From 18a412d9d9674166f16b5a988173432f9daf6840 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Sun, 2 Jun 2024 04:08:48 +0800 Subject: [PATCH 01/24] refactor: rename EnvoyProxy field Signed-off-by: haoqixu --- .../translate/out/default-resources.all.yaml | 2 +- .../translate/out/invalid-envoyproxy.all.yaml | 2 +- .../translate/out/valid-envoyproxy.all.yaml | 2 +- internal/cmd/egctl/translate.go | 20 +++++------ internal/gatewayapi/backendtlspolicy.go | 34 +++++++++---------- internal/gatewayapi/helpers.go | 2 +- internal/gatewayapi/listener.go | 7 ++-- internal/gatewayapi/resource.go | 2 +- internal/gatewayapi/runner/runner.go | 3 +- .../testdata/conflicting-policies.in.yaml | 2 +- .../testdata/custom-filter-order.in.yaml | 2 +- .../testdata/disable-accesslog.in.yaml | 2 +- ...tchpolicy-invalid-feature-disabled.in.yaml | 2 +- ...invalid-target-kind-merge-gateways.in.yaml | 2 +- ...oypatchpolicy-valid-merge-gateways.in.yaml | 2 +- ...voyproxy-accesslog-backend-invalid.in.yaml | 2 +- .../envoyproxy-accesslog-backend.in.yaml | 2 +- ...roxy-accesslog-file-json-no-format.in.yaml | 2 +- .../envoyproxy-accesslog-file-json.in.yaml | 2 +- ...nvoyproxy-accesslog-with-bad-sinks.in.yaml | 2 +- .../testdata/envoyproxy-accesslog.in.yaml | 2 +- .../envoyproxy-endpoint-routing.in.yaml | 2 +- .../envoyproxy-metric-backend-invalid.in.yaml | 2 +- .../envoyproxy-metric-backend.in.yaml | 2 +- .../envoyproxy-service-routing.in.yaml | 2 +- ...envoyproxy-tls-settings-invalid-ns.in.yaml | 2 +- .../envoyproxy-tls-settings-invalid.in.yaml | 2 +- .../testdata/envoyproxy-tls-settings.in.yaml | 2 +- ...envoyproxy-tracing-backend-invalid.in.yaml | 2 +- .../envoyproxy-tracing-backend.in.yaml | 2 +- .../testdata/envoyproxy-valid.in.yaml | 2 +- .../merge-invalid-multiple-gateways.in.yaml | 2 +- ...ways-multiple-listeners-same-ports.in.yaml | 2 +- ...-multiple-gateways-multiple-routes.in.yaml | 2 +- .../merge-valid-multiple-gateways.in.yaml | 2 +- .../merge-with-isolated-policies-2.in.yaml | 2 +- .../merge-with-isolated-policies.in.yaml | 2 +- .../tracing-merged-multiple-routes.in.yaml | 2 +- .../testdata/tracing-multiple-routes.in.yaml | 2 +- internal/gatewayapi/translator.go | 8 ++--- internal/gatewayapi/zz_generated.deepcopy.go | 4 +-- internal/provider/kubernetes/controller.go | 12 +++---- .../provider/kubernetes/controller_test.go | 2 +- 43 files changed, 81 insertions(+), 79 deletions(-) diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 1e85fb5ffab..e30d25490e3 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -1,4 +1,4 @@ -envoyProxy: +classEnvoyProxy: metadata: creationTimestamp: null name: default-envoy-proxy diff --git a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml index 41be265b365..ff74a3dd412 100644 --- a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml @@ -1,4 +1,4 @@ -envoyProxy: +classEnvoyProxy: metadata: creationTimestamp: null name: example diff --git a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml index 53dcd574842..013161280e4 100644 --- a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml @@ -1,4 +1,4 @@ -envoyProxy: +classEnvoyProxy: metadata: creationTimestamp: null name: example diff --git a/internal/cmd/egctl/translate.go b/internal/cmd/egctl/translate.go index 2cf06396078..9fb88070149 100644 --- a/internal/cmd/egctl/translate.go +++ b/internal/cmd/egctl/translate.go @@ -315,13 +315,13 @@ func translateGatewayAPIToGatewayAPI(resources *gatewayapi.Resources) (gatewayap gRes, _ := gTranslator.Translate(resources) // Update the status of the GatewayClass based on EnvoyProxy validation epInvalid := false - if resources.EnvoyProxy != nil { - if err := validation.ValidateEnvoyProxy(resources.EnvoyProxy); err != nil { + if resources.ClassEnvoyProxy != nil { + if err := validation.ValidateEnvoyProxy(resources.ClassEnvoyProxy); err != nil { epInvalid = true msg := fmt.Sprintf("%s: %v", status.MsgGatewayClassInvalidParams, err) status.SetGatewayClassAccepted(resources.GatewayClass, false, string(gwapiv1.GatewayClassReasonInvalidParameters), msg) } - gRes.EnvoyProxy = resources.EnvoyProxy + gRes.ClassEnvoyProxy = resources.ClassEnvoyProxy } if !epInvalid { status.SetGatewayClassAccepted(resources.GatewayClass, true, string(gwapiv1.GatewayClassReasonAccepted), status.MsgValidGatewayClass) @@ -364,8 +364,8 @@ func translateGatewayAPIToXds(dnsDomain string, resourceType string, resources * ServiceURL: ratelimit.GetServiceURL("envoy-gateway", dnsDomain), }, } - if resources.EnvoyProxy != nil { - xTranslator.FilterOrder = resources.EnvoyProxy.Spec.FilterOrder + if resources.ClassEnvoyProxy != nil { + xTranslator.FilterOrder = resources.ClassEnvoyProxy.Spec.FilterOrder } xRes, err := xTranslator.Translate(val) if err != nil { @@ -445,8 +445,8 @@ func constructConfigDump(resources *gatewayapi.Resources, tCtx *xds_types.Resour // Apply Bootstrap from EnvoyProxy API if set by the user // The config should have been validated already - if resources.EnvoyProxy != nil && resources.EnvoyProxy.Spec.Bootstrap != nil { - bootstrapConfigurations, err = bootstrap.ApplyBootstrapConfig(resources.EnvoyProxy.Spec.Bootstrap, bootstrapConfigurations) + if resources.ClassEnvoyProxy != nil && resources.ClassEnvoyProxy.Spec.Bootstrap != nil { + bootstrapConfigurations, err = bootstrap.ApplyBootstrapConfig(resources.ClassEnvoyProxy.Spec.Bootstrap, bootstrapConfigurations) if err != nil { return nil, err } @@ -685,7 +685,7 @@ func kubernetesYAMLToResources(str string, addMissingResources bool) (*gatewayap }, Spec: typedSpec.(egv1a1.EnvoyProxySpec), } - resources.EnvoyProxy = envoyProxy + resources.ClassEnvoyProxy = envoyProxy case gatewayapi.KindGatewayClass: typedSpec := spec.Interface() gatewayClass := &gwapiv1.GatewayClass{ @@ -923,7 +923,7 @@ func kubernetesYAMLToResources(str string, addMissingResources bool) (*gatewayap } // Add EnvoyProxy if it does not exist - if resources.EnvoyProxy == nil { + if resources.ClassEnvoyProxy == nil { if err := addDefaultEnvoyProxy(resources); err != nil { return nil, err } @@ -955,7 +955,7 @@ func addDefaultEnvoyProxy(resources *gatewayapi.Resources) error { }, }, } - resources.EnvoyProxy = ep + resources.ClassEnvoyProxy = ep ns := gwapiv1.Namespace(namespace) resources.GatewayClass.Spec.ParametersRef = &gwapiv1.ParametersReference{ Group: gwapiv1.Group(egv1a1.GroupVersion.Group), diff --git a/internal/gatewayapi/backendtlspolicy.go b/internal/gatewayapi/backendtlspolicy.go index f82161181d8..d5edcfdada6 100644 --- a/internal/gatewayapi/backendtlspolicy.go +++ b/internal/gatewayapi/backendtlspolicy.go @@ -53,27 +53,27 @@ func (t *Translator) processBackendTLSPolicy( status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName) // apply defaults as per envoyproxy - if resources.EnvoyProxy != nil { - if resources.EnvoyProxy.Spec.BackendTLS != nil { - if len(resources.EnvoyProxy.Spec.BackendTLS.Ciphers) > 0 { - tlsBundle.Ciphers = resources.EnvoyProxy.Spec.BackendTLS.Ciphers + if resources.ClassEnvoyProxy != nil { + if resources.ClassEnvoyProxy.Spec.BackendTLS != nil { + if len(resources.ClassEnvoyProxy.Spec.BackendTLS.Ciphers) > 0 { + tlsBundle.Ciphers = resources.ClassEnvoyProxy.Spec.BackendTLS.Ciphers } - if len(resources.EnvoyProxy.Spec.BackendTLS.ECDHCurves) > 0 { - tlsBundle.ECDHCurves = resources.EnvoyProxy.Spec.BackendTLS.ECDHCurves + if len(resources.ClassEnvoyProxy.Spec.BackendTLS.ECDHCurves) > 0 { + tlsBundle.ECDHCurves = resources.ClassEnvoyProxy.Spec.BackendTLS.ECDHCurves } - if len(resources.EnvoyProxy.Spec.BackendTLS.SignatureAlgorithms) > 0 { - tlsBundle.SignatureAlgorithms = resources.EnvoyProxy.Spec.BackendTLS.SignatureAlgorithms + if len(resources.ClassEnvoyProxy.Spec.BackendTLS.SignatureAlgorithms) > 0 { + tlsBundle.SignatureAlgorithms = resources.ClassEnvoyProxy.Spec.BackendTLS.SignatureAlgorithms } - if resources.EnvoyProxy.Spec.BackendTLS.MinVersion != nil { - tlsBundle.MinVersion = ptr.To(ir.TLSVersion(*resources.EnvoyProxy.Spec.BackendTLS.MinVersion)) + if resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion != nil { + tlsBundle.MinVersion = ptr.To(ir.TLSVersion(*resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion)) } - if resources.EnvoyProxy.Spec.BackendTLS.MinVersion != nil { - tlsBundle.MaxVersion = ptr.To(ir.TLSVersion(*resources.EnvoyProxy.Spec.BackendTLS.MaxVersion)) + if resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion != nil { + tlsBundle.MaxVersion = ptr.To(ir.TLSVersion(*resources.ClassEnvoyProxy.Spec.BackendTLS.MaxVersion)) } - if len(resources.EnvoyProxy.Spec.BackendTLS.ALPNProtocols) > 0 { - tlsBundle.ALPNProtocols = make([]string, len(resources.EnvoyProxy.Spec.BackendTLS.ALPNProtocols)) - for i := range resources.EnvoyProxy.Spec.BackendTLS.ALPNProtocols { - tlsBundle.ALPNProtocols[i] = string(resources.EnvoyProxy.Spec.BackendTLS.ALPNProtocols[i]) + if len(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols) > 0 { + tlsBundle.ALPNProtocols = make([]string, len(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols)) + for i := range resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols { + tlsBundle.ALPNProtocols[i] = string(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols[i]) } } } @@ -82,7 +82,7 @@ func (t *Translator) processBackendTLSPolicy( } func (t *Translator) applyEnvoyProxyBackendTLSSetting(policy *gwapiv1a3.BackendTLSPolicy, tlsConfig *ir.TLSUpstreamConfig, resources *Resources, parent gwapiv1a2.ParentReference) *ir.TLSUpstreamConfig { - ep := resources.EnvoyProxy + ep := resources.ClassEnvoyProxy if ep == nil || ep.Spec.BackendTLS == nil || tlsConfig == nil { return tlsConfig diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 05865225505..64b7ec40fe8 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -417,7 +417,7 @@ func irTLSCACertName(namespace, name string) string { } func IsMergeGatewaysEnabled(resources *Resources) bool { - return resources.EnvoyProxy != nil && resources.EnvoyProxy.Spec.MergeGateways != nil && *resources.EnvoyProxy.Spec.MergeGateways + return resources.ClassEnvoyProxy != nil && resources.ClassEnvoyProxy.Spec.MergeGateways != nil && *resources.ClassEnvoyProxy.Spec.MergeGateways } func protocolSliceToStringSlice(protocols []gwapiv1.ProtocolType) []string { diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 47c1df0a7b1..d096fd498b0 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -43,8 +43,8 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap for _, gateway := range gateways { irKey := t.getIRKey(gateway.Gateway) - if resources.EnvoyProxy != nil { - infraIR[irKey].Proxy.Config = resources.EnvoyProxy + if resources.ClassEnvoyProxy != nil { + infraIR[irKey].Proxy.Config = resources.ClassEnvoyProxy } t.processProxyObservability(gateway, xdsIR[irKey], infraIR[irKey].Proxy.Config, resources) @@ -97,7 +97,8 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap } // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} - containerPort := servicePortToContainerPort(int32(listener.Port), resources.EnvoyProxy) + // TODO + containerPort := servicePortToContainerPort(int32(listener.Port), resources.ClassEnvoyProxy) switch listener.Protocol { case gwapiv1.HTTPProtocolType, gwapiv1.HTTPSProtocolType: irListener := &ir.HTTPListener{ diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index da7c49441f6..a72a6d7b1fa 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -48,7 +48,7 @@ type Resources struct { EndpointSlices []*discoveryv1.EndpointSlice `json:"endpointSlices,omitempty" yaml:"endpointSlices,omitempty"` Secrets []*corev1.Secret `json:"secrets,omitempty" yaml:"secrets,omitempty"` ConfigMaps []*corev1.ConfigMap `json:"configMaps,omitempty" yaml:"configMaps,omitempty"` - EnvoyProxy *egv1a1.EnvoyProxy `json:"envoyProxy,omitempty" yaml:"envoyProxy,omitempty"` + ClassEnvoyProxy *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` ExtensionRefFilters []unstructured.Unstructured `json:"extensionRefFilters,omitempty" yaml:"extensionRefFilters,omitempty"` EnvoyPatchPolicies []*egv1a1.EnvoyPatchPolicy `json:"envoyPatchPolicies,omitempty" yaml:"envoyPatchPolicies,omitempty"` ClientTrafficPolicies []*egv1a1.ClientTrafficPolicy `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"` diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index b4419aff63b..31062749f66 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -87,7 +87,8 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { EnvoyPatchPolicyEnabled: r.EnvoyGateway.ExtensionAPIs != nil && r.EnvoyGateway.ExtensionAPIs.EnableEnvoyPatchPolicy, BackendEnabled: r.EnvoyGateway.ExtensionAPIs != nil && r.EnvoyGateway.ExtensionAPIs.EnableBackend, Namespace: r.Namespace, - MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), + // TODO: gateway.infrastructure.parametersRef + MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), } // If an extension is loaded, pass its supported groups/kinds to the translator diff --git a/internal/gatewayapi/testdata/conflicting-policies.in.yaml b/internal/gatewayapi/testdata/conflicting-policies.in.yaml index 0019de717be..794772892b6 100644 --- a/internal/gatewayapi/testdata/conflicting-policies.in.yaml +++ b/internal/gatewayapi/testdata/conflicting-policies.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/custom-filter-order.in.yaml b/internal/gatewayapi/testdata/custom-filter-order.in.yaml index 7bbef11264b..a97abadb68a 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.in.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.in.yaml @@ -6,7 +6,7 @@ secrets: name: users-secret1 data: .htpasswd: "dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=" -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/disable-accesslog.in.yaml b/internal/gatewayapi/testdata/disable-accesslog.in.yaml index c6fa25f5cc6..533f4ec187e 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.in.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml index d75a6e91e49..3bacde1ab7a 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml index 8d00c96d3a8..3a58a936f3e 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml index 3daa484dc73..f66bd2a127c 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml index 0c045e3165f..f431a779d2d 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml index 4dccf1a36d3..2d2a204e8d0 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml index 67db26d8e71..6dd9ba72858 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml index 3dc3c98a88c..7997f8c9d82 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml index cccabc9cd4d..c908da35141 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml index 0d691420576..39f9b24fda8 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml index b0d79c07573..ace6a17f610 100644 --- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classenvoyproxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml index 0c60778b2aa..62d6aa4c6ef 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml index 3a5228cc271..9152da9ea9b 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml index 81c141103a9..f8a53b211f8 100644 --- a/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classenvoyproxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml index 78df58c55e8..e0c1685387d 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml index 76139b7d2ac..09a8ed22a1e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml index b745a770602..baf4037ce81 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml index 2feceaf788e..98379a74863 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml index 42e91b06cf7..346dd2d5e30 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml index fced37e87f2..c9b3bb21cfe 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml index a109f785281..6bec98e6203 100644 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml index 81e8ae3c976..6650cb13528 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml index b88c25a8808..a90191d615f 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml index aad24f222ea..34db81d8edc 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml index d343d0070ff..69b5e5fe28f 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml index 1f5291f72df..f6be98ca00f 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml index 0f89e2f86d1..f3fba008414 100644 --- a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml b/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml index a647019a9a9..1a4592a3549 100644 --- a/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -envoyproxy: +classEnvoyProxy: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 3e392d2e949..8cfef14d852 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -244,10 +244,10 @@ func (t *Translator) Translate(resources *Resources) (*TranslateResult, error) { // Set custom filter order if EnvoyProxy is set // The custom filter order will be applied when generating the HTTP filter chain. - if resources.EnvoyProxy != nil { + if resources.ClassEnvoyProxy != nil { for _, gateway := range gateways { irKey := t.getIRKey(gateway.Gateway) - xdsIR[irKey].FilterOrder = resources.EnvoyProxy.Spec.FilterOrder + xdsIR[irKey].FilterOrder = resources.ClassEnvoyProxy.Spec.FilterOrder } } @@ -321,10 +321,10 @@ func (t *Translator) IsEnvoyServiceRouting(r *Resources) bool { if t.EndpointRoutingDisabled { return true } - if r.EnvoyProxy == nil { + if r.ClassEnvoyProxy == nil { return false } - switch ptr.Deref(r.EnvoyProxy.Spec.RoutingType, egv1a1.EndpointRoutingType) { + switch ptr.Deref(r.ClassEnvoyProxy.Spec.RoutingType, egv1a1.EndpointRoutingType) { case egv1a1.ServiceRoutingType: return true case egv1a1.EndpointRoutingType: diff --git a/internal/gatewayapi/zz_generated.deepcopy.go b/internal/gatewayapi/zz_generated.deepcopy.go index a5bf8c9974f..8129445923f 100644 --- a/internal/gatewayapi/zz_generated.deepcopy.go +++ b/internal/gatewayapi/zz_generated.deepcopy.go @@ -172,8 +172,8 @@ func (in *Resources) DeepCopyInto(out *Resources) { } } } - if in.EnvoyProxy != nil { - in, out := &in.EnvoyProxy, &out.EnvoyProxy + if in.ClassEnvoyProxy != nil { + in, out := &in.ClassEnvoyProxy, &out.ClassEnvoyProxy *out = new(apiv1alpha1.EnvoyProxy) (*in).DeepCopyInto(*out) } diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 55bd54c915f..1e76bf57942 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -269,8 +269,8 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques gwcResource.Namespaces = append(gwcResource.Namespaces, namespace) } - if gwcResource.EnvoyProxy != nil && gwcResource.EnvoyProxy.Spec.MergeGateways != nil { - if *gwcResource.EnvoyProxy.Spec.MergeGateways { + if gwcResource.ClassEnvoyProxy != nil && gwcResource.ClassEnvoyProxy.Spec.MergeGateways != nil { + if *gwcResource.ClassEnvoyProxy.Spec.MergeGateways { r.mergeGateways.Insert(managedGC.Name) } else { r.mergeGateways.Delete(managedGC.Name) @@ -315,17 +315,17 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques } func (r *gatewayAPIReconciler) processEnvoyProxySecretRef(ctx context.Context, gwcResource *gatewayapi.Resources) { - if gwcResource.EnvoyProxy == nil || gwcResource.EnvoyProxy.Spec.BackendTLS == nil || gwcResource.EnvoyProxy.Spec.BackendTLS.ClientCertificateRef == nil { + if gwcResource.ClassEnvoyProxy == nil || gwcResource.ClassEnvoyProxy.Spec.BackendTLS == nil || gwcResource.ClassEnvoyProxy.Spec.BackendTLS.ClientCertificateRef == nil { return } - certRef := gwcResource.EnvoyProxy.Spec.BackendTLS.ClientCertificateRef + certRef := gwcResource.ClassEnvoyProxy.Spec.BackendTLS.ClientCertificateRef if refsSecret(certRef) { if err := r.processSecretRef( ctx, newResourceMapping(), gwcResource, gatewayapi.KindGateway, - gwcResource.EnvoyProxy.Namespace, + gwcResource.ClassEnvoyProxy.Namespace, gatewayapi.KindEnvoyProxy, *certRef); err != nil { r.log.Error(err, @@ -1656,7 +1656,7 @@ func (r *gatewayAPIReconciler) processParamsRef(ctx context.Context, gc *gwapiv1 } valid = true - resourceTree.EnvoyProxy = &ep + resourceTree.ClassEnvoyProxy = &ep break } } diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go index edd8b53c703..7df745821d9 100644 --- a/internal/provider/kubernetes/controller_test.go +++ b/internal/provider/kubernetes/controller_test.go @@ -472,7 +472,7 @@ func TestProcessParamsRef(t *testing.T) { if tc.expected { require.NoError(t, err) // Ensure the resource tree and map are as expected. - require.Equal(t, tc.ep, resourceTree.EnvoyProxy) + require.Equal(t, tc.ep, resourceTree.ClassEnvoyProxy) } else { require.Error(t, err) } From eca00cdbfac9b322740de91ed8d63090c1465827 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Thu, 6 Jun 2024 11:49:29 +0800 Subject: [PATCH 02/24] feat(controller): process gateway.infrastructure.parametersref Signed-off-by: haoqixu --- internal/gatewayapi/resource.go | 1 + internal/provider/kubernetes/controller.go | 226 +++++++++++------- .../provider/kubernetes/controller_test.go | 5 +- 3 files changed, 140 insertions(+), 92 deletions(-) diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index a72a6d7b1fa..3d1db1b7f68 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -49,6 +49,7 @@ type Resources struct { Secrets []*corev1.Secret `json:"secrets,omitempty" yaml:"secrets,omitempty"` ConfigMaps []*corev1.ConfigMap `json:"configMaps,omitempty" yaml:"configMaps,omitempty"` ClassEnvoyProxy *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` + EnvoyProxies []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` ExtensionRefFilters []unstructured.Unstructured `json:"extensionRefFilters,omitempty" yaml:"extensionRefFilters,omitempty"` EnvoyPatchPolicies []*egv1a1.EnvoyPatchPolicy `json:"envoyPatchPolicies,omitempty" yaml:"envoyPatchPolicies,omitempty"` ClientTrafficPolicies []*egv1a1.ClientTrafficPolicy `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"` diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 1e76bf57942..7ba8d764e16 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -123,6 +123,8 @@ func newGatewayAPIController(mgr manager.Manager, cfg *config.Server, su Updater type resourceMappings struct { // Map for storing namespaces for Route, Service and Gateway objects. allAssociatedNamespaces sets.Set[string] + // Map for storing EnvoyProxies' NamespacedNames attaching to Gateway or GatewayClass. + allAssociatedEnvoyProxies sets.Set[string] // Map for storing TLSRoutes' NamespacedNames attaching to various Gateway objects. allAssociatedTLSRoutes sets.Set[string] // Map for storing HTTPRoutes' NamespacedNames attaching to various Gateway objects. @@ -143,14 +145,15 @@ type resourceMappings struct { func newResourceMapping() *resourceMappings { return &resourceMappings{ - allAssociatedNamespaces: sets.New[string](), - allAssociatedTLSRoutes: sets.New[string](), - allAssociatedHTTPRoutes: sets.New[string](), - allAssociatedGRPCRoutes: sets.New[string](), - allAssociatedTCPRoutes: sets.New[string](), - allAssociatedUDPRoutes: sets.New[string](), - allAssociatedBackendRefs: sets.New[gwapiv1.BackendObjectReference](), - extensionRefFilters: map[utils.NamespacedNameWithGroupKind]unstructured.Unstructured{}, + allAssociatedNamespaces: sets.New[string](), + allAssociatedEnvoyProxies: sets.New[string](), + allAssociatedTLSRoutes: sets.New[string](), + allAssociatedHTTPRoutes: sets.New[string](), + allAssociatedGRPCRoutes: sets.New[string](), + allAssociatedTCPRoutes: sets.New[string](), + allAssociatedUDPRoutes: sets.New[string](), + allAssociatedBackendRefs: sets.New[gwapiv1.BackendObjectReference](), + extensionRefFilters: map[utils.NamespacedNameWithGroupKind]unstructured.Unstructured{}, } } @@ -193,6 +196,19 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques gwcResources = append(gwcResources, gwcResource) resourceMappings := newResourceMapping() + // Process the parametersRef of the accepted GatewayClass. + // This should run before processGateways and processBackendRefs + if managedGC.Spec.ParametersRef != nil && managedGC.DeletionTimestamp == nil { + if err := r.processGCParamsRef(ctx, managedGC, resourceMappings, gwcResource); err != nil { + msg := fmt.Sprintf("%s: %v", status.MsgGatewayClassInvalidParams, err) + if err := r.updateStatusForGatewayClass(ctx, managedGC, false, string(gwapiv1.GatewayClassReasonInvalidParameters), msg); err != nil { + r.log.Error(err, "unable to update GatewayClass status") + } + r.log.Error(err, "failed to process parametersRef for gatewayclass", "name", managedGC.Name) + return reconcile.Result{}, err + } + } + // Add all Gateways, their associated Routes, and referenced resources to the resourceTree if err = r.processGateways(ctx, managedGC, resourceMappings, gwcResource); err != nil { return reconcile.Result{}, err @@ -232,19 +248,6 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques return reconcile.Result{}, err } - // Process the parametersRef of the accepted GatewayClass. - // This should run before processBackendRefs - if managedGC.Spec.ParametersRef != nil && managedGC.DeletionTimestamp == nil { - if err := r.processParamsRef(ctx, managedGC, resourceMappings, gwcResource); err != nil { - msg := fmt.Sprintf("%s: %v", status.MsgGatewayClassInvalidParams, err) - if err := r.updateStatusForGatewayClass(ctx, managedGC, false, string(gwapiv1.GatewayClassReasonInvalidParameters), msg); err != nil { - r.log.Error(err, "unable to update GatewayClass status") - } - r.log.Error(err, "failed to process parametersRef for gatewayclass", "name", managedGC.Name) - return reconcile.Result{}, err - } - } - if err = r.processBackends(ctx, gwcResource); err != nil { return reconcile.Result{}, err } @@ -803,6 +806,10 @@ func (r *gatewayAPIReconciler) processGateways(ctx context.Context, managedGC *g r.log.Info("processing Gateway", "namespace", gtw.Namespace, "name", gtw.Name) resourceMap.allAssociatedNamespaces.Insert(gtw.Namespace) + if err := r.processGatewayParamsRef(ctx, >w, resourceMap, resourceTree); err != nil { + r.log.Error(err, "failed to process infrastructure.parametersRef for gateway", "namespace", gtw.Namespace, "name", gtw.Name) + } + for _, listener := range gtw.Spec.Listeners { listener := listener // Get Secret for gateway if it exists. @@ -1571,78 +1578,99 @@ func (r *gatewayAPIReconciler) hasManagedClass(ep *egv1a1.EnvoyProxy) bool { return false } -// processParamsRef processes the parametersRef of the provided GatewayClass. -func (r *gatewayAPIReconciler) processParamsRef(ctx context.Context, gc *gwapiv1.GatewayClass, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { +// processGatewayParamsRef processes the infrastructure.parametersRef of the provided Gateway. +func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw *gwapiv1.Gateway, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { + if gtw == nil || gtw.Spec.Infrastructure == nil || gtw.Spec.Infrastructure.ParametersRef == nil { + return nil + } + + if resourceTree.ClassEnvoyProxy != nil && resourceTree.ClassEnvoyProxy.Spec.MergeGateways != nil && *resourceTree.ClassEnvoyProxy.Spec.MergeGateways { + return fmt.Errorf("infrastructure.parametersref must be nil when MergeGateways feature is enabled by gatewayclass") + } + + ref := gtw.Spec.Infrastructure.ParametersRef + if !(string(ref.Group) == egv1a1.GroupVersion.Group && + ref.Kind == egv1a1.KindEnvoyProxy && + len(ref.Name) > 0) { + return fmt.Errorf("unsupported parametersRef for gateway %s/%s", gtw.Namespace, gtw.Name) + } + + ep := new(egv1a1.EnvoyProxy) + if err := r.client.Get(ctx, types.NamespacedName{Namespace: gtw.Namespace, Name: ref.Name}, ep); err != nil { + return fmt.Errorf("failed to find envoyproxy %s/%s: %w", gtw.Namespace, ref.Name, err) + } + + if err := r.processEnvoyProxy(ctx, ep, resourceMap, resourceTree); err != nil { + return err + } + + if ep != nil && ep.Spec.BackendTLS != nil && ep.Spec.BackendTLS.ClientCertificateRef != nil { + certRef := ep.Spec.BackendTLS.ClientCertificateRef + if refsSecret(certRef) { + if err := r.processSecretRef( + ctx, + resourceMap, + resourceTree, + gatewayapi.KindGateway, + gtw.Namespace, + gtw.Name, + *certRef); err != nil { + r.log.Error(err, + "failed to process TLS SecretRef for gateway", + "gateway", utils.NamespacedName(gtw).String(), "secretRef", certRef) + } + } + } + + resourceTree.EnvoyProxies = append(resourceTree.EnvoyProxies, ep) + return nil +} + +// processGCParamsRef processes the parametersRef of the provided GatewayClass. +func (r *gatewayAPIReconciler) processGCParamsRef(ctx context.Context, gc *gwapiv1.GatewayClass, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { if !refsEnvoyProxy(gc) { return fmt.Errorf("unsupported parametersRef for gatewayclass %s", gc.Name) } - epList := new(egv1a1.EnvoyProxyList) - gcParametersRefNamespace := string(*gc.Spec.ParametersRef.Namespace) + ep := new(egv1a1.EnvoyProxy) + if err := r.client.Get(ctx, types.NamespacedName{Namespace: string(*gc.Spec.ParametersRef.Namespace), Name: gc.Spec.ParametersRef.Name}, ep); err != nil { + if kerrors.IsNotFound(err) { + return fmt.Errorf("envoyproxy referenced by gatewayclass is not found: %w", err) + } + return fmt.Errorf("failed to find envoyproxy %s/%s: %w", r.namespace, gc.Spec.ParametersRef.Name, err) + } - if err := r.client.List(ctx, epList, &client.ListOptions{Namespace: gcParametersRefNamespace}); err != nil { - return fmt.Errorf("failed to list envoyproxies in namespace %s: %w", gcParametersRefNamespace, err) + if err := r.processEnvoyProxy(ctx, ep, resourceMap, resourceTree); err != nil { + return err } + resourceTree.ClassEnvoyProxy = ep + return nil +} - if len(epList.Items) == 0 { - r.log.Info("no envoyproxies exist in", "namespace", gcParametersRefNamespace) +// processEnvoyProxy processes the parametersRef of the provided GatewayClass. +func (r *gatewayAPIReconciler) processEnvoyProxy(ctx context.Context, ep *egv1a1.EnvoyProxy, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { + key := utils.NamespacedName(ep).String() + if resourceMap.allAssociatedEnvoyProxies.Has(key) { + r.log.Info("current EnvoyProxy has been processed already", "namespace", ep.Namespace, "name", ep.Name) return nil } - found := false - valid := false - var validationErr error - for i := range epList.Items { - ep := epList.Items[i] - r.log.Info("processing envoyproxy", "namespace", ep.Namespace, "name", ep.Name) - if classRefsEnvoyProxy(gc, &ep) { - found = true - if err := validation.ValidateEnvoyProxy(&ep); err != nil { - validationErr = fmt.Errorf("invalid envoyproxy: %w", err) - continue - } + r.log.Info("processing envoyproxy", "namespace", ep.Namespace, "name", ep.Name) - if ep.Spec.Telemetry != nil { - telemetry := ep.Spec.Telemetry - - if telemetry.AccessLog != nil { - for _, setting := range telemetry.AccessLog.Settings { - for _, sink := range setting.Sinks { - if sink.OpenTelemetry == nil { - continue - } - for _, backendRef := range sink.OpenTelemetry.BackendRefs { - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) - resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ - Group: backendRef.BackendObjectReference.Group, - Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), - Name: backendRef.Name, - }) - } - } - } - } + if err := validation.ValidateEnvoyProxy(ep); err != nil { + return fmt.Errorf("invalid envoyproxy: %w", err) + } - if telemetry.Metrics != nil { - for _, sink := range telemetry.Metrics.Sinks { - if sink.OpenTelemetry == nil { - continue - } - for _, backendRef := range sink.OpenTelemetry.BackendRefs { - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) - resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ - Group: backendRef.BackendObjectReference.Group, - Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), - Name: backendRef.Name, - }) - } - } - } + if ep.Spec.Telemetry != nil { + telemetry := ep.Spec.Telemetry - if telemetry.Tracing != nil { - for _, backendRef := range telemetry.Tracing.Provider.BackendRefs { + if telemetry.AccessLog != nil { + for _, setting := range telemetry.AccessLog.Settings { + for _, sink := range setting.Sinks { + if sink.OpenTelemetry == nil { + continue + } + for _, backendRef := range sink.OpenTelemetry.BackendRefs { backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, @@ -1650,25 +1678,43 @@ func (r *gatewayAPIReconciler) processParamsRef(ctx context.Context, gc *gwapiv1 Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), Name: backendRef.Name, }) - } } } + } - valid = true - resourceTree.ClassEnvoyProxy = &ep - break + if telemetry.Metrics != nil { + for _, sink := range telemetry.Metrics.Sinks { + if sink.OpenTelemetry == nil { + continue + } + for _, backendRef := range sink.OpenTelemetry.BackendRefs { + backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) + resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ + Group: backendRef.BackendObjectReference.Group, + Kind: backendRef.BackendObjectReference.Kind, + Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Name: backendRef.Name, + }) + } + } } - } - if !found { - return fmt.Errorf("failed to find envoyproxy referenced by gatewayclass: %s", gc.Name) - } + if telemetry.Tracing != nil { + for _, backendRef := range telemetry.Tracing.Provider.BackendRefs { + backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) + resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ + Group: backendRef.BackendObjectReference.Group, + Kind: backendRef.BackendObjectReference.Kind, + Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Name: backendRef.Name, + }) - if !valid { - return fmt.Errorf("invalid gatewayclass %s: %w", gc.Name, validationErr) + } + } } + resourceMap.allAssociatedEnvoyProxies.Insert(key) return nil } diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go index 7df745821d9..bb6dc014630 100644 --- a/internal/provider/kubernetes/controller_test.go +++ b/internal/provider/kubernetes/controller_test.go @@ -341,7 +341,7 @@ func TestHasManagedClass(t *testing.T) { } } -func TestProcessParamsRef(t *testing.T) { +func TestProcessGCParamsRef(t *testing.T) { gcCtrlName := gwapiv1.GatewayController(egv1a1.GatewayControllerName) testCases := []struct { @@ -451,6 +451,7 @@ func TestProcessParamsRef(t *testing.T) { r := &gatewayAPIReconciler{ log: logger, classController: gcCtrlName, + namespace: config.DefaultNamespace, } // Run the test cases. @@ -468,7 +469,7 @@ func TestProcessParamsRef(t *testing.T) { // Process the test case gatewayclasses. resourceTree := gatewayapi.NewResources() resourceMap := newResourceMapping() - err := r.processParamsRef(context.Background(), tc.gc, resourceMap, resourceTree) + err := r.processGCParamsRef(context.Background(), tc.gc, resourceMap, resourceTree) if tc.expected { require.NoError(t, err) // Ensure the resource tree and map are as expected. From e152a70123cb5f76aaf2e4bb578d84bd24e6097b Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 4 Jun 2024 15:27:25 +0800 Subject: [PATCH 03/24] feat(translator): support attaching EnvoyProxy to Gateways Signed-off-by: haoqixu --- internal/gatewayapi/backendtlspolicy.go | 44 +++++++------- internal/gatewayapi/clienttrafficpolicy.go | 6 +- internal/gatewayapi/contexts.go | 30 +++------- internal/gatewayapi/envoyextensionpolicy.go | 41 ++++++++----- internal/gatewayapi/ext_service.go | 7 ++- internal/gatewayapi/helpers.go | 22 +++---- internal/gatewayapi/listener.go | 6 +- internal/gatewayapi/route.go | 35 ++++++++--- internal/gatewayapi/securitypolicy.go | 64 ++++++++++++--------- internal/gatewayapi/translator.go | 38 ++++++++++-- 10 files changed, 172 insertions(+), 121 deletions(-) diff --git a/internal/gatewayapi/backendtlspolicy.go b/internal/gatewayapi/backendtlspolicy.go index d5edcfdada6..87682425d6b 100644 --- a/internal/gatewayapi/backendtlspolicy.go +++ b/internal/gatewayapi/backendtlspolicy.go @@ -13,13 +13,14 @@ import ( gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi/status" "github.com/envoyproxy/gateway/internal/ir" ) -func (t *Translator) applyBackendTLSSetting(backendRef gwapiv1.BackendObjectReference, backendNamespace string, parent gwapiv1a2.ParentReference, resources *Resources) *ir.TLSUpstreamConfig { - upstreamConfig, policy := t.processBackendTLSPolicy(backendRef, backendNamespace, parent, resources) - return t.applyEnvoyProxyBackendTLSSetting(policy, upstreamConfig, resources, parent) +func (t *Translator) applyBackendTLSSetting(backendRef gwapiv1.BackendObjectReference, backendNamespace string, parent gwapiv1a2.ParentReference, resources *Resources, envoyProxy *egv1a1.EnvoyProxy) *ir.TLSUpstreamConfig { + upstreamConfig, policy := t.processBackendTLSPolicy(backendRef, backendNamespace, parent, resources, envoyProxy) + return t.applyEnvoyProxyBackendTLSSetting(policy, upstreamConfig, resources, parent, envoyProxy) } func (t *Translator) processBackendTLSPolicy( @@ -27,6 +28,7 @@ func (t *Translator) processBackendTLSPolicy( backendNamespace string, parent gwapiv1a2.ParentReference, resources *Resources, + envoyProxy *egv1a1.EnvoyProxy, ) (*ir.TLSUpstreamConfig, *gwapiv1a3.BackendTLSPolicy) { policy := getBackendTLSPolicy(resources.BackendTLSPolicies, backendRef, backendNamespace) if policy == nil { @@ -53,27 +55,27 @@ func (t *Translator) processBackendTLSPolicy( status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName) // apply defaults as per envoyproxy - if resources.ClassEnvoyProxy != nil { - if resources.ClassEnvoyProxy.Spec.BackendTLS != nil { - if len(resources.ClassEnvoyProxy.Spec.BackendTLS.Ciphers) > 0 { - tlsBundle.Ciphers = resources.ClassEnvoyProxy.Spec.BackendTLS.Ciphers + if envoyProxy != nil { + if envoyProxy.Spec.BackendTLS != nil { + if len(envoyProxy.Spec.BackendTLS.Ciphers) > 0 { + tlsBundle.Ciphers = envoyProxy.Spec.BackendTLS.Ciphers } - if len(resources.ClassEnvoyProxy.Spec.BackendTLS.ECDHCurves) > 0 { - tlsBundle.ECDHCurves = resources.ClassEnvoyProxy.Spec.BackendTLS.ECDHCurves + if len(envoyProxy.Spec.BackendTLS.ECDHCurves) > 0 { + tlsBundle.ECDHCurves = envoyProxy.Spec.BackendTLS.ECDHCurves } - if len(resources.ClassEnvoyProxy.Spec.BackendTLS.SignatureAlgorithms) > 0 { - tlsBundle.SignatureAlgorithms = resources.ClassEnvoyProxy.Spec.BackendTLS.SignatureAlgorithms + if len(envoyProxy.Spec.BackendTLS.SignatureAlgorithms) > 0 { + tlsBundle.SignatureAlgorithms = envoyProxy.Spec.BackendTLS.SignatureAlgorithms } - if resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion != nil { - tlsBundle.MinVersion = ptr.To(ir.TLSVersion(*resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion)) + if envoyProxy.Spec.BackendTLS.MinVersion != nil { + tlsBundle.MinVersion = ptr.To(ir.TLSVersion(*envoyProxy.Spec.BackendTLS.MinVersion)) } - if resources.ClassEnvoyProxy.Spec.BackendTLS.MinVersion != nil { - tlsBundle.MaxVersion = ptr.To(ir.TLSVersion(*resources.ClassEnvoyProxy.Spec.BackendTLS.MaxVersion)) + if envoyProxy.Spec.BackendTLS.MinVersion != nil { + tlsBundle.MaxVersion = ptr.To(ir.TLSVersion(*envoyProxy.Spec.BackendTLS.MaxVersion)) } - if len(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols) > 0 { - tlsBundle.ALPNProtocols = make([]string, len(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols)) - for i := range resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols { - tlsBundle.ALPNProtocols[i] = string(resources.ClassEnvoyProxy.Spec.BackendTLS.ALPNProtocols[i]) + if len(envoyProxy.Spec.BackendTLS.ALPNProtocols) > 0 { + tlsBundle.ALPNProtocols = make([]string, len(envoyProxy.Spec.BackendTLS.ALPNProtocols)) + for i := range envoyProxy.Spec.BackendTLS.ALPNProtocols { + tlsBundle.ALPNProtocols[i] = string(envoyProxy.Spec.BackendTLS.ALPNProtocols[i]) } } } @@ -81,9 +83,7 @@ func (t *Translator) processBackendTLSPolicy( return tlsBundle, policy } -func (t *Translator) applyEnvoyProxyBackendTLSSetting(policy *gwapiv1a3.BackendTLSPolicy, tlsConfig *ir.TLSUpstreamConfig, resources *Resources, parent gwapiv1a2.ParentReference) *ir.TLSUpstreamConfig { - ep := resources.ClassEnvoyProxy - +func (t *Translator) applyEnvoyProxyBackendTLSSetting(policy *gwapiv1a3.BackendTLSPolicy, tlsConfig *ir.TLSUpstreamConfig, resources *Resources, parent gwapiv1a2.ParentReference, ep *egv1a1.EnvoyProxy) *ir.TLSUpstreamConfig { if ep == nil || ep.Spec.BackendTLS == nil || tlsConfig == nil { return tlsConfig } diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index cfa108bf73d..798c8208d60 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -39,9 +39,11 @@ func hasSectionName(target *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName) return target.SectionName != nil } -func (t *Translator) ProcessClientTrafficPolicies(resources *Resources, +func (t *Translator) ProcessClientTrafficPolicies( + resources *Resources, gateways []*GatewayContext, - xdsIR XdsIRMap, infraIR InfraIRMap, + xdsIR XdsIRMap, + infraIR InfraIRMap, ) []*egv1a1.ClientTrafficPolicy { var res []*egv1a1.ClientTrafficPolicy diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 9d3e90fbe8c..5ea9c95279d 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -8,6 +8,7 @@ package gatewayapi import ( "reflect" + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -21,7 +22,8 @@ import ( type GatewayContext struct { *gwapiv1.Gateway - listeners []*ListenerContext + listeners []*ListenerContext + envoyProxy *egv1a1.EnvoyProxy } // ResetListeners resets the listener statuses and re-generates the GatewayContext @@ -209,18 +211,8 @@ func GetHostnames(route RouteContext) []string { // GetParentReferences returns the ParentReference of the Route object. func GetParentReferences(route RouteContext) []gwapiv1.ParentReference { rv := reflect.ValueOf(route).Elem() - kind := rv.FieldByName("Kind").String() pr := rv.FieldByName("Spec").FieldByName("ParentRefs") - if kind == KindHTTPRoute || kind == KindGRPCRoute { - return pr.Interface().([]gwapiv1.ParentReference) - } - - parentReferences := make([]gwapiv1.ParentReference, pr.Len()) - for i := 0; i < len(parentReferences); i++ { - p := pr.Index(i).Interface().(gwapiv1.ParentReference) - parentReferences[i] = UpgradeParentReference(p) - } - return parentReferences + return pr.Interface().([]gwapiv1.ParentReference) } // GetRouteStatus returns the RouteStatus object associated with the Route. @@ -254,17 +246,8 @@ func GetRouteParentContext(route RouteContext, forParentRef gwapiv1.ParentRefere specParentRefs := rv.FieldByName("Spec").FieldByName("ParentRefs") for i := 0; i < specParentRefs.Len(); i++ { p := specParentRefs.Index(i).Interface().(gwapiv1.ParentReference) - up := p - if !isHTTPRoute { - up = UpgradeParentReference(p) - } - if reflect.DeepEqual(up, forParentRef) { - if isHTTPRoute { - parentRef = &p - } else { - upgraded := UpgradeParentReference(p) - parentRef = &upgraded - } + if reflect.DeepEqual(p, forParentRef) { + parentRef = &p break } } @@ -330,6 +313,7 @@ type RouteParentContext struct { routeParentStatusIdx int listeners []*ListenerContext + gateway *GatewayContext } func (r *RouteParentContext) SetListeners(listeners ...*ListenerContext) { diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 536f7938738..8144c0e4c5e 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -311,10 +311,6 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE err, errs error ) - if extProcs, err = t.buildExtProcs(policy, resources); err != nil { - err = perr.WithMessage(err, "ExtProcs") - errs = errors.Join(errs, err) - } if wasms, err = t.buildWasms(policy); err != nil { err = perr.WithMessage(err, "WASMs") errs = errors.Join(errs, err) @@ -327,13 +323,25 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE // Apply IR to all relevant routes prefix := irRoutePrefix(route) - for _, x := range xdsIR { - for _, http := range x.HTTP { - for _, r := range http.Routes { - // Apply if there is a match - if strings.HasPrefix(r.Name, prefix) { - r.ExtProcs = extProcs - r.Wasms = wasms + parentRefs := GetParentReferences(route) + for _, p := range parentRefs { + parentRefCtx := GetRouteParentContext(route, p) + if parentRefCtx != nil && parentRefCtx.gateway != nil { + if extProcs, err = t.buildExtProcs(policy, resources, parentRefCtx.gateway.envoyProxy); err != nil { + err = perr.WithMessage(err, "ExtProcs") + errs = errors.Join(errs, err) + extProcs = nil + } + for _, listener := range parentRefCtx.listeners { + irKey := t.getIRKey(listener.gateway) + irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) + if irListener != nil { + for _, r := range irListener.Routes { + if strings.HasPrefix(r.Name, prefix) { + r.ExtProcs = extProcs + r.Wasms = wasms + } + } } } } @@ -355,7 +363,7 @@ func (t *Translator) translateEnvoyExtensionPolicyForGateway( err, errs error ) - if extProcs, err = t.buildExtProcs(policy, resources); err != nil { + if extProcs, err = t.buildExtProcs(policy, resources, gateway.envoyProxy); err != nil { err = perr.WithMessage(err, "ExtProcs") errs = errors.Join(errs, err) } @@ -402,7 +410,7 @@ func (t *Translator) translateEnvoyExtensionPolicyForGateway( return nil } -func (t *Translator) buildExtProcs(policy *egv1a1.EnvoyExtensionPolicy, resources *Resources) ([]ir.ExtProc, error) { +func (t *Translator) buildExtProcs(policy *egv1a1.EnvoyExtensionPolicy, resources *Resources, envoyProxy *egv1a1.EnvoyProxy) ([]ir.ExtProc, error) { var extProcIRList []ir.ExtProc if policy == nil { @@ -411,7 +419,7 @@ func (t *Translator) buildExtProcs(policy *egv1a1.EnvoyExtensionPolicy, resource for idx, ep := range policy.Spec.ExtProc { name := irConfigNameForEEP(policy, idx) - extProcIR, err := t.buildExtProc(name, utils.NamespacedName(policy), ep, idx, resources) + extProcIR, err := t.buildExtProc(name, utils.NamespacedName(policy), ep, idx, resources, envoyProxy) if err != nil { return nil, err } @@ -426,6 +434,7 @@ func (t *Translator) buildExtProc( extProc egv1a1.ExtProc, extProcIdx int, resources *Resources, + envoyProxy *egv1a1.EnvoyProxy, ) (*ir.ExtProc, error) { var ( ds *ir.DestinationSetting @@ -448,7 +457,9 @@ func (t *Translator) buildExtProc( policyNamespacedName, egv1a1.KindEnvoyExtensionPolicy, ir.GRPC, - resources) + resources, + envoyProxy, + ) if err != nil { return nil, err } diff --git a/internal/gatewayapi/ext_service.go b/internal/gatewayapi/ext_service.go index 283d9810996..5f75c2f8802 100644 --- a/internal/gatewayapi/ext_service.go +++ b/internal/gatewayapi/ext_service.go @@ -26,6 +26,7 @@ func (t *Translator) processExtServiceDestination( policyKind string, protocol ir.AppProtocol, resources *Resources, + envoyProxy *egv1a1.EnvoyProxy, ) (*ir.DestinationSetting, error) { var ( backendTLS *ir.TLSUpstreamConfig @@ -51,7 +52,7 @@ func (t *Translator) processExtServiceDestination( } // TODO: support mixed endpointslice address type for the same backendRef - if !t.IsEnvoyServiceRouting(resources) && ds.AddressType != nil && *ds.AddressType == ir.MIXED { + if !t.IsEnvoyServiceRouting(envoyProxy) && ds.AddressType != nil && *ds.AddressType == ir.MIXED { return nil, errors.New( "mixed endpointslice address type for the same backendRef is not supported") } @@ -69,7 +70,9 @@ func (t *Translator) processExtServiceDestination( Namespace: ptr.To(gwapiv1.Namespace(policyNamespacedName.Namespace)), Name: gwapiv1.ObjectName(policyNamespacedName.Name), }, - resources) + resources, + envoyProxy, + ) ds.TLS = backendTLS diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 64b7ec40fe8..ca666d91b7e 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -124,26 +124,22 @@ func IsRefToGateway(parentRef gwapiv1.ParentReference, gateway types.NamespacedN // in the given list, and if so, a list of the Listeners within that Gateway that // are included by the parent ref (either one specific Listener, or all Listeners // in the Gateway, depending on whether section name is specified or not). -func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*GatewayContext) (bool, []*ListenerContext) { - var selectsGateway bool +func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*GatewayContext) (bool, *GatewayContext, []*ListenerContext) { var referencedListeners []*ListenerContext for _, gateway := range gateways { - if !IsRefToGateway(parentRef, utils.NamespacedName(gateway)) { - continue - } - - selectsGateway = true - - // The parentRef may be to the entire Gateway, or to a specific listener. - for _, listener := range gateway.listeners { - if (parentRef.SectionName == nil || *parentRef.SectionName == listener.Name) && (parentRef.Port == nil || *parentRef.Port == listener.Port) { - referencedListeners = append(referencedListeners, listener) + if IsRefToGateway(parentRef, utils.NamespacedName(gateway)) { + // The parentRef may be to the entire Gateway, or to a specific listener. + for _, listener := range gateway.listeners { + if (parentRef.SectionName == nil || *parentRef.SectionName == listener.Name) && (parentRef.Port == nil || *parentRef.Port == listener.Port) { + referencedListeners = append(referencedListeners, listener) + } } + return true, gateway, referencedListeners } } - return selectsGateway, referencedListeners + return false, nil, referencedListeners } // HasReadyListener returns true if at least one Listener in the diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index d096fd498b0..d311489127f 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -43,8 +43,8 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap for _, gateway := range gateways { irKey := t.getIRKey(gateway.Gateway) - if resources.ClassEnvoyProxy != nil { - infraIR[irKey].Proxy.Config = resources.ClassEnvoyProxy + if gateway.envoyProxy != nil { + infraIR[irKey].Proxy.Config = gateway.envoyProxy } t.processProxyObservability(gateway, xdsIR[irKey], infraIR[irKey].Proxy.Config, resources) @@ -98,7 +98,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} // TODO - containerPort := servicePortToContainerPort(int32(listener.Port), resources.ClassEnvoyProxy) + containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy) switch listener.Protocol { case gwapiv1.HTTPProtocolType, gwapiv1.HTTPSProtocolType: irListener := &ir.HTTPListener{ diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 6d4ac03b663..afe747766ea 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -190,7 +190,7 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe for _, backendRef := range rule.BackendRefs { backendRef := backendRef ds := t.processDestination(backendRef, parentRef, httpRoute, resources) - if !t.IsEnvoyServiceRouting(resources) && ds != nil && len(ds.Endpoints) > 0 && ds.AddressType != nil { + if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) && ds != nil && len(ds.Endpoints) > 0 && ds.AddressType != nil { dstAddrTypeMap[*ds.AddressType]++ } if ds == nil { @@ -214,7 +214,7 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe } // TODO: support mixed endpointslice address type between backendRefs - if !t.IsEnvoyServiceRouting(resources) && len(dstAddrTypeMap) > 1 { + if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) && len(dstAddrTypeMap) > 1 { routeStatus := GetRouteStatus(httpRoute) status.SetRouteStatusCondition(routeStatus, parentRef.routeParentStatusIdx, @@ -1159,7 +1159,7 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, } } - if !t.IsEnvoyServiceRouting(resources) { + if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { @@ -1180,6 +1180,13 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, } case KindService: ds = t.processServiceDestinationSetting(backendRef.BackendObjectReference, backendNamespace, protocol, resources) + gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference) + + var envoyProxy *egv1a1.EnvoyProxy + if gatewayCtx != nil && gatewayCtx.gateway != nil { + envoyProxy = gatewayCtx.gateway.envoyProxy + } + ds.TLS = t.applyBackendTLSSetting( backendRef.BackendObjectReference, backendNamespace, @@ -1191,10 +1198,19 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, SectionName: parentRef.SectionName, Port: parentRef.Port, }, - resources) + resources, + envoyProxy, + ) ds.Filters = t.processDestinationFilters(routeType, backendRefContext, parentRef, route, resources) case egv1a1.KindBackend: ds = t.processBackendDestinationSetting(backendRef.BackendObjectReference, backendNamespace, resources) + gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference) + + var envoyProxy *egv1a1.EnvoyProxy + if gatewayCtx != nil && gatewayCtx.gateway != nil { + envoyProxy = gatewayCtx.gateway.envoyProxy + } + ds.TLS = t.applyBackendTLSSetting( backendRef.BackendObjectReference, backendNamespace, @@ -1206,11 +1222,13 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, SectionName: parentRef.SectionName, Port: parentRef.Port, }, - resources) + resources, + envoyProxy, + ) ds.Filters = t.processDestinationFilters(routeType, backendRefContext, parentRef, route, resources) } - if err := validateDestinationSettings(ds, t.IsEnvoyServiceRouting(resources), backendRef.Kind); err != nil { + if err := validateDestinationSettings(ds, t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy), backendRef.Kind); err != nil { routeStatus := GetRouteStatus(route) status.SetRouteStatusCondition(routeStatus, parentRef.routeParentStatusIdx, @@ -1265,7 +1283,7 @@ func (t *Translator) processServiceDestinationSetting(backendRef gwapiv1.Backend } // Route to endpoints by default - if !t.IsEnvoyServiceRouting(resources) { + if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { @@ -1358,7 +1376,7 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont var relevantRoute bool for _, parentRef := range GetParentReferences(routeContext) { - isRelevantParentRef, selectedListeners := GetReferencedListeners(parentRef, gateways) + isRelevantParentRef, gw, selectedListeners := GetReferencedListeners(parentRef, gateways) // Parent ref is not to a Gateway that we control: skip it if !isRelevantParentRef { @@ -1429,6 +1447,7 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont } parentRefCtx.SetListeners(allowedListeners...) + parentRefCtx.gateway = gw routeStatus := GetRouteStatus(routeContext) status.SetRouteStatusCondition(routeStatus, diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index a47da721e48..9b08274435f 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -388,15 +388,6 @@ func (t *Translator) translateSecurityPolicyForRoute( } } - if policy.Spec.ExtAuth != nil { - if extAuth, err = t.buildExtAuth( - policy, - resources); err != nil { - err = perr.WithMessage(err, "ExtAuth") - errs = errors.Join(errs, err) - } - } - if policy.Spec.Authorization != nil { if authorization, err = t.buildAuthorization(policy); err != nil { errs = errors.Join(errs, err) @@ -407,21 +398,36 @@ func (t *Translator) translateSecurityPolicyForRoute( // Note: there are multiple features in a security policy, even if some of them // are invalid, we still want to apply the valid ones. prefix := irRoutePrefix(route) - for _, x := range xdsIR { - for _, h := range x.HTTP { - for _, r := range h.Routes { - // Apply if there is a match - // route is associated with a Gateway API xRoute - if strings.HasPrefix(r.Name, prefix) { - // This security policy matches the current route. - // It should only be accepted if it doesn't match any other route - r.Security = &ir.SecurityFeatures{ - CORS: cors, - JWT: jwt, - OIDC: oidc, - BasicAuth: basicAuth, - ExtAuth: extAuth, - Authorization: authorization, + parentRefs := GetParentReferences(route) + for _, p := range parentRefs { + parentRefCtx := GetRouteParentContext(route, p) + if parentRefCtx != nil && parentRefCtx.gateway != nil { + if policy.Spec.ExtAuth != nil { + if extAuth, err = t.buildExtAuth( + policy, + resources, + parentRefCtx.gateway.envoyProxy, + ); err != nil { + err = perr.WithMessage(err, "ExtAuth") + errs = errors.Join(errs, err) + extAuth = nil + } + } + for _, listener := range parentRefCtx.listeners { + irKey := t.getIRKey(listener.gateway) + irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) + if irListener != nil { + for _, r := range irListener.Routes { + if strings.HasPrefix(r.Name, prefix) { + r.Security = &ir.SecurityFeatures{ + CORS: cors, + JWT: jwt, + OIDC: oidc, + BasicAuth: basicAuth, + ExtAuth: extAuth, + Authorization: authorization, + } + } } } } @@ -477,7 +483,9 @@ func (t *Translator) translateSecurityPolicyForGateway( if policy.Spec.ExtAuth != nil { if extAuth, err = t.buildExtAuth( policy, - resources); err != nil { + resources, + gateway.envoyProxy, + ); err != nil { err = perr.WithMessage(err, "ExtAuth") errs = errors.Join(errs, err) } @@ -812,7 +820,7 @@ func (t *Translator) buildBasicAuth( }, nil } -func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *Resources) (*ir.ExtAuth, error) { +func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *Resources, envoyProxy *egv1a1.EnvoyProxy) (*ir.ExtAuth, error) { var ( http = policy.Spec.ExtAuth.HTTP grpc = policy.Spec.ExtAuth.GRPC @@ -860,7 +868,9 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *Reso pnn, KindSecurityPolicy, protocol, - resources); err != nil { + resources, + envoyProxy, + ); err != nil { return nil, err } rd := ir.RouteDestination{ diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 8cfef14d852..b72a3dcf94c 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -167,6 +167,9 @@ func newTranslateResult(gateways []*GatewayContext, func (t *Translator) Translate(resources *Resources) (*TranslateResult, error) { // Get Gateways belonging to our GatewayClass. gateways := t.GetRelevantGateways(resources.Gateways) + for _, gtw := range gateways { + t.attachEnvoyProxy(gtw, resources) + } // Sort gateways based on timestamp. sort.Slice(gateways, func(i, j int) bool { @@ -244,10 +247,10 @@ func (t *Translator) Translate(resources *Resources) (*TranslateResult, error) { // Set custom filter order if EnvoyProxy is set // The custom filter order will be applied when generating the HTTP filter chain. - if resources.ClassEnvoyProxy != nil { - for _, gateway := range gateways { + for _, gateway := range gateways { + if gateway.envoyProxy != nil { irKey := t.getIRKey(gateway.Gateway) - xdsIR[irKey].FilterOrder = resources.ClassEnvoyProxy.Spec.FilterOrder + xdsIR[irKey].FilterOrder = gateway.envoyProxy.Spec.FilterOrder } } @@ -280,6 +283,29 @@ func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*Gateway return relevant } +func (t *Translator) attachEnvoyProxy(gateway *GatewayContext, resources *Resources) { + if gateway.Spec.Infrastructure != nil && gateway.Spec.Infrastructure.ParametersRef != nil { + if t.MergeGateways { + gateway.envoyProxy = resources.ClassEnvoyProxy + return + } + + ref := gateway.Spec.Infrastructure.ParametersRef + for _, ep := range resources.EnvoyProxies { + if string(ref.Group) == egv1a1.GroupVersion.Group && + ref.Kind == gwapiv1.Kind(ep.Kind) && + gateway.Namespace == ep.Namespace && + ref.Name == ep.Name { + gateway.envoyProxy = ep + return + } + } + // not found, fallthrough to use envoyProxy attached to gatewayclass + } + + gateway.envoyProxy = resources.ClassEnvoyProxy +} + // InitIRs checks if mergeGateways is enabled in EnvoyProxy config and initializes XdsIR and InfraIR maps with adequate keys. func (t *Translator) InitIRs(gateways []*GatewayContext, resources *Resources) (map[string]*ir.Xds, map[string]*ir.Infra) { xdsIR := make(XdsIRMap) @@ -317,14 +343,14 @@ func (t *Translator) InitIRs(gateways []*GatewayContext, resources *Resources) ( // IsEnvoyServiceRouting returns true if EnvoyProxy.Spec.RoutingType == ServiceRoutingType // or, alternatively, if Translator.EndpointRoutingDisabled has been explicitly set to true; // otherwise, it returns false. -func (t *Translator) IsEnvoyServiceRouting(r *Resources) bool { +func (t *Translator) IsEnvoyServiceRouting(r *egv1a1.EnvoyProxy) bool { if t.EndpointRoutingDisabled { return true } - if r.ClassEnvoyProxy == nil { + if r == nil { return false } - switch ptr.Deref(r.ClassEnvoyProxy.Spec.RoutingType, egv1a1.EndpointRoutingType) { + switch ptr.Deref(r.Spec.RoutingType, egv1a1.EndpointRoutingType) { case egv1a1.ServiceRoutingType: return true case egv1a1.EndpointRoutingType: From f59efd115f5288b3964ba7098627016e2ae3371e Mon Sep 17 00:00:00 2001 From: haoqixu Date: Wed, 5 Jun 2024 01:46:11 +0800 Subject: [PATCH 04/24] chore: fix lint Signed-off-by: haoqixu --- internal/gatewayapi/contexts.go | 3 ++- internal/provider/kubernetes/controller.go | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 5ea9c95279d..bab3339453c 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -8,13 +8,14 @@ package gatewayapi import ( "reflect" - egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" ) // GatewayContext wraps a Gateway and provides helper methods for diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 7ba8d764e16..01ba6923c5a 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -1600,11 +1600,11 @@ func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw return fmt.Errorf("failed to find envoyproxy %s/%s: %w", gtw.Namespace, ref.Name, err) } - if err := r.processEnvoyProxy(ctx, ep, resourceMap, resourceTree); err != nil { + if err := r.processEnvoyProxy(ep, resourceMap); err != nil { return err } - if ep != nil && ep.Spec.BackendTLS != nil && ep.Spec.BackendTLS.ClientCertificateRef != nil { + if ep.Spec.BackendTLS != nil && ep.Spec.BackendTLS.ClientCertificateRef != nil { certRef := ep.Spec.BackendTLS.ClientCertificateRef if refsSecret(certRef) { if err := r.processSecretRef( @@ -1640,7 +1640,7 @@ func (r *gatewayAPIReconciler) processGCParamsRef(ctx context.Context, gc *gwapi return fmt.Errorf("failed to find envoyproxy %s/%s: %w", r.namespace, gc.Spec.ParametersRef.Name, err) } - if err := r.processEnvoyProxy(ctx, ep, resourceMap, resourceTree); err != nil { + if err := r.processEnvoyProxy(ep, resourceMap); err != nil { return err } resourceTree.ClassEnvoyProxy = ep @@ -1648,7 +1648,7 @@ func (r *gatewayAPIReconciler) processGCParamsRef(ctx context.Context, gc *gwapi } // processEnvoyProxy processes the parametersRef of the provided GatewayClass. -func (r *gatewayAPIReconciler) processEnvoyProxy(ctx context.Context, ep *egv1a1.EnvoyProxy, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { +func (r *gatewayAPIReconciler) processEnvoyProxy(ep *egv1a1.EnvoyProxy, resourceMap *resourceMappings) error { key := utils.NamespacedName(ep).String() if resourceMap.allAssociatedEnvoyProxies.Has(key) { r.log.Info("current EnvoyProxy has been processed already", "namespace", ep.Namespace, "name", ep.Name) From 5b8840d62cdda8f995761e3a9bfc8be9a9ea8d10 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Wed, 5 Jun 2024 01:55:48 +0800 Subject: [PATCH 05/24] chore: update generated code Signed-off-by: haoqixu --- internal/gatewayapi/zz_generated.deepcopy.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/internal/gatewayapi/zz_generated.deepcopy.go b/internal/gatewayapi/zz_generated.deepcopy.go index 8129445923f..3d4f89ef2d4 100644 --- a/internal/gatewayapi/zz_generated.deepcopy.go +++ b/internal/gatewayapi/zz_generated.deepcopy.go @@ -177,6 +177,17 @@ func (in *Resources) DeepCopyInto(out *Resources) { *out = new(apiv1alpha1.EnvoyProxy) (*in).DeepCopyInto(*out) } + if in.EnvoyProxies != nil { + in, out := &in.EnvoyProxies, &out.EnvoyProxies + *out = make([]*apiv1alpha1.EnvoyProxy, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(apiv1alpha1.EnvoyProxy) + (*in).DeepCopyInto(*out) + } + } + } if in.ExtensionRefFilters != nil { in, out := &in.ExtensionRefFilters, &out.ExtensionRefFilters *out = make([]unstructured.Unstructured, len(*in)) From cd27eeb5fa58e9af3195827467af18f023f0b467 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Wed, 5 Jun 2024 02:07:02 +0800 Subject: [PATCH 06/24] chore: fix test Signed-off-by: haoqixu --- internal/provider/kubernetes/kubernetes_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index c0ca5d094bb..69b1703feee 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -208,8 +208,8 @@ func testGatewayClassWithParamRef(ctx context.Context, t *testing.T, provider *P return false } - if res.EnvoyProxy != nil { - assert.Equal(t, res.EnvoyProxy.Spec, ep.Spec) + if res.ClassEnvoyProxy != nil { + assert.Equal(t, res.ClassEnvoyProxy.Spec, ep.Spec) return true } From 879e215c61d28d03acae995e2ee70a0bbd6ba78c Mon Sep 17 00:00:00 2001 From: haoqixu Date: Wed, 5 Jun 2024 18:22:43 +0800 Subject: [PATCH 07/24] test: gateway-with-infrastructure-parametersref Signed-off-by: haoqixu --- ...-with-infrastructure-parametersref.in.yaml | 55 ++++++ ...with-infrastructure-parametersref.out.yaml | 163 ++++++++++++++++++ 2 files changed, 218 insertions(+) create mode 100644 internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml new file mode 100644 index 00000000000..66d003a8a6e --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml @@ -0,0 +1,55 @@ +envoyProxies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway + name: test + spec: + telemetry: + tracing: + samplingRate: 100 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.envoyproxy.io" + allowedRoutes: + namespaces: + from: All +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml new file mode 100644 index 00000000000..1e47494ffed --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml @@ -0,0 +1,163 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - allowedRoutes: + namespaces: + from: All + hostname: '*.envoyproxy.io' + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway + spec: + logging: {} + telemetry: + tracing: + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry + samplingRate: 100 + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*.envoyproxy.io' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: gateway.envoyproxy.io + isHTTP2: false + name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: / + tracing: + authority: otel-collector.monitoring.svc.cluster.local + destination: + name: tracing + settings: + - endpoints: + - host: otel-collector.monitoring.svc.cluster.local + port: 4317 + protocol: GRPC + weight: 1 + samplingRate: 100 + serviceName: gateway-1.envoy-gateway From 0bc714eb44e0c1d3e41933bf32e3656560a77cd8 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Thu, 6 Jun 2024 11:34:12 +0800 Subject: [PATCH 08/24] test: add more cases Signed-off-by: haoqixu --- ...cture-parametersref-does-not-exist.in.yaml | 41 +++++ ...ture-parametersref-does-not-exist.out.yaml | 134 ++++++++++++++ ...rastructure-parametersref-fallback.in.yaml | 56 ++++++ ...astructure-parametersref-fallback.out.yaml | 163 ++++++++++++++++++ 4 files changed, 394 insertions(+) create mode 100644 internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml create mode 100644 internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml create mode 100644 internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.in.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.in.yaml new file mode 100644 index 00000000000..76e88c39d82 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.in.yaml @@ -0,0 +1,41 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.envoyproxy.io" + allowedRoutes: + namespaces: + from: All +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml new file mode 100644 index 00000000000..bbbaab6a3b1 --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml @@ -0,0 +1,134 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - allowedRoutes: + namespaces: + from: All + hostname: '*.envoyproxy.io' + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*.envoyproxy.io' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: gateway.envoyproxy.io + isHTTP2: false + name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml new file mode 100644 index 00000000000..8584265fb9b --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml @@ -0,0 +1,56 @@ +classEnvoyProxy: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway + name: test + spec: + telemetry: + tracing: + samplingRate: 100 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry +envoyProxies: +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: not-exist + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.envoyproxy.io" + allowedRoutes: + namespaces: + from: All +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml new file mode 100644 index 00000000000..8a477792a8f --- /dev/null +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml @@ -0,0 +1,163 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: not-exist + listeners: + - allowedRoutes: + namespaces: + from: All + hostname: '*.envoyproxy.io' + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1beta1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - gateway.envoyproxy.io + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway + spec: + logging: {} + telemetry: + tracing: + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry + samplingRate: 100 + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*.envoyproxy.io' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: gateway.envoyproxy.io + isHTTP2: false + name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io + pathMatch: + distinct: false + name: "" + prefix: / + tracing: + authority: otel-collector.monitoring.svc.cluster.local + destination: + name: tracing + settings: + - endpoints: + - host: otel-collector.monitoring.svc.cluster.local + port: 4317 + protocol: GRPC + weight: 1 + samplingRate: 100 + serviceName: gateway-1.envoy-gateway From ce93fa6827dd20e5a485301b8470affca21a9249 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Thu, 6 Jun 2024 12:36:18 +0800 Subject: [PATCH 09/24] fix: EnvoyExtensionPolicy status Signed-off-by: haoqixu --- internal/gatewayapi/envoyextensionpolicy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 8144c0e4c5e..3b683fa7c39 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -347,7 +347,7 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE } } - return nil + return errs } func (t *Translator) translateEnvoyExtensionPolicyForGateway( From d98cb6c515173e50db80f704c008cc32dbc5fd3a Mon Sep 17 00:00:00 2001 From: haoqixu Date: Thu, 6 Jun 2024 14:08:25 +0800 Subject: [PATCH 10/24] trigger reconciliation for envoyproxies Signed-off-by: haoqixu --- internal/provider/kubernetes/controller.go | 30 --- .../provider/kubernetes/controller_test.go | 191 ------------------ 2 files changed, 221 deletions(-) diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 01ba6923c5a..e62db7ed384 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -1034,10 +1034,8 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M return err } - // Only enqueue EnvoyProxy objects that match this Envoy Gateway's GatewayClass. epPredicates := []predicate.TypedPredicate[*egv1a1.EnvoyProxy]{ &predicate.TypedGenerationChangedPredicate[*egv1a1.EnvoyProxy]{}, - predicate.NewTypedPredicateFuncs[*egv1a1.EnvoyProxy](r.hasManagedClass), } if r.namespaceLabel != nil { epPredicates = append(epPredicates, predicate.NewTypedPredicateFuncs(func(ep *egv1a1.EnvoyProxy) bool { @@ -1550,34 +1548,6 @@ func (r *gatewayAPIReconciler) enqueueClass(_ context.Context, _ client.Object) }}} } -func (r *gatewayAPIReconciler) hasManagedClass(ep *egv1a1.EnvoyProxy) bool { - // The EnvoyProxy must be in the same namespace as EG. - if ep.Namespace != r.namespace { - r.log.Info("envoyproxy namespace does not match Envoy Gateway's namespace", - "namespace", ep.Namespace, "name", ep.Name) - return false - } - - gcList := new(gwapiv1.GatewayClassList) - err := r.client.List(context.TODO(), gcList) - if err != nil { - r.log.Error(err, "failed to list gatewayclasses") - return false - } - - for i := range gcList.Items { - gc := gcList.Items[i] - // Reconcile the managed GatewayClass if it's referenced by the EnvoyProxy. - if r.hasMatchingController(&gc) && - classAccepted(&gc) && - classRefsEnvoyProxy(&gc, ep) { - return true - } - } - - return false -} - // processGatewayParamsRef processes the infrastructure.parametersRef of the provided Gateway. func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw *gwapiv1.Gateway, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { if gtw == nil || gtw.Spec.Infrastructure == nil || gtw.Spec.Infrastructure.ParametersRef == nil { diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go index bb6dc014630..2e16bfd8c5e 100644 --- a/internal/provider/kubernetes/controller_test.go +++ b/internal/provider/kubernetes/controller_test.go @@ -12,7 +12,6 @@ import ( "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -20,7 +19,6 @@ import ( "github.com/envoyproxy/gateway/internal/envoygateway" "github.com/envoyproxy/gateway/internal/envoygateway/config" "github.com/envoyproxy/gateway/internal/gatewayapi" - "github.com/envoyproxy/gateway/internal/gatewayapi/status" "github.com/envoyproxy/gateway/internal/logging" ) @@ -152,195 +150,6 @@ func TestRemoveGatewayClassFinalizer(t *testing.T) { } } -func TestHasManagedClass(t *testing.T) { - gcCtrlName := gwapiv1.GatewayController(egv1a1.GatewayControllerName) - - testCases := []struct { - name string - ep *egv1a1.EnvoyProxy - classes []*gwapiv1.GatewayClass - expected bool - }{ - { - name: "no matching gatewayclasses", - ep: &egv1a1.EnvoyProxy{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: config.DefaultNamespace, - Name: "test-envoyproxy", - }, - }, - classes: []*gwapiv1.GatewayClass{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test-gc", - }, - Spec: gwapiv1.GatewayClassSpec{ - ControllerName: "SomeOtherController", - ParametersRef: &gwapiv1.ParametersReference{ - Group: gwapiv1.Group(egv1a1.GroupVersion.Group), - Kind: gwapiv1.Kind(egv1a1.KindEnvoyProxy), - Name: "test-envoyproxy", - Namespace: gatewayapi.NamespacePtr(config.DefaultNamespace), - }, - }, - Status: gwapiv1.GatewayClassStatus{ - Conditions: []metav1.Condition{ - { - Type: string(gwapiv1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, - }, - }, - SupportedFeatures: status.GatewaySupportedFeatures, - }, - }, - }, - expected: false, - }, - { - name: "match one gatewayclass", - ep: &egv1a1.EnvoyProxy{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: config.DefaultNamespace, - Name: "test-envoyproxy", - }, - }, - classes: []*gwapiv1.GatewayClass{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test-gc", - }, - Spec: gwapiv1.GatewayClassSpec{ - ControllerName: gcCtrlName, - ParametersRef: &gwapiv1.ParametersReference{ - Group: gwapiv1.Group(egv1a1.GroupVersion.Group), - Kind: gwapiv1.Kind(egv1a1.KindEnvoyProxy), - Name: "test-envoyproxy", - Namespace: gatewayapi.NamespacePtr(config.DefaultNamespace), - }, - }, - Status: gwapiv1.GatewayClassStatus{ - Conditions: []metav1.Condition{ - { - Type: string(gwapiv1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, - }, - }, - SupportedFeatures: status.GatewaySupportedFeatures, - }, - }, - }, - expected: true, - }, - { - name: "envoyproxy in different namespace as eg", - ep: &egv1a1.EnvoyProxy{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: "not-eg-ns", - Name: "test-envoyproxy", - }, - }, - classes: []*gwapiv1.GatewayClass{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test-gc", - }, - Spec: gwapiv1.GatewayClassSpec{ControllerName: gcCtrlName}, - }, - }, - expected: false, - }, - { - name: "multiple gatewayclasses one with accepted status", - ep: &egv1a1.EnvoyProxy{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: config.DefaultNamespace, - Name: "test-envoyproxy", - }, - }, - classes: []*gwapiv1.GatewayClass{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test-gc1", - }, - Spec: gwapiv1.GatewayClassSpec{ - ControllerName: gcCtrlName, - ParametersRef: &gwapiv1.ParametersReference{ - Group: gwapiv1.Group(egv1a1.GroupVersion.Group), - Kind: gwapiv1.Kind(egv1a1.KindEnvoyProxy), - Name: "test-envoyproxy", - Namespace: gatewayapi.NamespacePtr(config.DefaultNamespace), - }, - }, - Status: gwapiv1.GatewayClassStatus{ - Conditions: []metav1.Condition{ - { - Type: string(gwapiv1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, - }, - }, - SupportedFeatures: status.GatewaySupportedFeatures, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test-gc2", - }, - Spec: gwapiv1.GatewayClassSpec{ - ControllerName: gcCtrlName, - ParametersRef: &gwapiv1.ParametersReference{ - Group: gwapiv1.Group(egv1a1.GroupVersion.Group), - Kind: gwapiv1.Kind(egv1a1.KindEnvoyProxy), - Name: "test-envoyproxy", - Namespace: gatewayapi.NamespacePtr(config.DefaultNamespace), - }, - }, - Status: gwapiv1.GatewayClassStatus{ - Conditions: []metav1.Condition{ - { - Type: string(gwapiv1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, - }, - }, - SupportedFeatures: status.GatewaySupportedFeatures, - }, - }, - }, - expected: true, - }, - } - - for i := range testCases { - tc := testCases[i] - - // Create the reconciler. - logger := logging.DefaultLogger(egv1a1.LogLevelInfo) - r := &gatewayAPIReconciler{ - log: logger, - classController: gcCtrlName, - namespace: config.DefaultNamespace, - } - - // Run the test cases. - t.Run(tc.name, func(t *testing.T) { - // Add the test case objects to the reconciler client. - objs := []client.Object{tc.ep} - for _, gc := range tc.classes { - objs = append(objs, gc) - } - - // Create the client. - r.client = fakeclient.NewClientBuilder(). - WithScheme(envoygateway.GetScheme()). - WithObjects(objs...). - Build() - - // Process the test case gatewayclasses. - results := r.hasManagedClass(tc.ep) - require.Equal(t, tc.expected, results) - }) - } -} - func TestProcessGCParamsRef(t *testing.T) { gcCtrlName := gwapiv1.GatewayController(egv1a1.GatewayControllerName) From f9570ad425faae4d1ec99293560a89e7728a3825 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Fri, 7 Jun 2024 11:56:11 +0800 Subject: [PATCH 11/24] chore: rename processGCParamsRef as suggested Signed-off-by: haoqixu --- internal/provider/kubernetes/controller.go | 6 +++--- internal/provider/kubernetes/controller_test.go | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index e62db7ed384..d8fbcae9819 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -199,7 +199,7 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques // Process the parametersRef of the accepted GatewayClass. // This should run before processGateways and processBackendRefs if managedGC.Spec.ParametersRef != nil && managedGC.DeletionTimestamp == nil { - if err := r.processGCParamsRef(ctx, managedGC, resourceMappings, gwcResource); err != nil { + if err := r.processGatewayClassParamsRef(ctx, managedGC, resourceMappings, gwcResource); err != nil { msg := fmt.Sprintf("%s: %v", status.MsgGatewayClassInvalidParams, err) if err := r.updateStatusForGatewayClass(ctx, managedGC, false, string(gwapiv1.GatewayClassReasonInvalidParameters), msg); err != nil { r.log.Error(err, "unable to update GatewayClass status") @@ -1596,8 +1596,8 @@ func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw return nil } -// processGCParamsRef processes the parametersRef of the provided GatewayClass. -func (r *gatewayAPIReconciler) processGCParamsRef(ctx context.Context, gc *gwapiv1.GatewayClass, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { +// processGatewayClassParamsRef processes the parametersRef of the provided GatewayClass. +func (r *gatewayAPIReconciler) processGatewayClassParamsRef(ctx context.Context, gc *gwapiv1.GatewayClass, resourceMap *resourceMappings, resourceTree *gatewayapi.Resources) error { if !refsEnvoyProxy(gc) { return fmt.Errorf("unsupported parametersRef for gatewayclass %s", gc.Name) } diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go index 2e16bfd8c5e..eacf5316ccd 100644 --- a/internal/provider/kubernetes/controller_test.go +++ b/internal/provider/kubernetes/controller_test.go @@ -150,7 +150,7 @@ func TestRemoveGatewayClassFinalizer(t *testing.T) { } } -func TestProcessGCParamsRef(t *testing.T) { +func TestProcessGatewayClassParamsRef(t *testing.T) { gcCtrlName := gwapiv1.GatewayController(egv1a1.GatewayControllerName) testCases := []struct { @@ -278,7 +278,7 @@ func TestProcessGCParamsRef(t *testing.T) { // Process the test case gatewayclasses. resourceTree := gatewayapi.NewResources() resourceMap := newResourceMapping() - err := r.processGCParamsRef(context.Background(), tc.gc, resourceMap, resourceTree) + err := r.processGatewayClassParamsRef(context.Background(), tc.gc, resourceMap, resourceTree) if tc.expected { require.NoError(t, err) // Ensure the resource tree and map are as expected. From f720eadc1d2478b3ead9fca68d15620ca66624b2 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Fri, 7 Jun 2024 12:17:11 +0800 Subject: [PATCH 12/24] chore: add comments to Resources Signed-off-by: haoqixu --- internal/gatewayapi/resource.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index 3d1db1b7f68..e9cd26ea17b 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -34,6 +34,12 @@ type ( type Resources struct { // This field is only used for marshalling/unmarshalling purposes and is not used by // the translator + + // ClassEnvoyProxy holds EnvoyProxy attached to GatewayClass + ClassEnvoyProxy *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` + // EnvoyProxies holds EnvoyProxies attached to Gateways + EnvoyProxies []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` + GatewayClass *gwapiv1.GatewayClass `json:"gatewayClass,omitempty" yaml:"gatewayClass,omitempty"` Gateways []*gwapiv1.Gateway `json:"gateways,omitempty" yaml:"gateways,omitempty"` HTTPRoutes []*gwapiv1.HTTPRoute `json:"httpRoutes,omitempty" yaml:"httpRoutes,omitempty"` @@ -48,8 +54,6 @@ type Resources struct { EndpointSlices []*discoveryv1.EndpointSlice `json:"endpointSlices,omitempty" yaml:"endpointSlices,omitempty"` Secrets []*corev1.Secret `json:"secrets,omitempty" yaml:"secrets,omitempty"` ConfigMaps []*corev1.ConfigMap `json:"configMaps,omitempty" yaml:"configMaps,omitempty"` - ClassEnvoyProxy *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` - EnvoyProxies []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` ExtensionRefFilters []unstructured.Unstructured `json:"extensionRefFilters,omitempty" yaml:"extensionRefFilters,omitempty"` EnvoyPatchPolicies []*egv1a1.EnvoyPatchPolicy `json:"envoyPatchPolicies,omitempty" yaml:"envoyPatchPolicies,omitempty"` ClientTrafficPolicies []*egv1a1.ClientTrafficPolicy `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"` From 356fb30fb302db4b39ce63f61361882a23ad6bb8 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Mon, 10 Jun 2024 18:42:37 +0800 Subject: [PATCH 13/24] refactor: update as suggested Signed-off-by: haoqixu --- internal/gatewayapi/translator.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index b72a3dcf94c..af2622d652a 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -284,12 +284,7 @@ func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*Gateway } func (t *Translator) attachEnvoyProxy(gateway *GatewayContext, resources *Resources) { - if gateway.Spec.Infrastructure != nil && gateway.Spec.Infrastructure.ParametersRef != nil { - if t.MergeGateways { - gateway.envoyProxy = resources.ClassEnvoyProxy - return - } - + if gateway.Spec.Infrastructure != nil && gateway.Spec.Infrastructure.ParametersRef != nil && !t.MergeGateways { ref := gateway.Spec.Infrastructure.ParametersRef for _, ep := range resources.EnvoyProxies { if string(ref.Group) == egv1a1.GroupVersion.Group && From b6ac258167460cc5c373c4a18441665c352d6bb3 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Mon, 10 Jun 2024 19:02:18 +0800 Subject: [PATCH 14/24] refactor: extract resources.GetEnvoyProxy Signed-off-by: haoqixu --- internal/gatewayapi/resource.go | 10 ++++++++++ internal/gatewayapi/translator.go | 8 +++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index e9cd26ea17b..c92a758db0e 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -99,6 +99,16 @@ func (r *Resources) GetNamespace(name string) *corev1.Namespace { return nil } +func (r *Resources) GetEnvoyProxy(namespace, name string) *egv1a1.EnvoyProxy { + for _, ep := range r.EnvoyProxies { + if ep.Namespace == namespace && ep.Name == name { + return ep + } + } + + return nil +} + func (r *Resources) GetService(namespace, name string) *corev1.Service { for _, svc := range r.Services { if svc.Namespace == namespace && svc.Name == name { diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index af2622d652a..e0842063f8a 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -286,11 +286,9 @@ func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*Gateway func (t *Translator) attachEnvoyProxy(gateway *GatewayContext, resources *Resources) { if gateway.Spec.Infrastructure != nil && gateway.Spec.Infrastructure.ParametersRef != nil && !t.MergeGateways { ref := gateway.Spec.Infrastructure.ParametersRef - for _, ep := range resources.EnvoyProxies { - if string(ref.Group) == egv1a1.GroupVersion.Group && - ref.Kind == gwapiv1.Kind(ep.Kind) && - gateway.Namespace == ep.Namespace && - ref.Name == ep.Name { + if string(ref.Group) == egv1a1.GroupVersion.Group && ref.Kind == egv1a1.KindEnvoyProxy { + ep := resources.GetEnvoyProxy(gateway.Namespace, ref.Name) + if ep != nil { gateway.envoyProxy = ep return } From 15a00cb2a9dbf2ac609926b7a1c312b455ab3c78 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 11 Jun 2024 11:55:03 +0800 Subject: [PATCH 15/24] refactor: move attachEnvoyProxy into GatewayContext.ResetListeners Signed-off-by: haoqixu --- internal/gatewayapi/contexts.go | 20 ++++++++++++++++++- internal/gatewayapi/contexts_test.go | 22 +++++++++++++++++---- internal/gatewayapi/runner/runner.go | 3 +-- internal/gatewayapi/translator.go | 29 +++++----------------------- 4 files changed, 43 insertions(+), 31 deletions(-) diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index bab3339453c..9b9e99c18a8 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -29,7 +29,7 @@ type GatewayContext struct { // ResetListeners resets the listener statuses and re-generates the GatewayContext // ListenerContexts from the Gateway spec. -func (g *GatewayContext) ResetListeners() { +func (g *GatewayContext) ResetListeners(resource *Resources) { numListeners := len(g.Spec.Listeners) g.Status.Listeners = make([]gwapiv1.ListenerStatus, numListeners) g.listeners = make([]*ListenerContext, numListeners) @@ -42,6 +42,24 @@ func (g *GatewayContext) ResetListeners() { listenerStatusIdx: i, } } + + g.attachEnvoyProxy(resource) +} + +func (g *GatewayContext) attachEnvoyProxy(resources *Resources) { + if g.Spec.Infrastructure != nil && g.Spec.Infrastructure.ParametersRef != nil && !IsMergeGatewaysEnabled(resources) { + ref := g.Spec.Infrastructure.ParametersRef + if string(ref.Group) == egv1a1.GroupVersion.Group && ref.Kind == egv1a1.KindEnvoyProxy { + ep := resources.GetEnvoyProxy(g.Namespace, ref.Name) + if ep != nil { + g.envoyProxy = ep + return + } + } + // not found, fallthrough to use envoyProxy attached to gatewayclass + } + + g.envoyProxy = resources.ClassEnvoyProxy } // ListenerContext wraps a Listener and provides helper methods for diff --git a/internal/gatewayapi/contexts_test.go b/internal/gatewayapi/contexts_test.go index ee17cec5fcd..b6aee2c5c80 100644 --- a/internal/gatewayapi/contexts_test.go +++ b/internal/gatewayapi/contexts_test.go @@ -16,6 +16,13 @@ import ( ) func TestContexts(t *testing.T) { + r := &Resources{ + GatewayClass: &gwapiv1.GatewayClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + }, + }, + } gateway := &gwapiv1.Gateway{ ObjectMeta: metav1.ObjectMeta{ Namespace: "envoy-gateway", @@ -33,7 +40,7 @@ func TestContexts(t *testing.T) { gctx := &GatewayContext{ Gateway: gateway, } - gctx.ResetListeners() + gctx.ResetListeners(r) require.Len(t, gctx.listeners, 1) lctx := gctx.listeners[0] @@ -56,11 +63,18 @@ func TestContexts(t *testing.T) { require.Len(t, gateway.Status.Listeners[0].SupportedKinds, 1) require.EqualValues(t, "HTTPRoute", gateway.Status.Listeners[0].SupportedKinds[0].Kind) - gctx.ResetListeners() + gctx.ResetListeners(r) require.Empty(t, gateway.Status.Listeners[0].Conditions) } func TestContextsStaleListener(t *testing.T) { + r := &Resources{ + GatewayClass: &gwapiv1.GatewayClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + }, + }, + } gateway := &gwapiv1.Gateway{ ObjectMeta: metav1.ObjectMeta{ Namespace: "envoy-gateway", @@ -116,7 +130,7 @@ func TestContextsStaleListener(t *testing.T) { listenerStatusIdx: 1, } - gCtx.ResetListeners() + gCtx.ResetListeners(r) require.Len(t, gCtx.listeners, 2) @@ -141,7 +155,7 @@ func TestContextsStaleListener(t *testing.T) { // Remove one of the listeners gateway.Spec.Listeners = gateway.Spec.Listeners[:1] - gCtx.ResetListeners() + gCtx.ResetListeners(r) // Ensure the listener status has been updated and the stale listener has been // removed. diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index 31062749f66..b4419aff63b 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -87,8 +87,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { EnvoyPatchPolicyEnabled: r.EnvoyGateway.ExtensionAPIs != nil && r.EnvoyGateway.ExtensionAPIs.EnableEnvoyPatchPolicy, BackendEnabled: r.EnvoyGateway.ExtensionAPIs != nil && r.EnvoyGateway.ExtensionAPIs.EnableBackend, Namespace: r.Namespace, - // TODO: gateway.infrastructure.parametersRef - MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), + MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), } // If an extension is loaded, pass its supported groups/kinds to the translator diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index e0842063f8a..191a75d460f 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -61,7 +61,7 @@ var _ TranslatorManager = (*Translator)(nil) type TranslatorManager interface { Translate(resources *Resources) (*TranslateResult, error) - GetRelevantGateways(gateways []*gwapiv1.Gateway) []*GatewayContext + GetRelevantGateways(resources *Resources) []*GatewayContext RoutesTranslator ListenersTranslator @@ -166,10 +166,7 @@ func newTranslateResult(gateways []*GatewayContext, func (t *Translator) Translate(resources *Resources) (*TranslateResult, error) { // Get Gateways belonging to our GatewayClass. - gateways := t.GetRelevantGateways(resources.Gateways) - for _, gtw := range gateways { - t.attachEnvoyProxy(gtw, resources) - } + gateways := t.GetRelevantGateways(resources) // Sort gateways based on timestamp. sort.Slice(gateways, func(i, j int) bool { @@ -262,10 +259,10 @@ func (t *Translator) Translate(resources *Resources) (*TranslateResult, error) { // GetRelevantGateways returns GatewayContexts, containing a copy of the original // Gateway with the Listener statuses reset. -func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*GatewayContext { +func (t *Translator) GetRelevantGateways(resources *Resources) []*GatewayContext { var relevant []*GatewayContext - for _, gateway := range gateways { + for _, gateway := range resources.Gateways { if gateway == nil { panic("received nil gateway") } @@ -274,7 +271,7 @@ func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*Gateway gc := &GatewayContext{ Gateway: gateway.DeepCopy(), } - gc.ResetListeners() + gc.ResetListeners(resources) relevant = append(relevant, gc) } @@ -283,22 +280,6 @@ func (t *Translator) GetRelevantGateways(gateways []*gwapiv1.Gateway) []*Gateway return relevant } -func (t *Translator) attachEnvoyProxy(gateway *GatewayContext, resources *Resources) { - if gateway.Spec.Infrastructure != nil && gateway.Spec.Infrastructure.ParametersRef != nil && !t.MergeGateways { - ref := gateway.Spec.Infrastructure.ParametersRef - if string(ref.Group) == egv1a1.GroupVersion.Group && ref.Kind == egv1a1.KindEnvoyProxy { - ep := resources.GetEnvoyProxy(gateway.Namespace, ref.Name) - if ep != nil { - gateway.envoyProxy = ep - return - } - } - // not found, fallthrough to use envoyProxy attached to gatewayclass - } - - gateway.envoyProxy = resources.ClassEnvoyProxy -} - // InitIRs checks if mergeGateways is enabled in EnvoyProxy config and initializes XdsIR and InfraIR maps with adequate keys. func (t *Translator) InitIRs(gateways []*GatewayContext, resources *Resources) (map[string]*ir.Xds, map[string]*ir.Infra) { xdsIR := make(XdsIRMap) From aa53188a59b6e5f4db6862d932bd208136525044 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 11 Jun 2024 12:52:25 +0800 Subject: [PATCH 16/24] refactor: change ListenerContext.gateway to GatewayContext Signed-off-by: haoqixu --- internal/gatewayapi/clienttrafficpolicy.go | 6 +-- internal/gatewayapi/contexts.go | 13 +++-- internal/gatewayapi/contexts_test.go | 6 +-- internal/gatewayapi/envoyextensionpolicy.go | 7 +-- internal/gatewayapi/helpers.go | 6 +-- internal/gatewayapi/listener.go | 2 +- internal/gatewayapi/route.go | 23 ++++----- internal/gatewayapi/securitypolicy.go | 7 +-- internal/gatewayapi/validate.go | 56 ++++++++++----------- 9 files changed, 67 insertions(+), 59 deletions(-) diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index 798c8208d60..b8faaef5bc9 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -134,7 +134,7 @@ func (t *Translator) ProcessClientTrafficPolicies( var err error for _, l := range gateway.listeners { // Find IR - irKey := t.getIRKey(l.gateway) + irKey := t.getIRKey(l.gateway.Gateway) // It must exist since we've already finished processing the gateways gwXdsIR := xdsIR[irKey] if string(l.Name) == section { @@ -253,7 +253,7 @@ func (t *Translator) ProcessClientTrafficPolicies( } // Find IR - irKey := t.getIRKey(l.gateway) + irKey := t.getIRKey(l.gateway.Gateway) // It must exist since we've already finished processing the gateways gwXdsIR := xdsIR[irKey] if err := validatePortOverlapForClientTrafficPolicy(l, gwXdsIR, true); err != nil { @@ -380,7 +380,7 @@ func (t *Translator) translateClientTrafficPolicyForListener(policy *egv1a1.Clie xdsIR XdsIRMap, infraIR InfraIRMap, resources *Resources, ) error { // Find IR - irKey := t.getIRKey(l.gateway) + irKey := t.getIRKey(l.gateway.Gateway) // It must exist since we've already finished processing the gateways gwXdsIR := xdsIR[irKey] diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 9b9e99c18a8..150b809e626 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -38,7 +38,7 @@ func (g *GatewayContext) ResetListeners(resource *Resources) { g.Status.Listeners[i] = gwapiv1.ListenerStatus{Name: listener.Name} g.listeners[i] = &ListenerContext{ Listener: listener, - gateway: g.Gateway, + gateway: g, listenerStatusIdx: i, } } @@ -68,7 +68,7 @@ func (g *GatewayContext) attachEnvoyProxy(resources *Resources) { type ListenerContext struct { *gwapiv1.Listener - gateway *gwapiv1.Gateway + gateway *GatewayContext listenerStatusIdx int namespaceSelector labels.Selector tlsSecrets []*corev1.Secret @@ -332,7 +332,14 @@ type RouteParentContext struct { routeParentStatusIdx int listeners []*ListenerContext - gateway *GatewayContext +} + +// GetGateway returns the GatewayContext if parent resource is a gateway. +func (r *RouteParentContext) GetGateway() *GatewayContext { + if r == nil || len(r.listeners) == 0 { + return nil + } + return r.listeners[0].gateway } func (r *RouteParentContext) SetListeners(listeners ...*ListenerContext) { diff --git a/internal/gatewayapi/contexts_test.go b/internal/gatewayapi/contexts_test.go index b6aee2c5c80..b594dc92e7a 100644 --- a/internal/gatewayapi/contexts_test.go +++ b/internal/gatewayapi/contexts_test.go @@ -46,7 +46,7 @@ func TestContexts(t *testing.T) { lctx := gctx.listeners[0] require.NotNil(t, lctx) - status.SetGatewayListenerStatusCondition(lctx.gateway, lctx.listenerStatusIdx, + status.SetGatewayListenerStatusCondition(lctx.gateway.Gateway, lctx.listenerStatusIdx, gwapiv1.ListenerConditionAccepted, metav1.ConditionFalse, gwapiv1.ListenerReasonUnsupportedProtocol, "HTTPS protocol is not supported yet") require.Len(t, gateway.Status.Listeners, 1) @@ -118,7 +118,7 @@ func TestContextsStaleListener(t *testing.T) { Listener: &gwapiv1.Listener{ Name: "https", }, - gateway: gateway, + gateway: gCtx, listenerStatusIdx: 0, } @@ -126,7 +126,7 @@ func TestContextsStaleListener(t *testing.T) { Listener: &gwapiv1.Listener{ Name: "http", }, - gateway: gateway, + gateway: gCtx, listenerStatusIdx: 1, } diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 3b683fa7c39..42c4322eae5 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -326,14 +326,15 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE parentRefs := GetParentReferences(route) for _, p := range parentRefs { parentRefCtx := GetRouteParentContext(route, p) - if parentRefCtx != nil && parentRefCtx.gateway != nil { - if extProcs, err = t.buildExtProcs(policy, resources, parentRefCtx.gateway.envoyProxy); err != nil { + gtwCtx := parentRefCtx.GetGateway() + if gtwCtx != nil { + if extProcs, err = t.buildExtProcs(policy, resources, gtwCtx.envoyProxy); err != nil { err = perr.WithMessage(err, "ExtProcs") errs = errors.Join(errs, err) extProcs = nil } for _, listener := range parentRefCtx.listeners { - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) if irListener != nil { for _, r := range irListener.Routes { diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index ca666d91b7e..1456eecf027 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -124,7 +124,7 @@ func IsRefToGateway(parentRef gwapiv1.ParentReference, gateway types.NamespacedN // in the given list, and if so, a list of the Listeners within that Gateway that // are included by the parent ref (either one specific Listener, or all Listeners // in the Gateway, depending on whether section name is specified or not). -func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*GatewayContext) (bool, *GatewayContext, []*ListenerContext) { +func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*GatewayContext) (bool, []*ListenerContext) { var referencedListeners []*ListenerContext for _, gateway := range gateways { @@ -135,11 +135,11 @@ func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*Gatew referencedListeners = append(referencedListeners, listener) } } - return true, gateway, referencedListeners + return true, referencedListeners } } - return false, nil, referencedListeners + return false, referencedListeners } // HasReadyListener returns true if at least one Listener in the diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index d311489127f..84e77271ee8 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -71,7 +71,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap case gwapiv1.UDPProtocolType: t.validateAllowedRoutes(listener, KindUDPRoute) default: - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionAccepted, metav1.ConditionFalse, diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index afe747766ea..39715b1a8d2 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -698,7 +698,7 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route perHostRoutes = append(perHostRoutes, hostRoute) } } - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) if irListener != nil { @@ -792,7 +792,7 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour hasHostnameIntersection = true - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) gwXdsIR := xdsIR[irKey] irListener := gwXdsIR.GetTCPListener(irListenerName(listener)) @@ -929,7 +929,7 @@ func (t *Translator) processUDPRouteParentRefs(udpRoute *UDPRouteContext, resour } accepted = true - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) gwXdsIR := xdsIR[irKey] irListener := gwXdsIR.GetUDPListener(irListenerName(listener)) @@ -1062,7 +1062,7 @@ func (t *Translator) processTCPRouteParentRefs(tcpRoute *TCPRouteContext, resour continue } accepted = true - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) gwXdsIR := xdsIR[irKey] irListener := gwXdsIR.GetTCPListener(irListenerName(listener)) @@ -1180,11 +1180,11 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, } case KindService: ds = t.processServiceDestinationSetting(backendRef.BackendObjectReference, backendNamespace, protocol, resources) - gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference) + gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference).GetGateway() var envoyProxy *egv1a1.EnvoyProxy - if gatewayCtx != nil && gatewayCtx.gateway != nil { - envoyProxy = gatewayCtx.gateway.envoyProxy + if gatewayCtx != nil { + envoyProxy = gatewayCtx.envoyProxy } ds.TLS = t.applyBackendTLSSetting( @@ -1204,11 +1204,11 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, ds.Filters = t.processDestinationFilters(routeType, backendRefContext, parentRef, route, resources) case egv1a1.KindBackend: ds = t.processBackendDestinationSetting(backendRef.BackendObjectReference, backendNamespace, resources) - gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference) + gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference).GetGateway() var envoyProxy *egv1a1.EnvoyProxy - if gatewayCtx != nil && gatewayCtx.gateway != nil { - envoyProxy = gatewayCtx.gateway.envoyProxy + if gatewayCtx != nil { + envoyProxy = gatewayCtx.envoyProxy } ds.TLS = t.applyBackendTLSSetting( @@ -1376,7 +1376,7 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont var relevantRoute bool for _, parentRef := range GetParentReferences(routeContext) { - isRelevantParentRef, gw, selectedListeners := GetReferencedListeners(parentRef, gateways) + isRelevantParentRef, selectedListeners := GetReferencedListeners(parentRef, gateways) // Parent ref is not to a Gateway that we control: skip it if !isRelevantParentRef { @@ -1447,7 +1447,6 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont } parentRefCtx.SetListeners(allowedListeners...) - parentRefCtx.gateway = gw routeStatus := GetRouteStatus(routeContext) status.SetRouteStatusCondition(routeStatus, diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 9b08274435f..cdfcd99975f 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -401,12 +401,13 @@ func (t *Translator) translateSecurityPolicyForRoute( parentRefs := GetParentReferences(route) for _, p := range parentRefs { parentRefCtx := GetRouteParentContext(route, p) - if parentRefCtx != nil && parentRefCtx.gateway != nil { + gtwCtx := parentRefCtx.GetGateway() + if gtwCtx != nil { if policy.Spec.ExtAuth != nil { if extAuth, err = t.buildExtAuth( policy, resources, - parentRefCtx.gateway.envoyProxy, + gtwCtx.envoyProxy, ); err != nil { err = perr.WithMessage(err, "ExtAuth") errs = errors.Join(errs, err) @@ -414,7 +415,7 @@ func (t *Translator) translateSecurityPolicyForRoute( } } for _, listener := range parentRefCtx.listeners { - irKey := t.getIRKey(listener.gateway) + irKey := t.getIRKey(listener.gateway.Gateway) irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) if irListener != nil { for _, r := range irListener.Routes { diff --git a/internal/gatewayapi/validate.go b/internal/gatewayapi/validate.go index 1817f6e06fc..f2172f2726c 100644 --- a/internal/gatewayapi/validate.go +++ b/internal/gatewayapi/validate.go @@ -335,13 +335,13 @@ func (t *Translator) validateBackendRefBackend(backendRef *gwapiv1a2.BackendRef, func (t *Translator) validateListenerConditions(listener *ListenerContext) (isReady bool) { lConditions := listener.GetConditions() if len(lConditions) == 0 { - status.SetGatewayListenerStatusCondition(listener.gateway, listener.listenerStatusIdx, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionTrue, gwapiv1.ListenerReasonProgrammed, "Sending translated listener configuration to the data plane") - status.SetGatewayListenerStatusCondition(listener.gateway, listener.listenerStatusIdx, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionAccepted, metav1.ConditionTrue, gwapiv1.ListenerReasonAccepted, "Listener has been successfully translated") - status.SetGatewayListenerStatusCondition(listener.gateway, listener.listenerStatusIdx, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionTrue, gwapiv1.ListenerReasonResolvedRefs, "Listener references have been resolved") return true @@ -361,7 +361,7 @@ func (t *Translator) validateListenerConditions(listener *ListenerContext) (isRe } // set "Programmed: false" if it's not set already. if !hasProgrammedCond { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -371,7 +371,7 @@ func (t *Translator) validateListenerConditions(listener *ListenerContext) (isRe } // set "ResolvedRefs: true" if it's not set already. if !hasRefsCond { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionTrue, @@ -391,7 +391,7 @@ func (t *Translator) validateAllowedNamespaces(listener *ListenerContext) { listener.AllowedRoutes.Namespaces.From != nil && *listener.AllowedRoutes.Namespaces.From == gwapiv1.NamespacesFromSelector { if listener.AllowedRoutes.Namespaces.Selector == nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -401,7 +401,7 @@ func (t *Translator) validateAllowedNamespaces(listener *ListenerContext) { } else { selector, err := metav1.LabelSelectorAsSelector(listener.AllowedRoutes.Namespaces.Selector) if err != nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -417,7 +417,7 @@ func (t *Translator) validateAllowedNamespaces(listener *ListenerContext) { func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerContext, resources *Resources) []*corev1.Secret { if len(listener.TLS.CertificateRefs) == 0 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -431,7 +431,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon for _, certificateRef := range listener.TLS.CertificateRefs { // TODO zhaohuabing: reuse validateSecretRef if certificateRef.Group != nil && string(*certificateRef.Group) != "" { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -442,7 +442,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon } if certificateRef.Kind != nil && string(*certificateRef.Kind) != KindSecret { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -469,7 +469,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon }, resources.ReferenceGrants, ) { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -485,7 +485,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon secret := resources.GetSecret(secretNamespace, string(certificateRef.Name)) if secret == nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -496,7 +496,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon } if secret.Type != corev1.SecretTypeTLS { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -507,7 +507,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon } if len(secret.Data[corev1.TLSCertKey]) == 0 || len(secret.Data[corev1.TLSPrivateKeyKey]) == 0 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -522,7 +522,7 @@ func (t *Translator) validateTerminateModeAndGetTLSSecrets(listener *ListenerCon err := validateTLSSecretsData(secrets, listener.Hostname) if err != nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -538,7 +538,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc switch listener.Protocol { case gwapiv1.HTTPProtocolType, gwapiv1.UDPProtocolType, gwapiv1.TCPProtocolType: if listener.TLS != nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -548,7 +548,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc } case gwapiv1.HTTPSProtocolType: if listener.TLS == nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -559,7 +559,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc } if listener.TLS.Mode != nil && *listener.TLS.Mode != gwapiv1.TLSModeTerminate { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -574,7 +574,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc case gwapiv1.TLSProtocolType: if listener.TLS == nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -586,7 +586,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc if listener.TLS.Mode != nil && *listener.TLS.Mode == gwapiv1.TLSModePassthrough { if len(listener.TLS.CertificateRefs) > 0 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -599,7 +599,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc if listener.TLS.Mode != nil && *listener.TLS.Mode == gwapiv1.TLSModeTerminate { if len(listener.TLS.CertificateRefs) == 0 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -617,7 +617,7 @@ func (t *Translator) validateTLSConfiguration(listener *ListenerContext, resourc func (t *Translator) validateHostName(listener *ListenerContext) { if listener.Protocol == gwapiv1.UDPProtocolType || listener.Protocol == gwapiv1.TCPProtocolType { if listener.Hostname != nil { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionProgrammed, metav1.ConditionFalse, @@ -646,7 +646,7 @@ func (t *Translator) validateAllowedRoutes(listener *ListenerContext, routeKinds // if there is a group it must match `gateway.networking.k8s.io` if kind.Group != nil && string(*kind.Group) != gwapiv1.GroupName { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -678,7 +678,7 @@ func (t *Translator) validateAllowedRoutes(listener *ListenerContext, routeKinds } else { printRouteKinds = supportedRouteKinds } - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionResolvedRefs, metav1.ConditionFalse, @@ -707,7 +707,7 @@ func (t *Translator) validateConflictedMergedListeners(gateways []*GatewayContex } portProtocolHostname := fmt.Sprintf("%s:%s:%d", listener.Protocol, *hostname, listener.Port) if listenerSets.Has(portProtocolHostname) { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionConflicted, metav1.ConditionTrue, @@ -760,7 +760,7 @@ func (t *Translator) validateConflictedLayer7Listeners(gateways []*GatewayContex for _, info := range portListenerInfo { for _, listener := range info.listeners { if len(info.protocols) > 1 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionConflicted, metav1.ConditionTrue, @@ -775,7 +775,7 @@ func (t *Translator) validateConflictedLayer7Listeners(gateways []*GatewayContex } if info.hostnames[hostname] > 1 { - status.SetGatewayListenerStatusCondition(listener.gateway, + status.SetGatewayListenerStatusCondition(listener.gateway.Gateway, listener.listenerStatusIdx, gwapiv1.ListenerConditionConflicted, metav1.ConditionTrue, @@ -807,7 +807,7 @@ func (t *Translator) validateConflictedLayer4Listeners(gateways []*GatewayContex for _, info := range portListenerInfo { if len(info.listeners) > 1 { for i := 1; i < len(info.listeners); i++ { - status.SetGatewayListenerStatusCondition(info.listeners[i].gateway, + status.SetGatewayListenerStatusCondition(info.listeners[i].gateway.Gateway, info.listeners[i].listenerStatusIdx, gwapiv1.ListenerConditionConflicted, metav1.ConditionTrue, From 0637d48225b8d200a321e4e5f7a127be065deae5 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 11 Jun 2024 13:17:36 +0800 Subject: [PATCH 17/24] refactor: move getIRKey out of inner loop Signed-off-by: haoqixu --- internal/gatewayapi/envoyextensionpolicy.go | 2 +- internal/gatewayapi/securitypolicy.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 42c4322eae5..625645c9588 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -333,8 +333,8 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE errs = errors.Join(errs, err) extProcs = nil } + irKey := t.getIRKey(gtwCtx.Gateway) for _, listener := range parentRefCtx.listeners { - irKey := t.getIRKey(listener.gateway.Gateway) irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) if irListener != nil { for _, r := range irListener.Routes { diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index cdfcd99975f..8baef91cd15 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -414,8 +414,8 @@ func (t *Translator) translateSecurityPolicyForRoute( extAuth = nil } } + irKey := t.getIRKey(gtwCtx.Gateway) for _, listener := range parentRefCtx.listeners { - irKey := t.getIRKey(listener.gateway.Gateway) irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) if irListener != nil { for _, r := range irListener.Routes { From f90ca22b78008e64387db0bb3a18d38bb97aa68b Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 11 Jun 2024 15:03:02 +0800 Subject: [PATCH 18/24] fix: reset *ir.ExtAuth for each gateway Signed-off-by: haoqixu --- internal/gatewayapi/envoyextensionpolicy.go | 3 +-- internal/gatewayapi/listener.go | 1 - internal/gatewayapi/securitypolicy.go | 3 +-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 625645c9588..d96ea4ffc48 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -306,7 +306,6 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE xdsIR XdsIRMap, resources *Resources, ) error { var ( - extProcs []ir.ExtProc wasms []ir.Wasm err, errs error ) @@ -328,10 +327,10 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE parentRefCtx := GetRouteParentContext(route, p) gtwCtx := parentRefCtx.GetGateway() if gtwCtx != nil { + var extProcs []ir.ExtProc if extProcs, err = t.buildExtProcs(policy, resources, gtwCtx.envoyProxy); err != nil { err = perr.WithMessage(err, "ExtProcs") errs = errors.Join(errs, err) - extProcs = nil } irKey := t.getIRKey(gtwCtx.Gateway) for _, listener := range parentRefCtx.listeners { diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 84e77271ee8..fac12318dd7 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -97,7 +97,6 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap } // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} - // TODO containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy) switch listener.Protocol { case gwapiv1.HTTPProtocolType, gwapiv1.HTTPSProtocolType: diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 8baef91cd15..f64bca7f05a 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -357,7 +357,6 @@ func (t *Translator) translateSecurityPolicyForRoute( jwt *ir.JWT oidc *ir.OIDC basicAuth *ir.BasicAuth - extAuth *ir.ExtAuth authorization *ir.Authorization err, errs error ) @@ -403,6 +402,7 @@ func (t *Translator) translateSecurityPolicyForRoute( parentRefCtx := GetRouteParentContext(route, p) gtwCtx := parentRefCtx.GetGateway() if gtwCtx != nil { + var extAuth *ir.ExtAuth if policy.Spec.ExtAuth != nil { if extAuth, err = t.buildExtAuth( policy, @@ -411,7 +411,6 @@ func (t *Translator) translateSecurityPolicyForRoute( ); err != nil { err = perr.WithMessage(err, "ExtAuth") errs = errors.Join(errs, err) - extAuth = nil } } irKey := t.getIRKey(gtwCtx.Gateway) From d507a9aca235249d564784c4015fb45413f72b88 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Tue, 11 Jun 2024 15:13:49 +0800 Subject: [PATCH 19/24] refactor: continue early to reduce nesting Signed-off-by: haoqixu --- internal/gatewayapi/envoyextensionpolicy.go | 32 +++++++------ internal/gatewayapi/securitypolicy.go | 52 +++++++++++---------- 2 files changed, 44 insertions(+), 40 deletions(-) diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index d96ea4ffc48..69dd7b10887 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -326,21 +326,23 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE for _, p := range parentRefs { parentRefCtx := GetRouteParentContext(route, p) gtwCtx := parentRefCtx.GetGateway() - if gtwCtx != nil { - var extProcs []ir.ExtProc - if extProcs, err = t.buildExtProcs(policy, resources, gtwCtx.envoyProxy); err != nil { - err = perr.WithMessage(err, "ExtProcs") - errs = errors.Join(errs, err) - } - irKey := t.getIRKey(gtwCtx.Gateway) - for _, listener := range parentRefCtx.listeners { - irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) - if irListener != nil { - for _, r := range irListener.Routes { - if strings.HasPrefix(r.Name, prefix) { - r.ExtProcs = extProcs - r.Wasms = wasms - } + if gtwCtx == nil { + continue + } + + var extProcs []ir.ExtProc + if extProcs, err = t.buildExtProcs(policy, resources, gtwCtx.envoyProxy); err != nil { + err = perr.WithMessage(err, "ExtProcs") + errs = errors.Join(errs, err) + } + irKey := t.getIRKey(gtwCtx.Gateway) + for _, listener := range parentRefCtx.listeners { + irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) + if irListener != nil { + for _, r := range irListener.Routes { + if strings.HasPrefix(r.Name, prefix) { + r.ExtProcs = extProcs + r.Wasms = wasms } } } diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index f64bca7f05a..34e2410ae55 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -401,32 +401,34 @@ func (t *Translator) translateSecurityPolicyForRoute( for _, p := range parentRefs { parentRefCtx := GetRouteParentContext(route, p) gtwCtx := parentRefCtx.GetGateway() - if gtwCtx != nil { - var extAuth *ir.ExtAuth - if policy.Spec.ExtAuth != nil { - if extAuth, err = t.buildExtAuth( - policy, - resources, - gtwCtx.envoyProxy, - ); err != nil { - err = perr.WithMessage(err, "ExtAuth") - errs = errors.Join(errs, err) - } + if gtwCtx == nil { + continue + } + + var extAuth *ir.ExtAuth + if policy.Spec.ExtAuth != nil { + if extAuth, err = t.buildExtAuth( + policy, + resources, + gtwCtx.envoyProxy, + ); err != nil { + err = perr.WithMessage(err, "ExtAuth") + errs = errors.Join(errs, err) } - irKey := t.getIRKey(gtwCtx.Gateway) - for _, listener := range parentRefCtx.listeners { - irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) - if irListener != nil { - for _, r := range irListener.Routes { - if strings.HasPrefix(r.Name, prefix) { - r.Security = &ir.SecurityFeatures{ - CORS: cors, - JWT: jwt, - OIDC: oidc, - BasicAuth: basicAuth, - ExtAuth: extAuth, - Authorization: authorization, - } + } + irKey := t.getIRKey(gtwCtx.Gateway) + for _, listener := range parentRefCtx.listeners { + irListener := xdsIR[irKey].GetHTTPListener(irListenerName(listener)) + if irListener != nil { + for _, r := range irListener.Routes { + if strings.HasPrefix(r.Name, prefix) { + r.Security = &ir.SecurityFeatures{ + CORS: cors, + JWT: jwt, + OIDC: oidc, + BasicAuth: basicAuth, + ExtAuth: extAuth, + Authorization: authorization, } } } From d96bcca3e44334794cc3b9e68b0f67ddc237f31e Mon Sep 17 00:00:00 2001 From: haoqixu Date: Fri, 14 Jun 2024 11:15:37 +0800 Subject: [PATCH 20/24] refactor: rename envoyProxies and ClassEnvoyProxy Signed-off-by: haoqixu --- internal/cmd/egctl/translate.go | 20 +++++++++---------- internal/gatewayapi/contexts.go | 2 +- internal/gatewayapi/helpers.go | 2 +- internal/gatewayapi/resource.go | 10 +++++----- internal/gatewayapi/zz_generated.deepcopy.go | 8 ++++---- internal/provider/kubernetes/controller.go | 16 +++++++-------- .../provider/kubernetes/controller_test.go | 2 +- .../provider/kubernetes/kubernetes_test.go | 4 ++-- 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/internal/cmd/egctl/translate.go b/internal/cmd/egctl/translate.go index 9fb88070149..a9d16269be5 100644 --- a/internal/cmd/egctl/translate.go +++ b/internal/cmd/egctl/translate.go @@ -315,13 +315,13 @@ func translateGatewayAPIToGatewayAPI(resources *gatewayapi.Resources) (gatewayap gRes, _ := gTranslator.Translate(resources) // Update the status of the GatewayClass based on EnvoyProxy validation epInvalid := false - if resources.ClassEnvoyProxy != nil { - if err := validation.ValidateEnvoyProxy(resources.ClassEnvoyProxy); err != nil { + if resources.EnvoyProxyForGatewayClass != nil { + if err := validation.ValidateEnvoyProxy(resources.EnvoyProxyForGatewayClass); err != nil { epInvalid = true msg := fmt.Sprintf("%s: %v", status.MsgGatewayClassInvalidParams, err) status.SetGatewayClassAccepted(resources.GatewayClass, false, string(gwapiv1.GatewayClassReasonInvalidParameters), msg) } - gRes.ClassEnvoyProxy = resources.ClassEnvoyProxy + gRes.EnvoyProxyForGatewayClass = resources.EnvoyProxyForGatewayClass } if !epInvalid { status.SetGatewayClassAccepted(resources.GatewayClass, true, string(gwapiv1.GatewayClassReasonAccepted), status.MsgValidGatewayClass) @@ -364,8 +364,8 @@ func translateGatewayAPIToXds(dnsDomain string, resourceType string, resources * ServiceURL: ratelimit.GetServiceURL("envoy-gateway", dnsDomain), }, } - if resources.ClassEnvoyProxy != nil { - xTranslator.FilterOrder = resources.ClassEnvoyProxy.Spec.FilterOrder + if resources.EnvoyProxyForGatewayClass != nil { + xTranslator.FilterOrder = resources.EnvoyProxyForGatewayClass.Spec.FilterOrder } xRes, err := xTranslator.Translate(val) if err != nil { @@ -445,8 +445,8 @@ func constructConfigDump(resources *gatewayapi.Resources, tCtx *xds_types.Resour // Apply Bootstrap from EnvoyProxy API if set by the user // The config should have been validated already - if resources.ClassEnvoyProxy != nil && resources.ClassEnvoyProxy.Spec.Bootstrap != nil { - bootstrapConfigurations, err = bootstrap.ApplyBootstrapConfig(resources.ClassEnvoyProxy.Spec.Bootstrap, bootstrapConfigurations) + if resources.EnvoyProxyForGatewayClass != nil && resources.EnvoyProxyForGatewayClass.Spec.Bootstrap != nil { + bootstrapConfigurations, err = bootstrap.ApplyBootstrapConfig(resources.EnvoyProxyForGatewayClass.Spec.Bootstrap, bootstrapConfigurations) if err != nil { return nil, err } @@ -685,7 +685,7 @@ func kubernetesYAMLToResources(str string, addMissingResources bool) (*gatewayap }, Spec: typedSpec.(egv1a1.EnvoyProxySpec), } - resources.ClassEnvoyProxy = envoyProxy + resources.EnvoyProxyForGatewayClass = envoyProxy case gatewayapi.KindGatewayClass: typedSpec := spec.Interface() gatewayClass := &gwapiv1.GatewayClass{ @@ -923,7 +923,7 @@ func kubernetesYAMLToResources(str string, addMissingResources bool) (*gatewayap } // Add EnvoyProxy if it does not exist - if resources.ClassEnvoyProxy == nil { + if resources.EnvoyProxyForGatewayClass == nil { if err := addDefaultEnvoyProxy(resources); err != nil { return nil, err } @@ -955,7 +955,7 @@ func addDefaultEnvoyProxy(resources *gatewayapi.Resources) error { }, }, } - resources.ClassEnvoyProxy = ep + resources.EnvoyProxyForGatewayClass = ep ns := gwapiv1.Namespace(namespace) resources.GatewayClass.Spec.ParametersRef = &gwapiv1.ParametersReference{ Group: gwapiv1.Group(egv1a1.GroupVersion.Group), diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 150b809e626..414386c973d 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -59,7 +59,7 @@ func (g *GatewayContext) attachEnvoyProxy(resources *Resources) { // not found, fallthrough to use envoyProxy attached to gatewayclass } - g.envoyProxy = resources.ClassEnvoyProxy + g.envoyProxy = resources.EnvoyProxyForGatewayClass } // ListenerContext wraps a Listener and provides helper methods for diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 1456eecf027..ed35961ca0f 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -413,7 +413,7 @@ func irTLSCACertName(namespace, name string) string { } func IsMergeGatewaysEnabled(resources *Resources) bool { - return resources.ClassEnvoyProxy != nil && resources.ClassEnvoyProxy.Spec.MergeGateways != nil && *resources.ClassEnvoyProxy.Spec.MergeGateways + return resources.EnvoyProxyForGatewayClass != nil && resources.EnvoyProxyForGatewayClass.Spec.MergeGateways != nil && *resources.EnvoyProxyForGatewayClass.Spec.MergeGateways } func protocolSliceToStringSlice(protocols []gwapiv1.ProtocolType) []string { diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index c92a758db0e..b85452fb0e2 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -35,10 +35,10 @@ type Resources struct { // This field is only used for marshalling/unmarshalling purposes and is not used by // the translator - // ClassEnvoyProxy holds EnvoyProxy attached to GatewayClass - ClassEnvoyProxy *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` - // EnvoyProxies holds EnvoyProxies attached to Gateways - EnvoyProxies []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` + // EnvoyProxyForGatewayClass holds EnvoyProxy attached to GatewayClass + EnvoyProxyForGatewayClass *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` + // EnvoyProxiesForGateways holds EnvoyProxiesForGateways attached to Gateways + EnvoyProxiesForGateways []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` GatewayClass *gwapiv1.GatewayClass `json:"gatewayClass,omitempty" yaml:"gatewayClass,omitempty"` Gateways []*gwapiv1.Gateway `json:"gateways,omitempty" yaml:"gateways,omitempty"` @@ -100,7 +100,7 @@ func (r *Resources) GetNamespace(name string) *corev1.Namespace { } func (r *Resources) GetEnvoyProxy(namespace, name string) *egv1a1.EnvoyProxy { - for _, ep := range r.EnvoyProxies { + for _, ep := range r.EnvoyProxiesForGateways { if ep.Namespace == namespace && ep.Name == name { return ep } diff --git a/internal/gatewayapi/zz_generated.deepcopy.go b/internal/gatewayapi/zz_generated.deepcopy.go index 3d4f89ef2d4..30f38db7da7 100644 --- a/internal/gatewayapi/zz_generated.deepcopy.go +++ b/internal/gatewayapi/zz_generated.deepcopy.go @@ -172,13 +172,13 @@ func (in *Resources) DeepCopyInto(out *Resources) { } } } - if in.ClassEnvoyProxy != nil { - in, out := &in.ClassEnvoyProxy, &out.ClassEnvoyProxy + if in.EnvoyProxyForGatewayClass != nil { + in, out := &in.EnvoyProxyForGatewayClass, &out.EnvoyProxyForGatewayClass *out = new(apiv1alpha1.EnvoyProxy) (*in).DeepCopyInto(*out) } - if in.EnvoyProxies != nil { - in, out := &in.EnvoyProxies, &out.EnvoyProxies + if in.EnvoyProxiesForGateways != nil { + in, out := &in.EnvoyProxiesForGateways, &out.EnvoyProxiesForGateways *out = make([]*apiv1alpha1.EnvoyProxy, len(*in)) for i := range *in { if (*in)[i] != nil { diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index d8fbcae9819..27a985456a4 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -272,8 +272,8 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques gwcResource.Namespaces = append(gwcResource.Namespaces, namespace) } - if gwcResource.ClassEnvoyProxy != nil && gwcResource.ClassEnvoyProxy.Spec.MergeGateways != nil { - if *gwcResource.ClassEnvoyProxy.Spec.MergeGateways { + if gwcResource.EnvoyProxyForGatewayClass != nil && gwcResource.EnvoyProxyForGatewayClass.Spec.MergeGateways != nil { + if *gwcResource.EnvoyProxyForGatewayClass.Spec.MergeGateways { r.mergeGateways.Insert(managedGC.Name) } else { r.mergeGateways.Delete(managedGC.Name) @@ -318,17 +318,17 @@ func (r *gatewayAPIReconciler) Reconcile(ctx context.Context, _ reconcile.Reques } func (r *gatewayAPIReconciler) processEnvoyProxySecretRef(ctx context.Context, gwcResource *gatewayapi.Resources) { - if gwcResource.ClassEnvoyProxy == nil || gwcResource.ClassEnvoyProxy.Spec.BackendTLS == nil || gwcResource.ClassEnvoyProxy.Spec.BackendTLS.ClientCertificateRef == nil { + if gwcResource.EnvoyProxyForGatewayClass == nil || gwcResource.EnvoyProxyForGatewayClass.Spec.BackendTLS == nil || gwcResource.EnvoyProxyForGatewayClass.Spec.BackendTLS.ClientCertificateRef == nil { return } - certRef := gwcResource.ClassEnvoyProxy.Spec.BackendTLS.ClientCertificateRef + certRef := gwcResource.EnvoyProxyForGatewayClass.Spec.BackendTLS.ClientCertificateRef if refsSecret(certRef) { if err := r.processSecretRef( ctx, newResourceMapping(), gwcResource, gatewayapi.KindGateway, - gwcResource.ClassEnvoyProxy.Namespace, + gwcResource.EnvoyProxyForGatewayClass.Namespace, gatewayapi.KindEnvoyProxy, *certRef); err != nil { r.log.Error(err, @@ -1554,7 +1554,7 @@ func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw return nil } - if resourceTree.ClassEnvoyProxy != nil && resourceTree.ClassEnvoyProxy.Spec.MergeGateways != nil && *resourceTree.ClassEnvoyProxy.Spec.MergeGateways { + if resourceTree.EnvoyProxyForGatewayClass != nil && resourceTree.EnvoyProxyForGatewayClass.Spec.MergeGateways != nil && *resourceTree.EnvoyProxyForGatewayClass.Spec.MergeGateways { return fmt.Errorf("infrastructure.parametersref must be nil when MergeGateways feature is enabled by gatewayclass") } @@ -1592,7 +1592,7 @@ func (r *gatewayAPIReconciler) processGatewayParamsRef(ctx context.Context, gtw } } - resourceTree.EnvoyProxies = append(resourceTree.EnvoyProxies, ep) + resourceTree.EnvoyProxiesForGateways = append(resourceTree.EnvoyProxiesForGateways, ep) return nil } @@ -1613,7 +1613,7 @@ func (r *gatewayAPIReconciler) processGatewayClassParamsRef(ctx context.Context, if err := r.processEnvoyProxy(ep, resourceMap); err != nil { return err } - resourceTree.ClassEnvoyProxy = ep + resourceTree.EnvoyProxyForGatewayClass = ep return nil } diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go index eacf5316ccd..e3b63360163 100644 --- a/internal/provider/kubernetes/controller_test.go +++ b/internal/provider/kubernetes/controller_test.go @@ -282,7 +282,7 @@ func TestProcessGatewayClassParamsRef(t *testing.T) { if tc.expected { require.NoError(t, err) // Ensure the resource tree and map are as expected. - require.Equal(t, tc.ep, resourceTree.ClassEnvoyProxy) + require.Equal(t, tc.ep, resourceTree.EnvoyProxyForGatewayClass) } else { require.Error(t, err) } diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index 69b1703feee..da58fcd4188 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -208,8 +208,8 @@ func testGatewayClassWithParamRef(ctx context.Context, t *testing.T, provider *P return false } - if res.ClassEnvoyProxy != nil { - assert.Equal(t, res.ClassEnvoyProxy.Spec, ep.Spec) + if res.EnvoyProxyForGatewayClass != nil { + assert.Equal(t, res.EnvoyProxyForGatewayClass.Spec, ep.Spec) return true } From a859769bf83eee7fc3b75dd148fc0c1a54ee6d7f Mon Sep 17 00:00:00 2001 From: haoqixu Date: Sat, 15 Jun 2024 11:06:49 +0800 Subject: [PATCH 21/24] rename json/yaml name for envoyproxy Signed-off-by: haoqixu --- .../egctl/testdata/translate/out/default-resources.all.yaml | 2 +- .../egctl/testdata/translate/out/invalid-envoyproxy.all.yaml | 2 +- .../egctl/testdata/translate/out/valid-envoyproxy.all.yaml | 2 +- internal/gatewayapi/resource.go | 4 ++-- internal/gatewayapi/testdata/conflicting-policies.in.yaml | 2 +- internal/gatewayapi/testdata/custom-filter-order.in.yaml | 2 +- internal/gatewayapi/testdata/disable-accesslog.in.yaml | 2 +- .../envoypatchpolicy-invalid-feature-disabled.in.yaml | 2 +- ...nvoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml | 2 +- .../testdata/envoypatchpolicy-valid-merge-gateways.in.yaml | 2 +- .../testdata/envoyproxy-accesslog-backend-invalid.in.yaml | 2 +- .../gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml | 2 +- .../testdata/envoyproxy-accesslog-file-json-no-format.in.yaml | 2 +- .../testdata/envoyproxy-accesslog-file-json.in.yaml | 2 +- .../testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml | 2 +- internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml | 2 +- .../gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml | 2 +- .../testdata/envoyproxy-metric-backend-invalid.in.yaml | 2 +- .../gatewayapi/testdata/envoyproxy-metric-backend.in.yaml | 2 +- .../gatewayapi/testdata/envoyproxy-service-routing.in.yaml | 2 +- .../testdata/envoyproxy-tls-settings-invalid-ns.in.yaml | 2 +- .../testdata/envoyproxy-tls-settings-invalid.in.yaml | 2 +- internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml | 2 +- .../testdata/envoyproxy-tracing-backend-invalid.in.yaml | 2 +- .../gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml | 2 +- internal/gatewayapi/testdata/envoyproxy-valid.in.yaml | 2 +- .../gateway-with-infrastructure-parametersref.in.yaml | 2 +- ...with-invalid-infrastructure-parametersref-fallback.in.yaml | 4 ++-- .../testdata/merge-invalid-multiple-gateways.in.yaml | 2 +- ...id-multiple-gateways-multiple-listeners-same-ports.in.yaml | 2 +- .../merge-valid-multiple-gateways-multiple-routes.in.yaml | 2 +- .../gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml | 2 +- .../testdata/merge-with-isolated-policies-2.in.yaml | 2 +- .../gatewayapi/testdata/merge-with-isolated-policies.in.yaml | 2 +- .../testdata/tracing-merged-multiple-routes.in.yaml | 2 +- internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml | 2 +- 36 files changed, 38 insertions(+), 38 deletions(-) diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index e30d25490e3..1ef7ecd9163 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: metadata: creationTimestamp: null name: default-envoy-proxy diff --git a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml index ff74a3dd412..df303817570 100644 --- a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: metadata: creationTimestamp: null name: example diff --git a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml index 013161280e4..09fb3051c14 100644 --- a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: metadata: creationTimestamp: null name: example diff --git a/internal/gatewayapi/resource.go b/internal/gatewayapi/resource.go index b85452fb0e2..3595e9c1c60 100644 --- a/internal/gatewayapi/resource.go +++ b/internal/gatewayapi/resource.go @@ -36,9 +36,9 @@ type Resources struct { // the translator // EnvoyProxyForGatewayClass holds EnvoyProxy attached to GatewayClass - EnvoyProxyForGatewayClass *egv1a1.EnvoyProxy `json:"classEnvoyProxy,omitempty" yaml:"classEnvoyProxy,omitempty"` + EnvoyProxyForGatewayClass *egv1a1.EnvoyProxy `json:"envoyProxyForGatewayClass,omitempty" yaml:"envoyProxyForGatewayClass,omitempty"` // EnvoyProxiesForGateways holds EnvoyProxiesForGateways attached to Gateways - EnvoyProxiesForGateways []*egv1a1.EnvoyProxy `json:"EnvoyProxies,omitempty" yaml:"EnvoyProxies,omitempty"` + EnvoyProxiesForGateways []*egv1a1.EnvoyProxy `json:"envoyProxiesForGateways,omitempty" yaml:"envoyProxiesForGateways,omitempty"` GatewayClass *gwapiv1.GatewayClass `json:"gatewayClass,omitempty" yaml:"gatewayClass,omitempty"` Gateways []*gwapiv1.Gateway `json:"gateways,omitempty" yaml:"gateways,omitempty"` diff --git a/internal/gatewayapi/testdata/conflicting-policies.in.yaml b/internal/gatewayapi/testdata/conflicting-policies.in.yaml index 794772892b6..a53cb56fb6a 100644 --- a/internal/gatewayapi/testdata/conflicting-policies.in.yaml +++ b/internal/gatewayapi/testdata/conflicting-policies.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/custom-filter-order.in.yaml b/internal/gatewayapi/testdata/custom-filter-order.in.yaml index a97abadb68a..d3e931aed52 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.in.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.in.yaml @@ -6,7 +6,7 @@ secrets: name: users-secret1 data: .htpasswd: "dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=" -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/disable-accesslog.in.yaml b/internal/gatewayapi/testdata/disable-accesslog.in.yaml index 533f4ec187e..29176f3e9c6 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.in.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml index 3bacde1ab7a..2ffb3b21648 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml index 3a58a936f3e..d87effdca85 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml index f66bd2a127c..5a1d480305a 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml index f431a779d2d..c6c6f9b9c7d 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml index 2d2a204e8d0..9e93d96a9f6 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml index 6dd9ba72858..de2444639ca 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml index 7997f8c9d82..d4ca30a7ea4 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml index c908da35141..488d9a14957 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml index 39f9b24fda8..3eec4aa41fc 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml index ace6a17f610..f55e5f77198 100644 --- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.in.yaml @@ -1,4 +1,4 @@ -classenvoyproxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml index 62d6aa4c6ef..c8faf616eab 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml index 9152da9ea9b..f6db7f1f1f0 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml index f8a53b211f8..00c59d08c38 100644 --- a/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing.in.yaml @@ -1,4 +1,4 @@ -classenvoyproxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml index e0c1685387d..46b9070f24e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml index 09a8ed22a1e..7917eda836f 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml index baf4037ce81..d813cefb5c7 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings.in.yaml @@ -124,7 +124,7 @@ backendTLSPolicies: validation: wellKnownCACertificates: System hostname: example.com -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml index 98379a74863..508ecb83b17 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml index 346dd2d5e30..9cd3485cec3 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml index c9b3bb21cfe..cabf69d5018 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml index 66d003a8a6e..a86a76b76e2 100644 --- a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml +++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.in.yaml @@ -1,4 +1,4 @@ -envoyProxies: +envoyProxiesForGateways: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml index 8584265fb9b..73e30d9bf74 100644 --- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: @@ -12,7 +12,7 @@ classEnvoyProxy: host: otel-collector.monitoring.svc.cluster.local port: 4317 type: OpenTelemetry -envoyProxies: +envoyProxiesForGateways: gateways: - apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml index 6bec98e6203..e9c06e7b29e 100644 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml index 6650cb13528..a0f17504ebc 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml index a90191d615f..6bb2a07dd53 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml index 34db81d8edc..54a1e9ad2cb 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml index 69b5e5fe28f..ba426f531bf 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml index f6be98ca00f..22df4983a8a 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml index f3fba008414..e85b2b20db9 100644 --- a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: diff --git a/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml b/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml index 1a4592a3549..b25b6dac21a 100644 --- a/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml +++ b/internal/gatewayapi/testdata/tracing-multiple-routes.in.yaml @@ -1,4 +1,4 @@ -classEnvoyProxy: +envoyProxyForGatewayClass: apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: From 7e0f3b9a2376b421f91aedba00091b3579bb256a Mon Sep 17 00:00:00 2001 From: haoqixu Date: Sat, 15 Jun 2024 12:22:06 +0800 Subject: [PATCH 22/24] fix: pass the right envoyProxy to t.IsEnvoyServiceRouting Signed-off-by: haoqixu --- internal/gatewayapi/ext_service.go | 2 +- internal/gatewayapi/listener.go | 10 +++---- internal/gatewayapi/route.go | 45 +++++++++++++++++------------- 3 files changed, 31 insertions(+), 26 deletions(-) diff --git a/internal/gatewayapi/ext_service.go b/internal/gatewayapi/ext_service.go index 5f75c2f8802..3574e8249ef 100644 --- a/internal/gatewayapi/ext_service.go +++ b/internal/gatewayapi/ext_service.go @@ -37,7 +37,7 @@ func (t *Translator) processExtServiceDestination( switch KindDerefOr(backendRef.Kind, KindService) { case KindService: - ds = t.processServiceDestinationSetting(*backendRef, backendNamespace, protocol, resources) + ds = t.processServiceDestinationSetting(*backendRef, backendNamespace, protocol, resources, envoyProxy) case egv1a1.KindBackend: if !t.BackendEnabled { return nil, fmt.Errorf("resource %s of type Backend cannot be used since Backend is disabled in Envoy Gateway configuration", string(backendRef.Name)) diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index fac12318dd7..8957874cbae 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -271,7 +271,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources * } // TODO: how to get authority from the backendRefs? - ds, err := t.processBackendRefs(sink.OpenTelemetry.BackendRefs, envoyproxy.Namespace, resources) + ds, err := t.processBackendRefs(sink.OpenTelemetry.BackendRefs, envoyproxy.Namespace, resources, envoyproxy) if err != nil { return nil, err } @@ -315,7 +315,7 @@ func (t *Translator) processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.Envo tracing := envoyproxy.Spec.Telemetry.Tracing // TODO: how to get authority from the backendRefs? - ds, err := t.processBackendRefs(tracing.Provider.BackendRefs, envoyproxy.Namespace, resources) + ds, err := t.processBackendRefs(tracing.Provider.BackendRefs, envoyproxy.Namespace, resources, envoyproxy) if err != nil { return nil, err } @@ -368,7 +368,7 @@ func (t *Translator) processMetrics(envoyproxy *egv1a1.EnvoyProxy, resources *Re continue } - _, err := t.processBackendRefs(sink.OpenTelemetry.BackendRefs, envoyproxy.Namespace, resources) + _, err := t.processBackendRefs(sink.OpenTelemetry.BackendRefs, envoyproxy.Namespace, resources, envoyproxy) if err != nil { return nil, err } @@ -380,7 +380,7 @@ func (t *Translator) processMetrics(envoyproxy *egv1a1.EnvoyProxy, resources *Re }, nil } -func (t *Translator) processBackendRefs(backendRefs []egv1a1.BackendRef, namespace string, resources *Resources) ([]*ir.DestinationSetting, error) { +func (t *Translator) processBackendRefs(backendRefs []egv1a1.BackendRef, namespace string, resources *Resources, envoyProxy *egv1a1.EnvoyProxy) ([]*ir.DestinationSetting, error) { result := make([]*ir.DestinationSetting, 0, len(backendRefs)) for _, ref := range backendRefs { ns := NamespaceDerefOr(ref.Namespace, namespace) @@ -392,7 +392,7 @@ func (t *Translator) processBackendRefs(backendRefs []egv1a1.BackendRef, namespa return nil, err } - ds := t.processServiceDestinationSetting(ref.BackendObjectReference, ns, ir.GRPC, resources) + ds := t.processServiceDestinationSetting(ref.BackendObjectReference, ns, ir.GRPC, resources, envoyProxy) result = append(result, ds) } if len(result) == 0 { diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 39715b1a8d2..db59bf551e2 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -172,6 +172,12 @@ func (t *Translator) processHTTPRouteParentRefs(httpRoute *HTTPRouteContext, res func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRef *RouteParentContext, resources *Resources) ([]*ir.HTTPRoute, error) { var routeRoutes []*ir.HTTPRoute + var envoyProxy *egv1a1.EnvoyProxy + + gatewayCtx := httpRoute.ParentRefs[*parentRef.ParentReference].GetGateway() + if gatewayCtx != nil { + envoyProxy = gatewayCtx.envoyProxy + } // compute matches, filters, backends for ruleIdx, rule := range httpRoute.Spec.Rules { @@ -190,7 +196,8 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe for _, backendRef := range rule.BackendRefs { backendRef := backendRef ds := t.processDestination(backendRef, parentRef, httpRoute, resources) - if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) && ds != nil && len(ds.Endpoints) > 0 && ds.AddressType != nil { + + if !t.IsEnvoyServiceRouting(envoyProxy) && ds != nil && len(ds.Endpoints) > 0 && ds.AddressType != nil { dstAddrTypeMap[*ds.AddressType]++ } if ds == nil { @@ -214,7 +221,7 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe } // TODO: support mixed endpointslice address type between backendRefs - if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) && len(dstAddrTypeMap) > 1 { + if !t.IsEnvoyServiceRouting(envoyProxy) && len(dstAddrTypeMap) > 1 { routeStatus := GetRouteStatus(httpRoute) status.SetRouteStatusCondition(routeStatus, parentRef.routeParentStatusIdx, @@ -1143,6 +1150,12 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, return nil } + var envoyProxy *egv1a1.EnvoyProxy + gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference).GetGateway() + if gatewayCtx != nil { + envoyProxy = gatewayCtx.envoyProxy + } + var ( endpoints []*ir.DestinationEndpoint addrType *ir.DestinationAddressType @@ -1159,7 +1172,7 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, } } - if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) { + if !t.IsEnvoyServiceRouting(envoyProxy) { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { @@ -1179,13 +1192,7 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, AddressType: addrType, } case KindService: - ds = t.processServiceDestinationSetting(backendRef.BackendObjectReference, backendNamespace, protocol, resources) - gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference).GetGateway() - - var envoyProxy *egv1a1.EnvoyProxy - if gatewayCtx != nil { - envoyProxy = gatewayCtx.envoyProxy - } + ds = t.processServiceDestinationSetting(backendRef.BackendObjectReference, backendNamespace, protocol, resources, envoyProxy) ds.TLS = t.applyBackendTLSSetting( backendRef.BackendObjectReference, @@ -1204,12 +1211,6 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, ds.Filters = t.processDestinationFilters(routeType, backendRefContext, parentRef, route, resources) case egv1a1.KindBackend: ds = t.processBackendDestinationSetting(backendRef.BackendObjectReference, backendNamespace, resources) - gatewayCtx := GetRouteParentContext(route, *parentRef.ParentReference).GetGateway() - - var envoyProxy *egv1a1.EnvoyProxy - if gatewayCtx != nil { - envoyProxy = gatewayCtx.envoyProxy - } ds.TLS = t.applyBackendTLSSetting( backendRef.BackendObjectReference, @@ -1228,7 +1229,7 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, ds.Filters = t.processDestinationFilters(routeType, backendRefContext, parentRef, route, resources) } - if err := validateDestinationSettings(ds, t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy), backendRef.Kind); err != nil { + if err := validateDestinationSettings(ds, t.IsEnvoyServiceRouting(envoyProxy), backendRef.Kind); err != nil { routeStatus := GetRouteStatus(route) status.SetRouteStatusCondition(routeStatus, parentRef.routeParentStatusIdx, @@ -1259,8 +1260,12 @@ func validateDestinationSettings(destinationSettings *ir.DestinationSetting, end return nil } -func (t *Translator) processServiceDestinationSetting(backendRef gwapiv1.BackendObjectReference, backendNamespace string, - protocol ir.AppProtocol, resources *Resources, +func (t *Translator) processServiceDestinationSetting( + backendRef gwapiv1.BackendObjectReference, + backendNamespace string, + protocol ir.AppProtocol, + resources *Resources, + envoyProxy *egv1a1.EnvoyProxy, ) *ir.DestinationSetting { var ( endpoints []*ir.DestinationEndpoint @@ -1283,7 +1288,7 @@ func (t *Translator) processServiceDestinationSetting(backendRef gwapiv1.Backend } // Route to endpoints by default - if !t.IsEnvoyServiceRouting(resources.ClassEnvoyProxy) { + if !t.IsEnvoyServiceRouting(envoyProxy) { endpointSlices := resources.GetEndpointSlicesForBackend(backendNamespace, string(backendRef.Name), KindDerefOr(backendRef.Kind, KindService)) endpoints, addrType = getIREndpointsFromEndpointSlices(endpointSlices, servicePort.Name, servicePort.Protocol) } else { From c2f8443adc3bd2884565bc23bdc83c9f10aa678f Mon Sep 17 00:00:00 2001 From: haoqixu Date: Sat, 15 Jun 2024 12:43:03 +0800 Subject: [PATCH 23/24] test: add more cases Signed-off-by: haoqixu --- ...proxy-endpoint-routing-for-gateway.in.yaml | 45 ++++++ ...roxy-endpoint-routing-for-gateway.out.yaml | 140 ++++++++++++++++++ ...yproxy-service-routing-for-gateway.in.yaml | 45 ++++++ ...proxy-service-routing-for-gateway.out.yaml | 139 +++++++++++++++++ 4 files changed, 369 insertions(+) create mode 100644 internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.in.yaml create mode 100755 internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml create mode 100644 internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.in.yaml create mode 100755 internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.in.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.in.yaml new file mode 100644 index 00000000000..032aac10633 --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.in.yaml @@ -0,0 +1,45 @@ +envoyProxiesForGateways: + - apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway + name: test + spec: + routingType: Endpoint +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml new file mode 100755 index 00000000000..faf3935c73d --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml @@ -0,0 +1,140 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway + spec: + logging: {} + routingType: Endpoint + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: '*' + isHTTP2: false + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.in.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.in.yaml new file mode 100644 index 00000000000..058da5a4e09 --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.in.yaml @@ -0,0 +1,45 @@ +envoyProxiesForGateways: + - apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway + name: test + spec: + routingType: Service +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + rules: + - matches: + - path: + value: "/" + backendRefs: + - name: service-1 + port: 8080 diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml new file mode 100755 index 00000000000..10160cd17cd --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml @@ -0,0 +1,139 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + infrastructure: + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: test + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: / + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway + spec: + logging: {} + routingType: Service + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - endpoints: + - host: 1.1.1.1 + port: 8080 + protocol: HTTP + weight: 1 + hostname: '*' + isHTTP2: false + name: httproute/default/httproute-1/rule/0/match/0/* + pathMatch: + distinct: false + name: "" + prefix: / From f72618f101c9c2567de636927f09f374b156c360 Mon Sep 17 00:00:00 2001 From: haoqixu Date: Sat, 15 Jun 2024 13:23:06 +0800 Subject: [PATCH 24/24] chore: regenerate Signed-off-by: haoqixu --- internal/gatewayapi/zz_generated.deepcopy.go | 64 ++++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/internal/gatewayapi/zz_generated.deepcopy.go b/internal/gatewayapi/zz_generated.deepcopy.go index 30f38db7da7..0ed43eea39d 100644 --- a/internal/gatewayapi/zz_generated.deepcopy.go +++ b/internal/gatewayapi/zz_generated.deepcopy.go @@ -10,7 +10,7 @@ package gatewayapi import ( - apiv1alpha1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/api/v1alpha1" corev1 "k8s.io/api/core/v1" discoveryv1 "k8s.io/api/discovery/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -18,12 +18,28 @@ import ( "sigs.k8s.io/gateway-api/apis/v1alpha2" "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" - "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" + apisv1alpha1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Resources) DeepCopyInto(out *Resources) { *out = *in + if in.EnvoyProxyForGatewayClass != nil { + in, out := &in.EnvoyProxyForGatewayClass, &out.EnvoyProxyForGatewayClass + *out = new(v1alpha1.EnvoyProxy) + (*in).DeepCopyInto(*out) + } + if in.EnvoyProxiesForGateways != nil { + in, out := &in.EnvoyProxiesForGateways, &out.EnvoyProxiesForGateways + *out = make([]*v1alpha1.EnvoyProxy, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(v1alpha1.EnvoyProxy) + (*in).DeepCopyInto(*out) + } + } + } if in.GatewayClass != nil { in, out := &in.GatewayClass, &out.GatewayClass *out = new(v1.GatewayClass) @@ -130,11 +146,11 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.ServiceImports != nil { in, out := &in.ServiceImports, &out.ServiceImports - *out = make([]*v1alpha1.ServiceImport, len(*in)) + *out = make([]*apisv1alpha1.ServiceImport, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1alpha1.ServiceImport) + *out = new(apisv1alpha1.ServiceImport) (*in).DeepCopyInto(*out) } } @@ -172,22 +188,6 @@ func (in *Resources) DeepCopyInto(out *Resources) { } } } - if in.EnvoyProxyForGatewayClass != nil { - in, out := &in.EnvoyProxyForGatewayClass, &out.EnvoyProxyForGatewayClass - *out = new(apiv1alpha1.EnvoyProxy) - (*in).DeepCopyInto(*out) - } - if in.EnvoyProxiesForGateways != nil { - in, out := &in.EnvoyProxiesForGateways, &out.EnvoyProxiesForGateways - *out = make([]*apiv1alpha1.EnvoyProxy, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.EnvoyProxy) - (*in).DeepCopyInto(*out) - } - } - } if in.ExtensionRefFilters != nil { in, out := &in.ExtensionRefFilters, &out.ExtensionRefFilters *out = make([]unstructured.Unstructured, len(*in)) @@ -197,44 +197,44 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.EnvoyPatchPolicies != nil { in, out := &in.EnvoyPatchPolicies, &out.EnvoyPatchPolicies - *out = make([]*apiv1alpha1.EnvoyPatchPolicy, len(*in)) + *out = make([]*v1alpha1.EnvoyPatchPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.EnvoyPatchPolicy) + *out = new(v1alpha1.EnvoyPatchPolicy) (*in).DeepCopyInto(*out) } } } if in.ClientTrafficPolicies != nil { in, out := &in.ClientTrafficPolicies, &out.ClientTrafficPolicies - *out = make([]*apiv1alpha1.ClientTrafficPolicy, len(*in)) + *out = make([]*v1alpha1.ClientTrafficPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.ClientTrafficPolicy) + *out = new(v1alpha1.ClientTrafficPolicy) (*in).DeepCopyInto(*out) } } } if in.BackendTrafficPolicies != nil { in, out := &in.BackendTrafficPolicies, &out.BackendTrafficPolicies - *out = make([]*apiv1alpha1.BackendTrafficPolicy, len(*in)) + *out = make([]*v1alpha1.BackendTrafficPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.BackendTrafficPolicy) + *out = new(v1alpha1.BackendTrafficPolicy) (*in).DeepCopyInto(*out) } } } if in.SecurityPolicies != nil { in, out := &in.SecurityPolicies, &out.SecurityPolicies - *out = make([]*apiv1alpha1.SecurityPolicy, len(*in)) + *out = make([]*v1alpha1.SecurityPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.SecurityPolicy) + *out = new(v1alpha1.SecurityPolicy) (*in).DeepCopyInto(*out) } } @@ -252,11 +252,11 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.EnvoyExtensionPolicies != nil { in, out := &in.EnvoyExtensionPolicies, &out.EnvoyExtensionPolicies - *out = make([]*apiv1alpha1.EnvoyExtensionPolicy, len(*in)) + *out = make([]*v1alpha1.EnvoyExtensionPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.EnvoyExtensionPolicy) + *out = new(v1alpha1.EnvoyExtensionPolicy) (*in).DeepCopyInto(*out) } } @@ -270,11 +270,11 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.Backends != nil { in, out := &in.Backends, &out.Backends - *out = make([]*apiv1alpha1.Backend, len(*in)) + *out = make([]*v1alpha1.Backend, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(apiv1alpha1.Backend) + *out = new(v1alpha1.Backend) (*in).DeepCopyInto(*out) } }