205hlab-mirrors/traefik
2
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2026-06-17 19:09:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix BackendTLSPolicy status update

Browse Source 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
Anatole Lucet
2026-06-05 12:16:08 +02:00
committed by GitHub
parent 5d123f52e1
commit 6ddda32184
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/provider/kubernetes/gateway/client.go
+10 -3
View File
@@ -720,20 +720,27 @@ func (c *clientWrapper) UpdateBackendTLSPolicyStatus(ctx context.Context, policy
ancestorStatuses := make([]gatev1.PolicyAncestorStatus, len(status.Ancestors))
copy(ancestorStatuses, status.Ancestors)
// keep statuses added by other gateway controllers,
// and statuses for Traefik gateway controller but not for the same Gateway as the one in parameter (AncestorRef).
for _, ancestorStatus := range currentPolicy.Status.Ancestors {
// Keep statuses added by other gateway controllers.
if ancestorStatus.ControllerName != controllerName {
ancestorStatuses = append(ancestorStatuses, ancestorStatus)
continue
}
// Keep statuses added by Traefik for other ancestors.
// A BackendTLSPolicy can target services attached to different listeners.
if !slices.ContainsFunc(status.Ancestors, func(s gatev1.PolicyAncestorStatus) bool {
return reflect.DeepEqual(s.AncestorRef, ancestorStatus.AncestorRef)
}) {
ancestorStatuses = append(ancestorStatuses, ancestorStatus)
}
}
if len(ancestorStatuses) > 16 {
return fmt.Errorf("failed to update BackendTLSPolicy %s/%s status: PolicyAncestor statuses count exceeds 16", policy.Namespace, policy.Name)
}
// do not update status when nothing has changed.
// Do not update status when nothing has changed.
if policyAncestorStatusesEqual(currentPolicy.Status.Ancestors, ancestorStatuses) {
return nil
}
pkg/provider/kubernetes/gateway/httproute.go
+6
View File
@@ -451,6 +451,12 @@ func (p *Provider) loadHTTPServers(ctx context.Context, namespace string, route
var serversTransport *dynamic.ServersTransport
for _, policy := range backendTLSPolicies {
for _, targetRef := range policy.Spec.TargetRefs {
// Skip targetRefs that doesn't match the backendRef,
// since a BackendTLSPolicy can select multiple services.
if targetRef.Name != backendRef.Name {
continue
}
// Skip the targetRef if the sectionName doesn't match the backendRef port.
if targetRef.SectionName != nil && svcPort.Name != string(*targetRef.SectionName) {
continue
}