Revise GEP-1713: Update gateway status and conformance test details for ListenerSets

[davidjumani]

What type of PR is this?
Add one of the following kinds:
/kind documentation
/kind gep

Optionally add one or more of the following kinds if applicable:
/area conformance-test

What this PR does / why we need it:
This PR does the following :

• Adds the list of conformance tests to be added to ListenerSets (GEP-1713)
• Updates the status of the Gateway to include AttachedListeners that is the count of successful ListenerSet attachments to the gateway. Ref: slack theraad

The aim is to get consensus for the set of conformance tests required to validate this feature against implementations, and move towards promoting this to Standard

Does this PR introduce a user-facing change?:

Adds the `AttachedListeners` conditions to the Gateway status for the GEP and details for ListenerSets conformance tests

[davidjumani]

cc @rikatz @dprotaso

[robscott]

cc @rostislavbobo @mkosieradzki

[rikatz]

@davidjumani thanks, this is a great write of conformance. Do you think it makes sense to also add the expected conditions on each conformance item, and also the ancestorStatus expected, to make it clear to implementations what we will look for?

[davidjumani]

Do you think it makes sense to also add the expected conditions on each conformance item

I intentionally left them out right now in case there's any discussion to be had when the conformance tests are in review. Happy to add them now if that would clarify things and make reviewing the tests easier.

Added the expected status as well as added the AttachedListeners status that is the count of successful ListenerSet attachments to the gateway. Ref: slack theraad

[rikatz]

should this accepted here be false?

[davidjumani]

Based on the GEP

	// This can be the reason when "Accepted" is "True" or "False", depending on whether
	// the listener being invalid causes the entire Gateway to not be accepted.

I believe this should be true since the ListenerSet is configured but does not adversely affect the parent Gateway.
Additionally, there can be a scenario where only a subset of the listeners is invalid and this would more accurately reflect it

[rikatz]

but then the reason should be empty or something else, right? It was accepted but not programmed, I guess

[rostislavbobo]

+1. If the status is Accepted, there should not be a reason for that.

I wouldn't also mix Accepted: True and Programmed: False in this case. The Programmed condition indicates whether the controller was physically able to apply the requested resources (e.g. allocate an IP or open a port). Listener conflicts are configuration errors, not the controller ability to program them.

[davidjumani]

I don't think so. A subset of listeners can be accepted, so the status should reflect it accordingly.
If not all listeners are accepted, then the listenerSet Accepted condition should be false.

Additionally, the Programmed condition should also reflect the same, since a subset of listeners was applied

[rikatz]

do we really need this condition on the parent gateway? I am wondering if in Gateway case we can just not have any count of attached listener, as mostly the user will have its own condition

[davidjumani]

I think the condition should be set since :

• The user has explicitly disallowed ListenerSets
• ListenerSets have been attached (at least tried) to the Gateway

The user should know about this in the status

[rikatz]

I am not aware of the whole conditions reasoning here tbh, will defer to @youngnick for some better view on it

[rikatz]

again, should we have an accepted here? And a reason? Not sure if this doesn't get more confusing

[davidjumani]

I think this is a better indication that the listenerSet is correct (the parentref is valid, etc.) but one or more of the listeners is invalid which is indicated by the ListnerStatus above

[rostislavbobo]

but one or more of the listeners is invalid which is indicated by the ListnerStatus above

If all listeners in the ListenerSet have conflicts, shouldn't we report the ListenerSet as not accepted? This is consistent with other resources (e.g. if an HTTPRoute has no hostname intersection with a Gateway listener, it's reported a not accepted).

[davidjumani]

Yes, I agree and will update it accordingly. I'll make this clearer with the total number of conflicting listeners

[rikatz]

@davidjumani overall lgtm! I would like us to keep separated a PR that changes the GEP from a PR that changes the API, this way if we need to track any (or revert) we have proper changes

Thanks again for the effort here!

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: davidjumani
Once this PR has been reviewed and has the lgtm label, please assign aojea for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• geps/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[davidjumani]

Thanks for the review @rikatz I've answered the open questions and reverted the API changes.
Raised api: Update gateway status to include AttachedListeners with the changes

[rostislavbobo]

Thanks @davidjumani for a great conformance writeup! Left a couple of comment, let's discuss them today.

[rostislavbobo]

I am missing here and in the scenarios below whether the Gateway itself has listeners defined. This could change the statuses below and the outcome, for example, if Gateway listeners and ListenerSet listeners share the same port.

Can we be explicit and state that the Gateways have no listeners defined?

[davidjumani]

Currently, the Gateway validation requires at least one listener to be defined. I based the tests on this restriction

gateway-api/apis/v1/gateway_types.go

Line 236 in f24f3a6

// +kubebuilder:validation:MinItems=1

[rostislavbobo]

Should we clarify that the status is reported per parentRef? A ListenerSet can have different acceptance statuses depending on the Gateway configs it is attached to.

[davidjumani]

A listenerSet can have only one parent as per

gateway-api/apisx/v1alpha1/xlistenerset_types.go

Line 79 in f24f3a6

ParentRef ParentGatewayReference `json:"parentRef"`

[mikemorris]

Hmmm, I can't recall if there was any substantial discussion around this previously, but it could be possible to add a pluralized version of this field in some future revision if use cases demanded it. I'd kinda rather get the status nesting per-parentRef now (even if it feels redundant/unnecessary, it would mirror similar patterns on many other GWAPI resources) rather than deal with trying to add nesting to an assumed-singular hierarchy later...

[rostislavbobo]

+1. If the status is Accepted, there should not be a reason for that.

I wouldn't also mix Accepted: True and Programmed: False in this case. The Programmed condition indicates whether the controller was physically able to apply the requested resources (e.g. allocate an IP or open a port). Listener conflicts are configuration errors, not the controller ability to program them.

[rostislavbobo]

but one or more of the listeners is invalid which is indicated by the ListnerStatus above

If all listeners in the ListenerSet have conflicts, shouldn't we report the ListenerSet as not accepted? This is consistent with other resources (e.g. if an HTTPRoute has no hostname intersection with a Gateway listener, it's reported a not accepted).

[rostislavbobo]

Let's be clear on numbers and Gateway setup (also see comment). We spend a decent amount of time pondering various options that result in different calculations and statuses, so it'd be grate if we could disambiguate.

[davidjumani]

I would prefer that we iron this out in the conformance tests. These serve more as guidelines, as we can always add more tests and update this later. I would like to get something in that we can work towards rather than making a comprehensive test plan that only stays in review