From 33ebeed547ab9a8fbc2347f1bf256bf2ded1c143 Mon Sep 17 00:00:00 2001 From: dprotaso Date: Thu, 30 May 2024 12:41:25 -0400 Subject: [PATCH 1/6] recommend 503 status code for a service with no healthy endpoints --- apis/v1/httproute_types.go | 3 +++ .../gateway.networking.k8s.io_httproutes.yaml | 8 ++++++++ .../standard/gateway.networking.k8s.io_httproutes.yaml | 8 ++++++++ pkg/generated/openapi/zz_generated.openapi.go | 2 +- 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go index 736e80982a..7d7d498c28 100644 --- a/apis/v1/httproute_types.go +++ b/apis/v1/httproute_types.go @@ -263,6 +263,9 @@ type HTTPRouteRule struct { // invalid, 50 percent of traffic must receive a 500. Implementations may // choose how that 50 percent is determined. // + // When a HTTPBackendRef refers to a Service that has no ready endpoints, + // implementations MAY return a 503 for requests to that backend instead. + // // Support: Core for Kubernetes Service // // Support: Extended for Kubernetes ServiceImport diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml index 6ef743e1fe..b513ea78cd 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml @@ -462,6 +462,10 @@ spec: choose how that 50 percent is determined. + When a HTTPBackendRef refers to a Service that has no ready endpoints, + implementations MAY return a 503 for requests to that backend instead. + + Support: Core for Kubernetes Service @@ -3687,6 +3691,10 @@ spec: choose how that 50 percent is determined. + When a HTTPBackendRef refers to a Service that has no ready endpoints, + implementations MAY return a 503 for requests to that backend instead. + + Support: Core for Kubernetes Service diff --git a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml index e19d8c3bee..f285773351 100644 --- a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml @@ -433,6 +433,10 @@ spec: choose how that 50 percent is determined. + When a HTTPBackendRef refers to a Service that has no ready endpoints, + implementations MAY return a 503 for requests to that backend instead. + + Support: Core for Kubernetes Service @@ -3443,6 +3447,10 @@ spec: choose how that 50 percent is determined. + When a HTTPBackendRef refers to a Service that has no ready endpoints, + implementations MAY return a 503 for requests to that backend instead. + + Support: Core for Kubernetes Service diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index e9c9b17c18..aa50c112ba 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4687,7 +4687,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref common.ReferenceCall }, "backendRefs": { SchemaProps: spec.SchemaProps{ - Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations MAY return a 503 for requests to that backend instead.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ From 56805888e8ed4442a3e03de61641c3d7b6002380 Mon Sep 17 00:00:00 2001 From: dprotaso Date: Mon, 3 Jun 2024 14:14:54 -0400 Subject: [PATCH 2/6] MAY=>SHOULD --- apis/v1/httproute_types.go | 2 +- .../experimental/gateway.networking.k8s.io_httproutes.yaml | 4 ++-- config/crd/standard/gateway.networking.k8s.io_httproutes.yaml | 4 ++-- pkg/generated/openapi/zz_generated.openapi.go | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go index 7d7d498c28..ae23874c03 100644 --- a/apis/v1/httproute_types.go +++ b/apis/v1/httproute_types.go @@ -264,7 +264,7 @@ type HTTPRouteRule struct { // choose how that 50 percent is determined. // // When a HTTPBackendRef refers to a Service that has no ready endpoints, - // implementations MAY return a 503 for requests to that backend instead. + // implementations SHOULD return a 503 for requests to that backend instead. // // Support: Core for Kubernetes Service // diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml index b513ea78cd..e450fa55c6 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml @@ -463,7 +463,7 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, - implementations MAY return a 503 for requests to that backend instead. + implementations SHOULD return a 503 for requests to that backend instead. Support: Core for Kubernetes Service @@ -3692,7 +3692,7 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, - implementations MAY return a 503 for requests to that backend instead. + implementations SHOULD return a 503 for requests to that backend instead. Support: Core for Kubernetes Service diff --git a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml index f285773351..805920c8fb 100644 --- a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml @@ -434,7 +434,7 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, - implementations MAY return a 503 for requests to that backend instead. + implementations SHOULD return a 503 for requests to that backend instead. Support: Core for Kubernetes Service @@ -3448,7 +3448,7 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, - implementations MAY return a 503 for requests to that backend instead. + implementations SHOULD return a 503 for requests to that backend instead. Support: Core for Kubernetes Service diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index aa50c112ba..fd818eb72d 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4687,7 +4687,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref common.ReferenceCall }, "backendRefs": { SchemaProps: spec.SchemaProps{ - Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations MAY return a 503 for requests to that backend instead.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ From 4d34a66237d3736f4297cbbac00f295d27216d80 Mon Sep 17 00:00:00 2001 From: Dave Protasowski Date: Fri, 28 Jun 2024 11:10:22 -0400 Subject: [PATCH 3/6] Update apis/v1/httproute_types.go Co-authored-by: Nick Young --- apis/v1/httproute_types.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go index ae23874c03..90df385cf5 100644 --- a/apis/v1/httproute_types.go +++ b/apis/v1/httproute_types.go @@ -265,6 +265,8 @@ type HTTPRouteRule struct { // // When a HTTPBackendRef refers to a Service that has no ready endpoints, // implementations SHOULD return a 503 for requests to that backend instead. + // If and implementation chooses to do this, all of the above rules for 500 responses + // MUST also apply. // // Support: Core for Kubernetes Service // From d181c116bd8a629c688a7e75f742ddd58ec890e4 Mon Sep 17 00:00:00 2001 From: dprotaso Date: Fri, 28 Jun 2024 11:15:46 -0400 Subject: [PATCH 4/6] run codegen --- .../experimental/gateway.networking.k8s.io_httproutes.yaml | 4 ++++ config/crd/standard/gateway.networking.k8s.io_httproutes.yaml | 4 ++++ pkg/generated/openapi/zz_generated.openapi.go | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml index e450fa55c6..4a05f4d227 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml @@ -464,6 +464,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. + If and implementation chooses to do this, all of the above rules for 500 responses + MUST also apply. Support: Core for Kubernetes Service @@ -3693,6 +3695,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. + If and implementation chooses to do this, all of the above rules for 500 responses + MUST also apply. Support: Core for Kubernetes Service diff --git a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml index 805920c8fb..3163251a37 100644 --- a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml @@ -435,6 +435,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. + If and implementation chooses to do this, all of the above rules for 500 responses + MUST also apply. Support: Core for Kubernetes Service @@ -3449,6 +3451,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. + If and implementation chooses to do this, all of the above rules for 500 responses + MUST also apply. Support: Core for Kubernetes Service diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index fd818eb72d..52cf81cffb 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4687,7 +4687,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref common.ReferenceCall }, "backendRefs": { SchemaProps: spec.SchemaProps{ - Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. If and implementation chooses to do this, all of the above rules for 500 responses MUST also apply.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ From 7ca8889c594945eaea4a5e3c1244a3dcd90d523b Mon Sep 17 00:00:00 2001 From: Dave Protasowski Date: Tue, 2 Jul 2024 10:07:11 -0400 Subject: [PATCH 5/6] Update apis/v1/httproute_types.go Co-authored-by: Nick Young --- apis/v1/httproute_types.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go index 90df385cf5..fda3666e18 100644 --- a/apis/v1/httproute_types.go +++ b/apis/v1/httproute_types.go @@ -265,8 +265,8 @@ type HTTPRouteRule struct { // // When a HTTPBackendRef refers to a Service that has no ready endpoints, // implementations SHOULD return a 503 for requests to that backend instead. - // If and implementation chooses to do this, all of the above rules for 500 responses - // MUST also apply. + // If an implementation chooses to do this, all of the above rules for 500 responses + // MUST also apply for responses that return a 503. // // Support: Core for Kubernetes Service // From 839c3af2b4769ede4e1010a226f00328799ae3d2 Mon Sep 17 00:00:00 2001 From: Dave Protasowski Date: Tue, 2 Jul 2024 10:09:17 -0400 Subject: [PATCH 6/6] run codegen --- .../gateway.networking.k8s.io_httproutes.yaml | 8 ++++---- .../standard/gateway.networking.k8s.io_httproutes.yaml | 8 ++++---- pkg/generated/openapi/zz_generated.openapi.go | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml index 4a05f4d227..88609d2e72 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml @@ -464,8 +464,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. - If and implementation chooses to do this, all of the above rules for 500 responses - MUST also apply. + If an implementation chooses to do this, all of the above rules for 500 responses + MUST also apply for responses that return a 503. Support: Core for Kubernetes Service @@ -3695,8 +3695,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. - If and implementation chooses to do this, all of the above rules for 500 responses - MUST also apply. + If an implementation chooses to do this, all of the above rules for 500 responses + MUST also apply for responses that return a 503. Support: Core for Kubernetes Service diff --git a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml index 3163251a37..a81ffb06e8 100644 --- a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml @@ -435,8 +435,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. - If and implementation chooses to do this, all of the above rules for 500 responses - MUST also apply. + If an implementation chooses to do this, all of the above rules for 500 responses + MUST also apply for responses that return a 503. Support: Core for Kubernetes Service @@ -3451,8 +3451,8 @@ spec: When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. - If and implementation chooses to do this, all of the above rules for 500 responses - MUST also apply. + If an implementation chooses to do this, all of the above rules for 500 responses + MUST also apply for responses that return a 503. Support: Core for Kubernetes Service diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 52cf81cffb..9b36da0bb4 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4687,7 +4687,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref common.ReferenceCall }, "backendRefs": { SchemaProps: spec.SchemaProps{ - Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. If and implementation chooses to do this, all of the above rules for 500 responses MUST also apply.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + Description: "BackendRefs defines the backend(s) where matching requests should be sent.\n\nFailure behavior here depends on how many BackendRefs are specified and how many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. If an implementation chooses to do this, all of the above rules for 500 responses MUST also apply for responses that return a 503.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{