Open dprotaso opened 1 year ago
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen
. Mark the issue as
fresh by adding the comment /remove-lifecycle stale
.
I was able to find the root cause and was able to make the tests pass again here on a hacky PR.
Summary
external-domain-tls
tls
block in the KnativeIngress
object as long as the secret is not there, we even have code to downgrade to http only if this happens, as the http path might already workPossible solutions
a) Our current definition says, a Knative Service can be ready if just http works. The certificate might never be provisioned, the Knative Service will still stay ready=true and http will work. We could ask if this is correct. If a user ask for external-domain-tls=enabled
, why is a service that never once served https ready?
b) we could extend our tests to make sure they wait for the protocol to be ready that they test for. E.g. extend https://github.com/knative/serving/blob/bb9c8158a34a155ecf95ac0c4094bea600545b74/vendor/knative.dev/pkg/test/request.go#L147 to know when we except https (https://github.com/knative/serving/blob/3ac6d4a5e66003171fafcf8ac3dc3e365b6f2c77/test/e2e_flags.go#L38) and wait for the https route to be fully ready before doing our actual test cases.
c) other ideas?
Please add your ideas/opinions: @dprotaso @skonto @izabelacg
@ReToCode I think b) is less intrusive to fix. Maybe try that for now?
https://testgrid.k8s.io/r/knative-own-testgrid/serving#https