Skip to content

TrafficPolicy status does not indicate missing targetRef #11160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ymesika opened this issue May 5, 2025 · 2 comments · May be fixed by #11193
Open

TrafficPolicy status does not indicate missing targetRef #11160

ymesika opened this issue May 5, 2025 · 2 comments · May be fixed by #11193
Labels
needs-design Type: Bug Something isn't working

Comments

@ymesika
Copy link
Contributor

ymesika commented May 5, 2025

kgateway version

main

Kubernetes Version

1.31.0

Describe the bug

When applying a TrafficPolicy that references a non-existing target (e.g. HTTPRoute) the status of the resource isn't updated and the controller doesn't have any logging for this case.

Also, if the target ref resource is removed, the status is still in a state of Accepted with no indication of a missing target ref.

Expected Behavior

Status should mention that the spec's targetRef(s) does not exist.

Steps to reproduce the bug

  1. Apply a TrafficPolicy with a targetRef that does not exists. I had this for instance:
apiVersion: gateway.kgateway.dev/v1alpha1
kind: TrafficPolicy
metadata:
  namespace: kgateway-test
  name: gw-policy
spec:
  targetRefs:  
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: simple-route
  extAuth:
    extensionRef: 
      name: basic-extauth
  1. After adding the missing HTTPRoute and verifying that the TrafficPolicy's status is updated, remove the HTTPRoute. You'll notice that status stays as it was.

Additional Environment Detail

No response

Additional Context

No response
@ymesika ymesika added the Type: Bug Something isn't working label May 5, 2025
@shashankram
Copy link
Contributor

@ymesika please update the issue description to include the status yaml.

With the PolicyStatus API that uses AncestorRef based statuses, policy CRs will only have a valid status when they attach to a resource whose ancestor is a Gateway object. An unattached policy will not have any status. In fact, this should ideally be handled via defaults in the Status schema, which I believe will suffice to indicate "unattached state".

Removing an HTTPRoute could invalidate an AncesorRef status if the policy no longer targets any routes belonging to a Gateway. This is something that is tricky to implement, but feasible.

@ymesika
Copy link
Contributor Author

ymesika commented May 6, 2025

@shashankram that's right. The resource doesn't get any Status in the first case and based on your comment it is expected. Having a defaults status can indeed indicate that there is an issue.

@MayorFaj MayorFaj linked a pull request May 9, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-design Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bugfix - traffic policy status indicating targetRef MayorFaj/kgateway
2 participants
@shashankram @ymesika