Copy parent HTTPOption to endpoint probe, if present.

[evankanderson]

Fixes #712

net-contour will now reconcile resources if only HTTPS is enabled

[evankanderson]

/assign @carlisia @nak3

[evankanderson]

I have no idea how I bollixed up the first commit, corrected.

[codecov]

Codecov Report

Merging #713 (afbbaf6) into main (a248e38) will increase coverage by 0.08%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #713      +/-   ##
==========================================
+ Coverage   93.43%   93.52%   +0.08%     
==========================================
  Files           7        7              
  Lines         518      525       +7     
==========================================
+ Hits          484      491       +7     
  Misses         16       16              
  Partials       18       18              

Impacted Files	Coverage Δ
pkg/reconciler/contour/resources/httpproxy.go	97.24% <100.00%> (-0.02%)	⬇️
pkg/reconciler/contour/resources/kingress.go	96.87% <100.00%> (+0.44%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a248e38...afbbaf6. Read the comment docs.

[evankanderson]

/retest

[evankanderson]

This is ready for review.

[evankanderson]

Since we were making a copy, there was no need to use references here anyway.

[evankanderson]

Since this converts things to probe HTTPS for HTTPS instances with certificates, I think that should be sufficient for this TODO.

[dprotaso]

Since we're opening up the ability to probe HTTPS endpoints we'll probably want the following

1. The ability to included an addition CA cert/intermediate certs that the prober uses
   • This is for handling corporate environments with a non public CA
   • or we confirm and document SSL_CERT_FILE/SSL_CERT_DIR works as expected
2. (optional) Configure an option to skip cert verification crypto/tls/Config.InsecureSkipVerify
   • Probably include big warnings that this should be off - or use only in testing
3. E2E test covering this functionality

[evankanderson]

(This change failed until I included the right hostnames in the child KIngress's spec.tls field, so I think we do have e2e test coverage.)

Re item 2, we already configure InsecureSkipVerify in the networking prober:

https://github.com/knative/networking/blob/57bee6625a8ac19f6a1f02261d23245facf98ed0/pkg/status/status.go#L368

I'm not sure what you're thinking of for item 1, given item 2.

[dprotaso]

(This change failed until I included the right hostnames in the child KIngress's spec.tls field, so I think we do have e2e test coverage.)

Great

Re item 2, we already configure InsecureSkipVerify in the networking prober:

Oh interesting - thought it was stricter. Let's forgo 1 &2 then.

[dprotaso]

/lgtm
/approve

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso, evankanderson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dprotaso,evankanderson]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment