ComputeTargetHTTPSProxy serverTlsPolicyRef field not applied #5399
Description
Checklist
- I did not find a related open issue.
- I did not find a solution in the troubleshooting guide: (https://cloud.google.com/config-connector/docs/troubleshooting)
- If this issue is time-sensitive, I have submitted a corresponding issue with GCP support.
Bug Description
For the ComputeTargetHTTPSProxy resource, the serverTlsPolicyRef field not applied to the TargetHTTPSProxy GCP resource when it references an external serverTlsPolicy. The serverTlsPolicy has an mTLS config.
The TargetHTTPSProxy is created fine, it is just missing the application of the serverTlsPolicy.
Additional Diagnostic Information
N/A
Kubernetes Cluster Version
Client Version: v1.33.3 Kustomize Version: v5.6.0 Server Version: v1.33.4-gke.1245000
Config Connector Version
1.135.0
Config Connector Mode
namespaced mode (default)
Log Output
No response
Steps to reproduce the issue
- Create a server TLS policy with mTLS config. Client validation mode can be whatever and use a trust config created in Certificate Manager.
- Create a ComputeTargetHTTPSProxy through KCC shown in the YAML snippet
- Observe that the ComputeTargetHTTPSProxy is created in GCP but is missing the serverTlsPolicy.
YAML snippets
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPSProxy
metadata:
name: my-https-target-proxy
spec:
location: us-west1
urlMapRef:
name: some-url-map
sslCertificates:
- name: some-ssl-cert
serverTlsPolicyRef:
# This doesn't get applied to the GCP TargetHTTPSProxy
external: projects/some-project-id/locations/us-west1/serverTlsPolicies/some-server-tls-policy