Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: OSSM 2.3.1, OSSM 2.3.2, OSSM 2.4.0
Component/s: Customer Impact, Documentation
Labels:
- needs-documentation

Blocked:
False
Blocked Reason:
None
Ready:
False
Release Note Status:
Proposed

Target Version:

OSSM 2.5.0

SFDC Cases Links:
SFDC Cases Counter:

Description

For Gateway API support to work in a multitenant mesh, all Gateway API CRDs need to be present. As starting with 2.3.1, OSSM supports both v1alpha2 and v1beta1 resources, that means that both versions need to be present. This can be achieved by installing the CRDs with the following command (note the extra experimental in the URL):

kubectl get crd gateways.gateway.networking.k8s.io ||   { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v0.5.1" | kubectl apply -f -; }

The CRDs need to be present because we disable the CRD scan in multitenant deployments, which means that Istio has no way of knowing which CRDs are present in the cluster and just creates Informers for all of them, in turn leading to errors when watches fail.

A possible fix could be to remove the disabling of the CRD scan and instead rewriting it so that it doesn't need cluster-wide permissions, by using the kubernetes API Discovery instead of List()ing the CustomResourceDefinitions.

Attachments

Issue Links

is documented by

OSSM-3886 gateway api defect

Closed

relates to

OSSM-5597 [Enhancement] Improve information about Gateway API CRDs version

Backlog

links to

openshift/openshift-docs#58437: [WIP] OSSM-3252: Service Mesh 2.4 Release Notes

Activity

People

Assignee:: Gwynne Monahan

Reporter:: Daniel Grimm

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2023/05/03 7:13 AM

Updated:: 2024/01/29 1:11 PM

Resolved:: 2023/09/27 6:11 PM