Call MarkTLSNotEnabled for private cluster-local service

[nak3]

Proposed Changes

#7163 propagates the status from KCert to Route when autoTLS is
enabled, but it introduced an issue.

When serving.knative.dev/visibility: cluster-local is configured,
KCert is not created and Route's cert status is not updated (=becomes
Unknwon status.)

To fix it, this patch calls MarkTLSNotEnabled when the service is
cluster-local.

/lint

Release Note

NONE

[knative-prow-robot]

@nak3: 0 warnings.

In response to this:

Proposed Changes

#7163 propagates the status from KCert to Route when autoTLS is
enabled, but it introduced an issue.

When serving.knative.dev/visibility: cluster-local is configured,
KCert is not created and Route's cert status is not updated (=becomes
Unknwon status.)

To fix it, this patch calls MarkTLSNotEnabled when the service is
cluster-local.

/lint

Release Note

NONE

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[nak3]

/test pull-knative-serving-https

I hope this fixes broken https test grid https://testgrid.knative.dev/serving#https

[nak3]

/retest

Only TestServiceWithTrafficSplit failed. It works on my local so it might be a flake.

[nak3]

/cc @tcnghia @ZhiminXiang @markusthoemmes

[knative-test-reporter-robot]

The following jobs failed:

Test name	Triggers	Retries
pull-knative-serving-integration-tests	pull-knative-serving-integration-tests pull-knative-serving-integration-tests pull-knative-serving-integration-tests	3/3

Automatically retrying due to test flakiness...
/test pull-knative-serving-integration-tests

[ZhiminXiang]

@nak3 I think we may want to differentiate the below two cases and have different messages in Route status:

1. auto TLS is not enabled
2. auto TLS is enabled, but does not apply for cluster-local Route

WDYT?

[nak3]

@ZhiminXiang Yes, that makes sense. We should have the different messages. Updated now.

/test pull-knative-serving-https

[knative-metrics-robot]

The following is the coverage report on the affected files.
Say /test pull-knative-serving-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/reconciler/route/route.go	84.6%	84.9%	0.3

[ZhiminXiang]

/lgtm
/approve
/hold

I think we may want to check in this PR after the release cut.

[markusthoemmes]

/unhold

release is cut.

[tcnghia]

/approve

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3, tcnghia, ZhiminXiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/apis/OWNERS [tcnghia]
• pkg/reconciler/route/OWNERS [ZhiminXiang,nak3,tcnghia]
• pkg/testing/OWNERS [ZhiminXiang,nak3,tcnghia]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment