Allow HTTP->HTTPS redirection on Istio Gateway

[penguinush]

Extends #1482.

One of the ServerTLSSettings on Istio Gatway is httpsRedirect that, according to docs, redirects HTTP traffic to HTTPS. Usually this is a desired behaviour for production setup, the only alternative would be to not create HTTP listener at all.

PR leverages combination of nullable property and oneOf with required fields - this works fine currently as there is 2 distinct options (mode: <>, which requires credentialName to be set, or httpsRedirect, which is mutually exclusive with every other option), but it might become cumbersome if more options of different combinations are added.

Tested with the following specs:

spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - '*.example.com'
    port:
      name: http
      number: 80
      protocol: HTTP
    tls:
      httpsRedirect: true
  - hosts:
    - '*.example.com'
    port:
      name: https-production
      number: 443
      protocol: https
    tls:
      credentialName: example-tls
      mode: SIMPLE

and

spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - '*.example.com'
    port:
      name: http
      number: 80
      protocol: HTTP
  - hosts:
    - '*.example.com'
    port:
      name: https-production
      number: 443
      protocol: https
    tls:
      credentialName: example-tls
      mode: SIMPLE

Both produce correct Gateways.

Kubernetes 1.30 (EKS), Knative Operator 1.15.4, Knative Serving 1.15.0, Istio 1.23.0.

Proposed Changes

• Allows HTTP listener on Istio Gateway to be configured with automatic HTTP->HTTPS redirection.

Release Note

feature: Istio Gateway can be configured with automatic HTTP->HTTPS redirection

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: penguinush / name: Constantine (7280323)

[knative-prow]

Welcome @penguinush! It looks like this is your first PR to knative/operator 🎉

[knative-prow]

Hi @penguinush. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.49%. Comparing base (6dce5ef) to head (7280323).
Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1888      +/-   ##
==========================================
+ Coverage   66.31%   66.49%   +0.17%     
==========================================
  Files          53       54       +1     
  Lines        2084     2107      +23     
==========================================
+ Hits         1382     1401      +19     
- Misses        587      589       +2     
- Partials      115      117       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[houshengbo]

@penguinush could you rebase this pr?

[houshengbo]

/test all

[houshengbo]

/lgtm
/approve

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: houshengbo, penguinush

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [houshengbo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[houshengbo]

Please check this PR: #1912