPPORTED_E2E_TESTS="httpoption,update,tls"
export CONTOUR_UNSUPPORTED_E2E_TESTS="httpoption,update"
12 changes: 12 additions & 0 deletions third_party/contour/gateway-external.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,15 @@ spec:
allowedRoutes:
namespaces:
from: All
# We've observed when adding and removing a listener on port 443 this
# causes the GKE LB to have downtime. By adding this tls listener
# we keep that LB port open.
- name: tls
port: 443
protocol: TLS
tls:
mode: Passthrough
allowedRoutes:
namespaces:
from: All

0 comments on commit 7724433

Please sign in to comment.