Initial support for ListenerSet (istio#55595)

* Initial ListenerSet support

* lint

* gen

* rebase

* Rebase

* rebase

* misc fixes

Author: howardjohn

manifests/charts/istio-control/istio-discovery/templates/clusterrole.yaml

@@ -144,6 +144,7 @@ rules:
   - apiGroups: ["gateway.networking.x-k8s.io"]
     resources:
     - xbackendtrafficpolicies/status
+    - xlistenersets/status
     verbs: ["update", "patch"]
   - apiGroups: ["gateway.networking.k8s.io"]
     resources:

pilot/pkg/config/kube/crdclient/types.gen.go

@@ -20,11 +20,11 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	k8s "sigs.k8s.io/gateway-api/apis/v1"
-	k8sbeta "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	"istio.io/istio/pilot/pkg/features"
 	"istio.io/istio/pilot/pkg/model/kstatus"
 	"istio.io/istio/pkg/config/schema/gvk"
+	"istio.io/istio/pkg/kube/controllers"
 	"istio.io/istio/pkg/maps"
 	"istio.io/istio/pkg/slices"
 	"istio.io/istio/pkg/util/sets"
@@ -319,13 +319,13 @@ func setConditions(generation int64, existingConditions []metav1.Condition, cond
 	return existingConditions
 }
 
-func reportListenerCondition(index int, l k8s.Listener, obj *k8sbeta.Gateway,
-	gs *k8sbeta.GatewayStatus, conditions map[string]*condition,
-) {
-	for index >= len(gs.Listeners) {
-		gs.Listeners = append(gs.Listeners, k8s.ListenerStatus{})
+func reportListenerCondition(index int, l k8s.Listener, obj controllers.Object,
+	statusListeners []k8s.ListenerStatus, conditions map[string]*condition,
+) []k8s.ListenerStatus {
+	for index >= len(statusListeners) {
+		statusListeners = append(statusListeners, k8s.ListenerStatus{})
 	}
-	cond := gs.Listeners[index].Conditions
+	cond := statusListeners[index].Conditions
 	supported, valid := generateSupportedKinds(l)
 	if !valid {
 		conditions[string(k8s.ListenerConditionResolvedRefs)] = &condition{
@@ -334,12 +334,13 @@ func reportListenerCondition(index int, l k8s.Listener, obj *k8sbeta.Gateway,
 			message: "Invalid route kinds",
 		}
 	}
-	gs.Listeners[index] = k8s.ListenerStatus{
+	statusListeners[index] = k8s.ListenerStatus{
 		Name:           l.Name,
 		AttachedRoutes: 0, // this will be reported later
 		SupportedKinds: supported,
-		Conditions:     setConditions(obj.Generation, cond, conditions),
+		Conditions:     setConditions(obj.GetGeneration(), cond, conditions),
 	}
+	return statusListeners
 }
 
 func generateSupportedKinds(l k8s.Listener) ([]k8s.RouteGroupKind, bool) {

pilot/pkg/config/kube/gateway/conditions.go

@@ -137,6 +137,7 @@ type Inputs struct {
 	GRPCRoutes           krt.Collection[*gatewayv1.GRPCRoute]
 	TCPRoutes            krt.Collection[*gatewayalpha.TCPRoute]
 	TLSRoutes            krt.Collection[*gatewayalpha.TLSRoute]
+	ListenerSets         krt.Collection[*gatewayx.XListenerSet]
 	ReferenceGrants      krt.Collection[*gateway.ReferenceGrant]
 	BackendTrafficPolicy krt.Collection[*gatewayx.XBackendTrafficPolicy]
 	BackendTLSPolicies   krt.Collection[*gatewayalpha3.BackendTLSPolicy]
@@ -200,12 +201,14 @@ func NewController(
 		inputs.TLSRoutes = buildClient[*gatewayalpha.TLSRoute](c, kc, gvr.TLSRoute, opts, "informer/TLSRoutes")
 		inputs.BackendTLSPolicies = buildClient[*gatewayalpha3.BackendTLSPolicy](c, kc, gvr.BackendTLSPolicy, opts, "informer/BackendTLSPolicies")
 		inputs.BackendTrafficPolicy = buildClient[*gatewayx.XBackendTrafficPolicy](c, kc, gvr.XBackendTrafficPolicy, opts, "informer/XBackendTrafficPolicy")
+		inputs.ListenerSets = buildClient[*gatewayx.XListenerSet](c, kc, gvr.XListenerSet, opts, "informer/XListenerSet")
 	} else {
 		// If disabled, still build a collection but make it always empty
 		inputs.TCPRoutes = krt.NewStaticCollection[*gatewayalpha.TCPRoute](nil, nil, opts.WithName("disable/TCPRoutes")...)
 		inputs.TLSRoutes = krt.NewStaticCollection[*gatewayalpha.TLSRoute](nil, nil, opts.WithName("disable/TLSRoutes")...)
 		inputs.BackendTLSPolicies = krt.NewStaticCollection[*gatewayalpha3.BackendTLSPolicy](nil, nil, opts.WithName("disable/BackendTLSPolicies")...)
 		inputs.BackendTrafficPolicy = krt.NewStaticCollection[*gatewayx.XBackendTrafficPolicy](nil, nil, opts.WithName("disable/XBackendTrafficPolicy")...)
+		inputs.ListenerSets = krt.NewStaticCollection[*gatewayx.XListenerSet](nil, nil, opts.WithName("disable/XListenerSet")...)
 	}
 
 	references := NewReferenceSet(
@@ -220,6 +223,19 @@ func NewController(
 	status.RegisterStatus(c.status, GatewayClassStatus, GetStatus)
 
 	ReferenceGrants := BuildReferenceGrants(ReferenceGrantsCollection(inputs.ReferenceGrants, opts))
+	ListenerSetStatus, ListenerSets := ListenerSetCollection(
+		inputs.ListenerSets,
+		inputs.Gateways,
+		GatewayClasses,
+		inputs.Namespaces,
+		ReferenceGrants,
+		inputs.Secrets,
+		options.DomainSuffix,
+		c.gatewayContext,
+		c.tagWatcher,
+		opts,
+	)
+	status.RegisterStatus(c.status, ListenerSetStatus, GetStatus)
 
 	DestinationRules := DestinationRuleCollection(
 		inputs.BackendTrafficPolicy,
@@ -234,6 +250,7 @@ func NewController(
 	// Do not register yet.
 	GatewaysStatus, Gateways := GatewayCollection(
 		inputs.Gateways,
+		ListenerSets,
 		GatewayClasses,
 		inputs.Namespaces,
 		ReferenceGrants,
@@ -475,8 +492,8 @@ func (c *Controller) HasSynced() bool {
 	return true
 }
 
-func (c *Controller) SecretAllowed(resourceName string, namespace string) bool {
-	return c.outputs.ReferenceGrants.SecretAllowed(nil, resourceName, namespace)
+func (c *Controller) SecretAllowed(ourKind config.GroupVersionKind, resourceName string, namespace string) bool {
+	return c.outputs.ReferenceGrants.SecretAllowed(nil, ourKind, resourceName, namespace)
 }
 
 func pushXds[T any](xds model.XDSUpdater, f func(T) model.ConfigKey) func(events []krt.Event[T]) {