Skip to content

gep: refine CACertificateRefs description for frontend TLS #4183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

gep: refine CACertificateRefs description for frontend TLS #4183

wants to merge 2 commits into from
+56 −21

Conversation

@snorwin
Copy link
Member

@snorwin snorwin commented Oct 17, 2025

What type of PR is this?

/kind gep

What this PR does / why we need it:
In the current version of GEP-91, the semantics of an invalid CACertificateRefs are not fully specified. In addition, it is unclear whether the InsecureFrontendValidationMode condition should ever be removed or set to False.

This PR clarifies the expected behavior by aligning the semantics of invalid references in frontend validation with the patterns already established in BackendTLSPolicy and the approach proposed in #4123 for backend TLS configuration on the Gateway.

Which issue(s) this PR fixes:

N/A

Does this PR introduce a user-facing change?:

NONE

@snorwin
gep: refine CACertificateRefs description for frontend TLS
37efe3a 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/gep PRs related to Gateway Enhancement Proposal(GEP) cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 17, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 17, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: snorwin
Once this PR has been reviewed and has the lgtm label, please assign shaneutt for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 17, 2025
@snorwin
Copy link
Member Author

snorwin commented Oct 17, 2025

/cc @kl52752 @rikatz

@snorwin
Copy link
Member Author

snorwin commented Oct 17, 2025

/retest

root30
root30 reviewed Oct 17, 2025
View reviewed changes
root30
root30 reviewed Oct 17, 2025
View reviewed changes
kl52752
kl52752 reviewed Oct 17, 2025
View reviewed changes
rikatz
rikatz reviewed Oct 20, 2025
View reviewed changes
@snorwin
apply PR feedback
6a188d6 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
snorwin
snorwin commented Oct 24, 2025
View reviewed changes
@snorwin snorwin requested a review from kl52752 October 24, 2025 08:16
@snorwin snorwin requested a review from rikatz October 31, 2025 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@candita candita Awaiting requested review from candita

@howardjohn howardjohn Awaiting requested review from howardjohn

@kl52752 kl52752 Awaiting requested review from kl52752

@shaneutt shaneutt Awaiting requested review from shaneutt

@youngnick youngnick Awaiting requested review from youngnick

@rikatz rikatz Awaiting requested review from rikatz

1 more reviewer

@root30 root30 root30 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/gep PRs related to Gateway Enhancement Proposal(GEP) release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@snorwin @k8s-ci-robot @root30 @rikatz @youngnick @kl52752