Great stuff @Jesse_Simpson , thank you!
Regarding 6168: While a mixed TLS/non-TLS setup would cause similar issues it is not what we do and why I brought the issue up. My point is different, I’ll try to elaborate.
What the helm chart currently does, if you let it create the gateways:
- It creates an “https Gateway” with section name “https”, protocol HTTPS, port 443 listening to
my.domain - It creates a “grpcs Gateway” with section name “grcps”, protocol HTTPS, port 443 listening to
my-grpc.domain(this is an https listener as well, just like the one from #1) - It creates HTTPRoutes with section name “https” and GRPCRoutes with section name “grpcs”
With a shared gateway:
- I need to listen to
*.domainto cover all environments (which might not be known beforehad). Listening to*-grpc.domainis not possible. - I cannot create two sections “https” and “grpcs” with the very same parameters: protocol HTTPS, port 443 listening to
*.domain - -> I need to run the GRPCRoute on the “https” section/listener. That is why we patch it.
Maybe introduce a .Values.global.gateway.listener or .Values.global.gateway.sectionName setting next to .Values.global.gateway.controllerNamespace? Or name the section “https” (or “http” depending on the TLS setting) in the GRPC Gateway created by the chart?