Add support for HTTPOption

[ReToCode]

This PR introduces support for HTTPOption (introduced in knative/networking#415).

Changes

• 🎁 Add support for HTTPOption
• 🎁 Introduces a new configuration to specify the name of the http-listener for the gateways
• 🧹 Cleanup some redundancies in test code
• 🧹 Use new functions where deprecations were used

The implementation is based on the gateway-api example for redirects: https://github.com/kubernetes-sigs/gateway-api/blob/main/examples/standard/http-redirect.yaml. It was necessary to restructure some code, as two HTTPRoute objects need to be created, each referencing only a specific section in the gateway using sectionName. We should further discuss if we should use that approach also for the "normal" use-case (as we currently bind to all the sections in the gateway only differentiated by the hostname in the TLS case). Also The configuration key visibility seems now a bit off, maybe we can find a better name?

A full example of how the resources look like can be found here: https://gist.github.com/ReToCode/2e4d2b3223752c6f380348ef027c55b3

/kind cleanup
/kind enhancement

Fixes #130

[knative-prow]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[ReToCode]

/test all

[ReToCode]

/cc @nak3 , @dprotaso could you please look over this. I'm a bit unsure if this is the way to go.

[codecov]

Codecov Report

Attention: Patch coverage is 79.20000% with 26 lines in your changes missing coverage. Please review.

Project coverage is 79.02%. Comparing base (217f929) to head (5256377).
Report is 12 commits behind head on main.

Files	Patch %	Lines
pkg/reconciler/ingress/reconcile_resources.go	52.50%	15 Missing and 4 partials ⚠️
pkg/reconciler/ingress/resources/httproute.go	90.41%	3 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #437      +/-   ##
==========================================
- Coverage   79.12%   79.02%   -0.11%     
==========================================
  Files          17       17              
  Lines        1260     1373     +113     
==========================================
+ Hits          997     1085      +88     
- Misses        227      245      +18     
- Partials       36       43       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ReToCode]

Also not really sure about this change: 663d28b. Either unit tests complain about header mismatch (https://github.com/knative-sandbox/net-gateway-api/actions/runs/3949133837/jobs/6759963500#step:7:173) or golangci-lint complains about not preallocating the slice (https://github.com/knative-sandbox/net-gateway-api/actions/runs/3947688057/jobs/6756800214).

[ReToCode]

/retest

[ReToCode]

/test integration-tests-istio

[nak3]

Thank you so much, Reto!

It was necessary to restructure some code, as two HTTPRoute objects need to be created, each referencing only a specific section in the gateway using sectionName.

I wondered that upstream gateway-api can improve the two HTTPRoute objects for HTTPS redirection (I believe it is too redundant) and actually there are some on-going discussion:

• Add redirect loop protection to HTTPRequestRedirect kubernetes-sigs/gateway-api#1185
• Questions about HTTPRequestRedirectFilter kubernetes-sigs/gateway-api#1360

Once the upstream's latest example httproute-redirect-https.yaml (currently invalid!) work, we can simply implement this feature, can't we?

[ReToCode]

Interesting, haven't seen that. You are right about the verbosity, I agree there. But the discussion seems also unsure on how to resolve this. Seems like the current stable state is also the last discussed state (kubernetes-sigs/gateway-api#1185 (comment))?
Also I haven't found an issue that is related to the example you linked, so not sure if there is work going in that direction. But I'd be fine to hold this feature here until this is more clear.

[nak3]

Also I haven't found an issue that is related to the example you linked

Hmm... As far as I tested, it keeps redirecting to HTTPS as explained in kubernetes-sigs/gateway-api#1185 and never reached out to the backendRefs(example-svc). To solve it, it was necessary to create two HTTPRoutes.

Anyway, kubernetes-sigs/gateway-api#1185 was tagged to 0.7.0 milestone so maybe it is better to wait a little bit for the upstream.

[github-actions]

This Pull Request is stale because it has been open for 90 days with
no activity. It will automatically close after 30 more days of
inactivity. Reopen with /reopen. Mark as fresh by adding the
comment /remove-lifecycle stale.

[nak3]

/remove-lifecycle stale

[ReToCode]

As it does not look like upstream gw-api is going to change this behaviour soon (the issue was moved out of GA) and the current redirect behaviour is perceived as stable, let's give the current approach another go.

PTAL: @nak3 , @dprotaso

[ReToCode]

/retest

[ReToCode]

/assign @nak3
/assign @dprotaso

[skonto]

@ReToCode gentle ping when you are back.

[ReToCode]

@dprotaso @skonto rebased, PTAL.

[ReToCode]

/hold

[ReToCode]

HTTP-Option test does not yet work on envoy gateway because of envoyproxy/gateway#2149.

/unhold

[arkodg]

HTTP-Option test does not yet work on envoy gateway because of envoyproxy/gateway#2149.

/unhold

hey @ReToCode thanks for flagging this, the issue has been fixed, can we retry the test for Envoy Gateway ?

[ReToCode]

@arkodg looks great. Thanks for the fix and the ping 👍

[skonto]

Do we support that for internal encryption and Kourier? 🤔
What is the status for the rest of the ingress implementations?

[ReToCode]

yes Kourier supports it, net-istio does not need it and net-contour work was started but never finished.
But as this is quite niche and not in the conformance spec, I think we are fine without it here.

[skonto]

@dprotaso gentle ping, should we merge this?