Contour crashes on startup when globalExtAuth extension service doesn't exist.

[xyzzyz]

What steps did you take and what happened:
When you configure Contour to use globalExtAuth service, pointing it to ExtensionService that doesn't exist, it will crash on startup:

time="2024-11-18T23:51:20Z" level=fatal msg="Contour server failed" error="error getting extension service lattice/authx-external: extensionservices.projectcontour.io \"authx-external\" not found"

This is problematic for initial deployment setup: usually, the extension service will only be created later, after Contour is already installed, so Contour will keep crashlooping until something creates that service. I don't think that this behavior is necessary: we already have configuration fields specifying what to do when the global auth extension service is not responding (failOpen). We could simply treat the missing ExtensionService same as the extension service not responding.

What did you expect to happen:
I expect Contour to just start normally when ExtensionService specified in globalAuthExt doesn't exist, and then treat the incoming requests according to behavior configured in failOpen.

Anything else you would like to add:

contour/cmd/contour/serve.go

Line 862 in fbf2d58

// ensure the specified ExtensionService exists

is where the check is done

Environment:

• Contour version: 1.31

[github-actions]

Hey @xyzzyz! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace