diff --git a/internal/cmd/egctl/status.go b/internal/cmd/egctl/status.go index 08c06f16cc..3e24be3442 100644 --- a/internal/cmd/egctl/status.go +++ b/internal/cmd/egctl/status.go @@ -198,7 +198,7 @@ func runStatus(ctx context.Context, logOut io.Writer, cli client.Client, inputRe resourceKind = resource.KindUDPRoute case "tlsroute": - tlsroute := gwapiv1a3.TLSRouteList{} + tlsroute := gwapiv1a2.TLSRouteList{} if err := cli.List(ctx, &tlsroute, client.InNamespace(namespace)); err != nil { return err } @@ -206,7 +206,7 @@ func runStatus(ctx context.Context, logOut io.Writer, cli client.Client, inputRe resourceKind = resource.KindTLSRoute case "btlspolicy", "backendtlspolicy": - btlspolicy := gwapiv1.BackendTLSPolicyList{} + btlspolicy := gwapiv1a3.BackendTLSPolicyList{} if err := cli.List(ctx, &btlspolicy, client.InNamespace(namespace)); err != nil { return err } diff --git a/internal/cmd/egctl/status_test.go b/internal/cmd/egctl/status_test.go index 4b8b8d158a..69bd361c42 100644 --- a/internal/cmd/egctl/status_test.go +++ b/internal/cmd/egctl/status_test.go @@ -14,6 +14,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi" @@ -479,8 +480,8 @@ http2 gateway/test-2 foobar4 test-status-4 test reason 4 }, { name: "egctl x status btlspolicy", - resourceList: &gwapiv1.BackendTLSPolicyList{ - Items: []gwapiv1.BackendTLSPolicy{ + resourceList: &gwapiv1a3.BackendTLSPolicyList{ + Items: []gwapiv1a3.BackendTLSPolicy{ { ObjectMeta: metav1.ObjectMeta{ Name: "btls", diff --git a/internal/cmd/egctl/testdata/translate/in/default-resources.yaml b/internal/cmd/egctl/testdata/translate/in/default-resources.yaml index 774d92b62d..6d36244aeb 100644 --- a/internal/cmd/egctl/testdata/translate/in/default-resources.yaml +++ b/internal/cmd/egctl/testdata/translate/in/default-resources.yaml @@ -75,7 +75,7 @@ spec: port: 3000 weight: 1 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/cmd/egctl/testdata/translate/in/from-gateway-api-to-xds.yaml b/internal/cmd/egctl/testdata/translate/in/from-gateway-api-to-xds.yaml index d095bb32af..6531c44db5 100644 --- a/internal/cmd/egctl/testdata/translate/in/from-gateway-api-to-xds.yaml +++ b/internal/cmd/egctl/testdata/translate/in/from-gateway-api-to-xds.yaml @@ -106,7 +106,7 @@ spec: port: 3000 weight: 1 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/cmd/egctl/testdata/translate/in/invalid-envoyproxy.yaml b/internal/cmd/egctl/testdata/translate/in/invalid-envoyproxy.yaml index c889f378dd..e4e971d233 100644 --- a/internal/cmd/egctl/testdata/translate/in/invalid-envoyproxy.yaml +++ b/internal/cmd/egctl/testdata/translate/in/invalid-envoyproxy.yaml @@ -131,7 +131,7 @@ spec: port: 3000 weight: 1 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/cmd/egctl/testdata/translate/in/valid-envoyproxy.yaml b/internal/cmd/egctl/testdata/translate/in/valid-envoyproxy.yaml index af72579429..a3a21baf9c 100644 --- a/internal/cmd/egctl/testdata/translate/in/valid-envoyproxy.yaml +++ b/internal/cmd/egctl/testdata/translate/in/valid-envoyproxy.yaml @@ -124,7 +124,7 @@ spec: port: 3000 weight: 1 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 56a8718d25..82e4c9a228 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -472,7 +472,7 @@ tcpRoutes: name: eg sectionName: tcp tlsRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha3 +- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml index 3341f5d606..32be7284d8 100644 --- a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml @@ -317,7 +317,7 @@ tcpRoutes: name: eg sectionName: tcp tlsRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha3 +- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/gatewayapi/backend.go b/internal/gatewayapi/backend.go index 471c8de548..124c468ac4 100644 --- a/internal/gatewayapi/backend.go +++ b/internal/gatewayapi/backend.go @@ -13,14 +13,14 @@ import ( "k8s.io/apimachinery/pkg/util/validation" "k8s.io/utils/ptr" - gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi/status" "github.com/envoyproxy/gateway/internal/utils/net" ) -func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy) []*egv1a1.Backend { +func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy) []*egv1a1.Backend { res := make([]*egv1a1.Backend, 0, len(backends)) for _, backend := range backends { // Ensure Backends are enabled @@ -41,7 +41,7 @@ func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolic return res } -func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy, runningOnHost bool) status.Error { +func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy, runningOnHost bool) status.Error { if backend.Spec.Type != nil && *backend.Spec.Type == egv1a1.BackendTypeDynamicResolver { if len(backend.Spec.Endpoints) > 0 { return status.NewRouteStatusError( @@ -87,7 +87,7 @@ func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.Back } // validateBackendTLSSettings validates CACert is specified if InsecureSkipVerify is false -func validateBackendTLSSettings(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy) status.Error { +func validateBackendTLSSettings(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy) status.Error { if backend.Spec.TLS == nil { return nil } diff --git a/internal/gatewayapi/backendtlspolicy.go b/internal/gatewayapi/backendtlspolicy.go index 2374ee466e..b454accb78 100644 --- a/internal/gatewayapi/backendtlspolicy.go +++ b/internal/gatewayapi/backendtlspolicy.go @@ -14,6 +14,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi/resource" @@ -26,10 +27,10 @@ var ErrBackendTLSPolicyInvalidKind = fmt.Errorf("no CA bundle found in reference // ProcessBackendTLSPolicyStatus is called to post-process Backend TLS Policy status // after they were applied in all relevant translations. -func (t *Translator) ProcessBackendTLSPolicyStatus(btlsp []*gwapiv1.BackendTLSPolicy) { - targetRefs := map[string]*gwapiv1.BackendTLSPolicy{} +func (t *Translator) ProcessBackendTLSPolicyStatus(btlsp []*gwapiv1a3.BackendTLSPolicy) { + targetRefs := map[string]*gwapiv1a3.BackendTLSPolicy{} for _, policy := range btlsp { - conflicted, conflictPolicy := false, &gwapiv1.BackendTLSPolicy{} + conflicted, conflictPolicy := false, &gwapiv1a3.BackendTLSPolicy{} for _, ref := range policy.Spec.TargetRefs { key := localPolicyTargetReferenceWithSectionNameToKey(policy.Namespace, ref) p, exists := targetRefs[key] @@ -392,7 +393,7 @@ func (t *Translator) processClientTLSSettings( return tlsConfig, nil } -func backendTLSTargetMatched(policy *gwapiv1.BackendTLSPolicy, target gwapiv1.LocalPolicyTargetReferenceWithSectionName, backendNamespace string) bool { +func backendTLSTargetMatched(policy *gwapiv1a3.BackendTLSPolicy, target gwapiv1.LocalPolicyTargetReferenceWithSectionName, backendNamespace string) bool { for _, currTarget := range policy.Spec.TargetRefs { if target.Group == currTarget.Group && target.Kind == currTarget.Kind && @@ -410,10 +411,10 @@ func backendTLSTargetMatched(policy *gwapiv1.BackendTLSPolicy, target gwapiv1.Lo } func (t *Translator) getBackendTLSPolicy( - policies []*gwapiv1.BackendTLSPolicy, + policies []*gwapiv1a3.BackendTLSPolicy, backendRef gwapiv1.BackendObjectReference, backendNamespace string, -) *gwapiv1.BackendTLSPolicy { +) *gwapiv1a3.BackendTLSPolicy { // SectionName is port number for EG Backend object target := t.getTargetBackendReference(backendRef, backendNamespace) for _, policy := range policies { @@ -424,7 +425,7 @@ func (t *Translator) getBackendTLSPolicy( return nil } -func (t *Translator) getBackendTLSBundle(backendTLSPolicy *gwapiv1.BackendTLSPolicy) (*ir.TLSUpstreamConfig, error) { +func (t *Translator) getBackendTLSBundle(backendTLSPolicy *gwapiv1a3.BackendTLSPolicy) (*ir.TLSUpstreamConfig, error) { // Translate SubjectAltNames from gwapiv1a3 to ir subjectAltNames := make([]ir.SubjectAltName, 0, len(backendTLSPolicy.Spec.Validation.SubjectAltNames)) for _, san := range backendTLSPolicy.Spec.Validation.SubjectAltNames { @@ -520,7 +521,7 @@ func (t *Translator) getCaCertsFromCARefs( return []byte(ca), nil } -func getAncestorRefs(policy *gwapiv1.BackendTLSPolicy) []*gwapiv1.ParentReference { +func getAncestorRefs(policy *gwapiv1a3.BackendTLSPolicy) []*gwapiv1.ParentReference { ret := make([]*gwapiv1.ParentReference, len(policy.Status.Ancestors)) for i, ancestor := range policy.Status.Ancestors { ret[i] = &ancestor.AncestorRef diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 41189f4327..b5f5d81716 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -15,7 +15,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" mcsapiv1a1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" @@ -276,7 +275,7 @@ func (r *GRPCRouteContext) SetRouteParentContext(forParentRef gwapiv1.ParentRefe // TLSRouteContext wraps a TLSRoute and provides helper methods for // accessing the route's parents. type TLSRouteContext struct { - *gwapiv1a3.TLSRoute + *gwapiv1a2.TLSRoute ParentRefs map[gwapiv1.ParentReference]*RouteParentContext } @@ -596,7 +595,7 @@ type RouteParentContext struct { // a single field pointing to *gwapiv1.RouteStatus. HTTPRoute *gwapiv1.HTTPRoute GRPCRoute *gwapiv1.GRPCRoute - TLSRoute *gwapiv1a3.TLSRoute + TLSRoute *gwapiv1a2.TLSRoute TCPRoute *gwapiv1a2.TCPRoute UDPRoute *gwapiv1a2.UDPRoute diff --git a/internal/gatewayapi/resource/load.go b/internal/gatewayapi/resource/load.go index f7b73653ea..dee1ce3c5f 100644 --- a/internal/gatewayapi/resource/load.go +++ b/internal/gatewayapi/resource/load.go @@ -234,7 +234,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy resources.UDPRoutes = append(resources.UDPRoutes, udpRoute) case KindTLSRoute: typedSpec := spec.Interface() - tlsRoute := &gwapiv1a3.TLSRoute{ + tlsRoute := &gwapiv1a2.TLSRoute{ TypeMeta: metav1.TypeMeta{ Kind: KindTLSRoute, APIVersion: gv, @@ -243,7 +243,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy Name: name, Namespace: namespace, }, - Spec: typedSpec.(gwapiv1a3.TLSRouteSpec), + Spec: typedSpec.(gwapiv1a2.TLSRouteSpec), } resources.TLSRoutes = append(resources.TLSRoutes, tlsRoute) case KindHTTPRoute: @@ -423,7 +423,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy resources.ConfigMaps = append(resources.ConfigMaps, configMap) case KindBackendTLSPolicy: typedSpec := spec.Interface() - backendTLSPolicy := &gwapiv1.BackendTLSPolicy{ + backendTLSPolicy := &gwapiv1a3.BackendTLSPolicy{ TypeMeta: metav1.TypeMeta{ Kind: KindBackendTLSPolicy, APIVersion: gv, @@ -594,7 +594,7 @@ func addMissingServices(requiredServices map[string]*corev1.Service, obj interfa refs = append(refs, rule.BackendRefs[i].BackendRef) } } - case *gwapiv1a3.TLSRoute: + case *gwapiv1a2.TLSRoute: objNamespace = route.Namespace for _, rule := range route.Spec.Rules { refs = append(refs, rule.BackendRefs...) diff --git a/internal/gatewayapi/resource/resource.go b/internal/gatewayapi/resource/resource.go index ed3844679c..b3ac643686 100644 --- a/internal/gatewayapi/resource/resource.go +++ b/internal/gatewayapi/resource/resource.go @@ -46,7 +46,7 @@ type Resources struct { Gateways []*gwapiv1.Gateway `json:"gateways,omitempty" yaml:"gateways,omitempty"` HTTPRoutes []*gwapiv1.HTTPRoute `json:"httpRoutes,omitempty" yaml:"httpRoutes,omitempty"` GRPCRoutes []*gwapiv1.GRPCRoute `json:"grpcRoutes,omitempty" yaml:"grpcRoutes,omitempty"` - TLSRoutes []*gwapiv1a3.TLSRoute `json:"tlsRoutes,omitempty" yaml:"tlsRoutes,omitempty"` + TLSRoutes []*gwapiv1a2.TLSRoute `json:"tlsRoutes,omitempty" yaml:"tlsRoutes,omitempty"` TCPRoutes []*gwapiv1a2.TCPRoute `json:"tcpRoutes,omitempty" yaml:"tcpRoutes,omitempty"` UDPRoutes []*gwapiv1a2.UDPRoute `json:"udpRoutes,omitempty" yaml:"udpRoutes,omitempty"` ReferenceGrants []*gwapiv1b1.ReferenceGrant `json:"referenceGrants,omitempty" yaml:"referenceGrants,omitempty"` @@ -61,7 +61,7 @@ type Resources struct { ClientTrafficPolicies []*egv1a1.ClientTrafficPolicy `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"` BackendTrafficPolicies []*egv1a1.BackendTrafficPolicy `json:"backendTrafficPolicies,omitempty" yaml:"backendTrafficPolicies,omitempty"` SecurityPolicies []*egv1a1.SecurityPolicy `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"` - BackendTLSPolicies []*gwapiv1.BackendTLSPolicy `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"` + BackendTLSPolicies []*gwapiv1a3.BackendTLSPolicy `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"` EnvoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy `json:"envoyExtensionPolicies,omitempty" yaml:"envoyExtensionPolicies,omitempty"` ExtensionServerPolicies []unstructured.Unstructured `json:"extensionServerPolicies,omitempty" yaml:"extensionServerPolicies,omitempty"` Backends []*egv1a1.Backend `json:"backends,omitempty" yaml:"backends,omitempty"` @@ -75,7 +75,7 @@ func NewResources() *Resources { Gateways: []*gwapiv1.Gateway{}, HTTPRoutes: []*gwapiv1.HTTPRoute{}, GRPCRoutes: []*gwapiv1.GRPCRoute{}, - TLSRoutes: []*gwapiv1a3.TLSRoute{}, + TLSRoutes: []*gwapiv1a2.TLSRoute{}, Services: []*corev1.Service{}, EndpointSlices: []*discoveryv1.EndpointSlice{}, Secrets: []*corev1.Secret{}, @@ -87,7 +87,7 @@ func NewResources() *Resources { ClientTrafficPolicies: []*egv1a1.ClientTrafficPolicy{}, BackendTrafficPolicies: []*egv1a1.BackendTrafficPolicy{}, SecurityPolicies: []*egv1a1.SecurityPolicy{}, - BackendTLSPolicies: []*gwapiv1.BackendTLSPolicy{}, + BackendTLSPolicies: []*gwapiv1a3.BackendTLSPolicy{}, EnvoyExtensionPolicies: []*egv1a1.EnvoyExtensionPolicy{}, ExtensionServerPolicies: []unstructured.Unstructured{}, Backends: []*egv1a1.Backend{}, diff --git a/internal/gatewayapi/resource/testdata/all-resources.in.yaml b/internal/gatewayapi/resource/testdata/all-resources.in.yaml index 044e4ece78..2321f46e17 100644 --- a/internal/gatewayapi/resource/testdata/all-resources.in.yaml +++ b/internal/gatewayapi/resource/testdata/all-resources.in.yaml @@ -57,7 +57,7 @@ spec: - name: backend port: 3000 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/gatewayapi/resource/testdata/all-resources.out.yaml b/internal/gatewayapi/resource/testdata/all-resources.out.yaml index 0f7e0b9a50..61f791d0b7 100644 --- a/internal/gatewayapi/resource/testdata/all-resources.out.yaml +++ b/internal/gatewayapi/resource/testdata/all-resources.out.yaml @@ -429,7 +429,7 @@ tcpRoutes: status: parents: null tlsRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha3 +- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/gatewayapi/resource/testdata/all-resources2.in.yaml b/internal/gatewayapi/resource/testdata/all-resources2.in.yaml index 044e4ece78..2321f46e17 100644 --- a/internal/gatewayapi/resource/testdata/all-resources2.in.yaml +++ b/internal/gatewayapi/resource/testdata/all-resources2.in.yaml @@ -57,7 +57,7 @@ spec: - name: backend port: 3000 --- -apiVersion: gateway.networking.k8s.io/v1alpha3 +apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/gatewayapi/resource/testdata/all-resources2.out.yaml b/internal/gatewayapi/resource/testdata/all-resources2.out.yaml index 0f7e0b9a50..61f791d0b7 100644 --- a/internal/gatewayapi/resource/testdata/all-resources2.out.yaml +++ b/internal/gatewayapi/resource/testdata/all-resources2.out.yaml @@ -429,7 +429,7 @@ tcpRoutes: status: parents: null tlsRoutes: -- apiVersion: gateway.networking.k8s.io/v1alpha3 +- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: backend diff --git a/internal/gatewayapi/resource/zz_generated.deepcopy.go b/internal/gatewayapi/resource/zz_generated.deepcopy.go index b02f43a074..23d6033ca8 100644 --- a/internal/gatewayapi/resource/zz_generated.deepcopy.go +++ b/internal/gatewayapi/resource/zz_generated.deepcopy.go @@ -81,11 +81,11 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.TLSRoutes != nil { in, out := &in.TLSRoutes, &out.TLSRoutes - *out = make([]*v1alpha3.TLSRoute, len(*in)) + *out = make([]*v1alpha2.TLSRoute, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1alpha3.TLSRoute) + *out = new(v1alpha2.TLSRoute) (*in).DeepCopyInto(*out) } } @@ -242,11 +242,11 @@ func (in *Resources) DeepCopyInto(out *Resources) { } if in.BackendTLSPolicies != nil { in, out := &in.BackendTLSPolicies, &out.BackendTLSPolicies - *out = make([]*v1.BackendTLSPolicy, len(*in)) + *out = make([]*v1alpha3.BackendTLSPolicy, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1.BackendTLSPolicy) + *out = new(v1alpha3.BackendTLSPolicy) (*in).DeepCopyInto(*out) } } diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index c0aadb20e0..7b965c7134 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -21,7 +21,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" mcsapiv1a1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" @@ -49,7 +48,7 @@ var ( type RoutesTranslator interface { ProcessHTTPRoutes(httpRoutes []*gwapiv1.HTTPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*HTTPRouteContext ProcessGRPCRoutes(grpcRoutes []*gwapiv1.GRPCRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*GRPCRouteContext - ProcessTLSRoutes(tlsRoutes []*gwapiv1a3.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext + ProcessTLSRoutes(tlsRoutes []*gwapiv1a2.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext ProcessTCPRoutes(tcpRoutes []*gwapiv1a2.TCPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TCPRouteContext ProcessUDPRoutes(udpRoutes []*gwapiv1a2.UDPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*UDPRouteContext } @@ -1254,7 +1253,7 @@ func filterEGPrefix(in map[string]string) map[string]string { return out } -func (t *Translator) ProcessTLSRoutes(tlsRoutes []*gwapiv1a3.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext { +func (t *Translator) ProcessTLSRoutes(tlsRoutes []*gwapiv1a2.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext { relevantTLSRoutes := make([]*TLSRouteContext, 0, len(tlsRoutes)) // TLSRoutes are already sorted by the provider layer diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 39551433dd..18b0222513 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -141,7 +141,7 @@ func newTranslateResult( clientTrafficPolicies []*egv1a1.ClientTrafficPolicy, backendTrafficPolicies []*egv1a1.BackendTrafficPolicy, securityPolicies []*egv1a1.SecurityPolicy, - backendTLSPolicies []*gwapiv1.BackendTLSPolicy, + backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy, envoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy, extPolicies []unstructured.Unstructured, backends []*egv1a1.Backend, @@ -176,7 +176,7 @@ func newTranslateResult( } if n := len(tlsRoutes); n > 0 { - translateResult.TLSRoutes = make([]*gwapiv1a3.TLSRoute, n) + translateResult.TLSRoutes = make([]*gwapiv1a2.TLSRoute, n) for i, tlsRoute := range tlsRoutes { translateResult.TLSRoutes[i] = tlsRoute.TLSRoute } diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index c3aaaeb01e..dbe9516953 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -1880,7 +1880,7 @@ func (r *gatewayAPIReconciler) processSecurityPolicies( func (r *gatewayAPIReconciler) processBackendTLSPolicies( ctx context.Context, resourceTree *resource.Resources, resourceMap *resourceMappings, ) error { - backendTLSPolicies := gwapiv1.BackendTLSPolicyList{} + backendTLSPolicies := gwapiv1a3.BackendTLSPolicyList{} if err := r.client.List(ctx, &backendTLSPolicies); err != nil { return fmt.Errorf("error listing BackendTLSPolicies: %w", err) } @@ -2039,20 +2039,21 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M } } - r.tlsRouteCRDExists = r.crdExists(mgr, resource.KindTLSRoute, gwapiv1a3.GroupVersion.String()) + // Add multiple versions to pass `make kube-test`, setup-envtest install the storage version only? + r.tlsRouteCRDExists = r.crdExists(mgr, resource.KindTLSRoute, gwapiv1a2.GroupVersion.String(), gwapiv1a3.GroupVersion.String()) if !r.tlsRouteCRDExists { r.log.Info("TLSRoute CRD not found, skipping TLSRoute watch") } else { // Watch TLSRoute CRUDs and process affected Gateways. - tlsrPredicates := commonPredicates[*gwapiv1a3.TLSRoute]() + tlsrPredicates := commonPredicates[*gwapiv1a2.TLSRoute]() if r.namespaceLabel != nil { - tlsrPredicates = append(tlsrPredicates, predicate.NewTypedPredicateFuncs(func(route *gwapiv1a3.TLSRoute) bool { + tlsrPredicates = append(tlsrPredicates, predicate.NewTypedPredicateFuncs(func(route *gwapiv1a2.TLSRoute) bool { return r.hasMatchingNamespaceLabels(route) })) } if err := c.Watch( - source.Kind(mgr.GetCache(), &gwapiv1a3.TLSRoute{}, - handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, route *gwapiv1a3.TLSRoute) []reconcile.Request { + source.Kind(mgr.GetCache(), &gwapiv1a2.TLSRoute{}, + handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, route *gwapiv1a2.TLSRoute) []reconcile.Request { return r.enqueueClass(ctx, route) }), tlsrPredicates...)); err != nil { @@ -2433,23 +2434,24 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M } } - r.bTLSPolicyCRDExists = r.crdExists(mgr, resource.KindBackendTLSPolicy, gwapiv1.GroupVersion.String()) + // Add multiple versions to pass `make kube-test`, setup-envtest install the storage version only? + r.bTLSPolicyCRDExists = r.crdExists(mgr, resource.KindBackendTLSPolicy, gwapiv1a3.GroupVersion.String(), gwapiv1.GroupVersion.String()) if !r.bTLSPolicyCRDExists { r.log.Info("BackendTLSPolicy CRD not found, skipping BackendTLSPolicy watch") } else { // Watch BackendTLSPolicy - btlsPredicates := []predicate.TypedPredicate[*gwapiv1.BackendTLSPolicy]{ - predicate.TypedGenerationChangedPredicate[*gwapiv1.BackendTLSPolicy]{}, + btlsPredicates := []predicate.TypedPredicate[*gwapiv1a3.BackendTLSPolicy]{ + predicate.TypedGenerationChangedPredicate[*gwapiv1a3.BackendTLSPolicy]{}, } if r.namespaceLabel != nil { - btlsPredicates = append(btlsPredicates, predicate.NewTypedPredicateFuncs(func(btp *gwapiv1.BackendTLSPolicy) bool { + btlsPredicates = append(btlsPredicates, predicate.NewTypedPredicateFuncs(func(btp *gwapiv1a3.BackendTLSPolicy) bool { return r.hasMatchingNamespaceLabels(btp) })) } if err := c.Watch( - source.Kind(mgr.GetCache(), &gwapiv1.BackendTLSPolicy{}, - handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, btp *gwapiv1.BackendTLSPolicy) []reconcile.Request { + source.Kind(mgr.GetCache(), &gwapiv1a3.BackendTLSPolicy{}, + handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, btp *gwapiv1a3.BackendTLSPolicy) []reconcile.Request { return r.enqueueClass(ctx, btp) }), btlsPredicates...)); err != nil { @@ -2704,7 +2706,8 @@ func (r *gatewayAPIReconciler) processEnvoyProxy(ep *egv1a1.EnvoyProxy, resource } // crdExists checks for the existence of the CRD in k8s APIServer before watching it -func (r *gatewayAPIReconciler) crdExists(mgr manager.Manager, kind, groupVersion string) bool { +func (r *gatewayAPIReconciler) crdExists(mgr manager.Manager, kind string, groupVersion ...string) bool { + gvs := sets.New(groupVersion...) discoveryClient, err := discovery.NewDiscoveryClientForConfig(mgr.GetConfig()) if err != nil { r.log.Error(err, "failed to create discovery client") @@ -2717,7 +2720,11 @@ func (r *gatewayAPIReconciler) crdExists(mgr manager.Manager, kind, groupVersion for _, list := range apiResourceList { for i := range list.APIResources { res := &list.APIResources[i] - if list.GroupVersion == groupVersion && res.Kind == kind { + if res.Kind != kind { + continue + } + + if gvs.Has(list.GroupVersion) { found = true break } diff --git a/internal/provider/kubernetes/controller_offline.go b/internal/provider/kubernetes/controller_offline.go index 0006af16bf..15f8e705a0 100644 --- a/internal/provider/kubernetes/controller_offline.go +++ b/internal/provider/kubernetes/controller_offline.go @@ -158,8 +158,8 @@ func newOfflineGatewayAPIClient(extensionPolicies []schema.GroupVersionKind) cli WithIndex(&gwapiv1a2.TCPRoute{}, backendTCPRouteIndex, backendTCPRouteIndexFunc). WithIndex(&gwapiv1a2.UDPRoute{}, gatewayUDPRouteIndex, gatewayUDPRouteIndexFunc). WithIndex(&gwapiv1a2.UDPRoute{}, backendUDPRouteIndex, backendUDPRouteIndexFunc). - WithIndex(&gwapiv1a3.TLSRoute{}, gatewayTLSRouteIndex, gatewayTLSRouteIndexFunc). - WithIndex(&gwapiv1a3.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). + WithIndex(&gwapiv1a2.TLSRoute{}, gatewayTLSRouteIndex, gatewayTLSRouteIndexFunc). + WithIndex(&gwapiv1a2.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). WithIndex(&egv1a1.EnvoyProxy{}, backendEnvoyProxyTelemetryIndex, backendEnvoyProxyTelemetryIndexFunc). WithIndex(&egv1a1.EnvoyProxy{}, secretEnvoyProxyIndex, secretEnvoyProxyIndexFunc). WithIndex(&egv1a1.BackendTrafficPolicy{}, configMapBtpIndex, configMapBtpIndexFunc). @@ -172,9 +172,9 @@ func newOfflineGatewayAPIClient(extensionPolicies []schema.GroupVersionKind) cli WithIndex(&egv1a1.EnvoyExtensionPolicy{}, backendEnvoyExtensionPolicyIndex, backendEnvoyExtensionPolicyIndexFunc). WithIndex(&egv1a1.EnvoyExtensionPolicy{}, secretEnvoyExtensionPolicyIndex, secretEnvoyExtensionPolicyIndexFunc). WithIndex(&egv1a1.EnvoyExtensionPolicy{}, configMapEepIndex, configMapEepIndexFunc). - WithIndex(&gwapiv1.BackendTLSPolicy{}, configMapBtlsIndex, configMapBtlsIndexFunc). - WithIndex(&gwapiv1.BackendTLSPolicy{}, secretBtlsIndex, secretBtlsIndexFunc). - WithIndex(&gwapiv1.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc). + WithIndex(&gwapiv1a3.BackendTLSPolicy{}, configMapBtlsIndex, configMapBtlsIndexFunc). + WithIndex(&gwapiv1a3.BackendTLSPolicy{}, secretBtlsIndex, secretBtlsIndexFunc). + WithIndex(&gwapiv1a3.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc). WithIndex(&egv1a1.Backend{}, configMapBackendIndex, configMapBackendIndexFunc). WithIndex(&egv1a1.Backend{}, secretBackendIndex, secretBackendIndexFunc). WithIndex(&egv1a1.Backend{}, clusterTrustBundleBackendIndex, clusterTrustBundleBackendIndexFunc). diff --git a/internal/provider/kubernetes/controller_offline_test.go b/internal/provider/kubernetes/controller_offline_test.go index 01c32a06e3..1ae8d8dba8 100644 --- a/internal/provider/kubernetes/controller_offline_test.go +++ b/internal/provider/kubernetes/controller_offline_test.go @@ -171,9 +171,9 @@ func TestNewOfflineGatewayAPIControllerIndexRegistration(t *testing.T) { }) t.Run("TLSRoute indices", func(t *testing.T) { - err := cli.List(context.Background(), &gwapiv1a3.TLSRouteList{}, client.MatchingFields{gatewayTLSRouteIndex: "any"}) + err := cli.List(context.Background(), &gwapiv1a2.TLSRouteList{}, client.MatchingFields{gatewayTLSRouteIndex: "any"}) require.NoError(t, err) - err = cli.List(context.Background(), &gwapiv1a3.TLSRouteList{}, client.MatchingFields{backendTLSRouteIndex: "any"}) + err = cli.List(context.Background(), &gwapiv1a2.TLSRouteList{}, client.MatchingFields{backendTLSRouteIndex: "any"}) require.NoError(t, err) }) @@ -217,11 +217,11 @@ func TestNewOfflineGatewayAPIControllerIndexRegistration(t *testing.T) { }) t.Run("BackendTLSPolicy indices", func(t *testing.T) { - err := cli.List(context.Background(), &gwapiv1.BackendTLSPolicyList{}, client.MatchingFields{configMapBtlsIndex: "any"}) + err := cli.List(context.Background(), &gwapiv1a3.BackendTLSPolicyList{}, client.MatchingFields{configMapBtlsIndex: "any"}) require.NoError(t, err) - err = cli.List(context.Background(), &gwapiv1.BackendTLSPolicyList{}, client.MatchingFields{secretBtlsIndex: "any"}) + err = cli.List(context.Background(), &gwapiv1a3.BackendTLSPolicyList{}, client.MatchingFields{secretBtlsIndex: "any"}) require.NoError(t, err) - err = cli.List(context.Background(), &gwapiv1.BackendTLSPolicyList{}, client.MatchingFields{clusterTrustBundleBtlsIndex: "any"}) + err = cli.List(context.Background(), &gwapiv1a3.BackendTLSPolicyList{}, client.MatchingFields{clusterTrustBundleBtlsIndex: "any"}) require.NoError(t, err) }) diff --git a/internal/provider/kubernetes/indexers.go b/internal/provider/kubernetes/indexers.go index d937be3a59..d6646236cc 100644 --- a/internal/provider/kubernetes/indexers.go +++ b/internal/provider/kubernetes/indexers.go @@ -356,18 +356,18 @@ func backendGRPCRouteIndexFunc(rawObj client.Object) []string { // referenced in TLSRoute objects via `.spec.rules.backendRefs`. This helps in // querying for TLSRoutes that are affected by a particular Service CRUD. func addTLSRouteIndexers(ctx context.Context, mgr manager.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a3.TLSRoute{}, gatewayTLSRouteIndex, gatewayTLSRouteIndexFunc); err != nil { + if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a2.TLSRoute{}, gatewayTLSRouteIndex, gatewayTLSRouteIndexFunc); err != nil { return err } - if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a3.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc); err != nil { + if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a2.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc); err != nil { return err } return nil } func gatewayTLSRouteIndexFunc(rawObj client.Object) []string { - tlsRoute := rawObj.(*gwapiv1a3.TLSRoute) + tlsRoute := rawObj.(*gwapiv1a2.TLSRoute) var gateways []string for _, parent := range tlsRoute.Spec.ParentRefs { if string(*parent.Kind) == resource.KindGateway { @@ -385,7 +385,7 @@ func gatewayTLSRouteIndexFunc(rawObj client.Object) []string { } func backendTLSRouteIndexFunc(rawObj client.Object) []string { - tlsroute := rawObj.(*gwapiv1a3.TLSRoute) + tlsroute := rawObj.(*gwapiv1a2.TLSRoute) var backendRefs []string for _, rule := range tlsroute.Spec.Rules { for _, backend := range rule.BackendRefs { @@ -1009,15 +1009,15 @@ func secretRouteFilterIndexFunc(rawObj client.Object) []string { // referenced in BackendTLSPolicy objects. This helps in querying for BackendTLSPolicies that are // affected by a particular ConfigMap CRUD. func addBtlsIndexers(ctx context.Context, mgr manager.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1.BackendTLSPolicy{}, configMapBtlsIndex, configMapBtlsIndexFunc); err != nil { + if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a3.BackendTLSPolicy{}, configMapBtlsIndex, configMapBtlsIndexFunc); err != nil { return err } - if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1.BackendTLSPolicy{}, secretBtlsIndex, secretBtlsIndexFunc); err != nil { + if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a3.BackendTLSPolicy{}, secretBtlsIndex, secretBtlsIndexFunc); err != nil { return err } - if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc); err != nil { + if err := mgr.GetFieldIndexer().IndexField(ctx, &gwapiv1a3.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc); err != nil { return err } @@ -1025,7 +1025,7 @@ func addBtlsIndexers(ctx context.Context, mgr manager.Manager) error { } func configMapBtlsIndexFunc(rawObj client.Object) []string { - btls := rawObj.(*gwapiv1.BackendTLSPolicy) + btls := rawObj.(*gwapiv1a3.BackendTLSPolicy) var configMapReferences []string if btls.Spec.Validation.CACertificateRefs != nil { for _, caCertRef := range btls.Spec.Validation.CACertificateRefs { @@ -1043,7 +1043,7 @@ func configMapBtlsIndexFunc(rawObj client.Object) []string { } func secretBtlsIndexFunc(rawObj client.Object) []string { - btls := rawObj.(*gwapiv1.BackendTLSPolicy) + btls := rawObj.(*gwapiv1a3.BackendTLSPolicy) var secretReferences []string if btls.Spec.Validation.CACertificateRefs != nil { for _, caCertRef := range btls.Spec.Validation.CACertificateRefs { @@ -1061,7 +1061,7 @@ func secretBtlsIndexFunc(rawObj client.Object) []string { } func clusterTrustBundleBtlsIndexFunc(rawObj client.Object) []string { - btls := rawObj.(*gwapiv1.BackendTLSPolicy) + btls := rawObj.(*gwapiv1a3.BackendTLSPolicy) var refs []string for _, caCertRef := range btls.Spec.Validation.CACertificateRefs { if string(caCertRef.Kind) == resource.KindClusterTrustBundle { diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index e5913fd806..b1078ab332 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -29,7 +29,6 @@ import ( metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/envoygateway/config" @@ -976,16 +975,16 @@ func testTLSRoute(ctx context.Context, t *testing.T, provider *Provider, resourc testCases := []struct { name string - route gwapiv1a3.TLSRoute + route gwapiv1a2.TLSRoute }{ { name: "tlsroute", - route: gwapiv1a3.TLSRoute{ + route: gwapiv1a2.TLSRoute{ ObjectMeta: metav1.ObjectMeta{ Name: "tlsroute-test", Namespace: ns.Name, }, - Spec: gwapiv1a3.TLSRouteSpec{ + Spec: gwapiv1a2.TLSRouteSpec{ CommonRouteSpec: gwapiv1.CommonRouteSpec{ ParentRefs: []gwapiv1.ParentReference{ { @@ -1035,7 +1034,7 @@ func testTLSRoute(ctx context.Context, t *testing.T, provider *Provider, resourc return false } - routes := make([]string, 0, len(res.HTTPRoutes)) + routes := make([]string, 0, len(res.TLSRoutes)) for _, r := range res.TLSRoutes { routes = append(routes, utils.NamespacedName(r).String()) } @@ -1128,12 +1127,12 @@ func testServiceCleanupForMultipleRoutes(ctx context.Context, t *testing.T, prov require.NoError(t, cli.Delete(ctx, svc)) }() - tlsRoute := gwapiv1a3.TLSRoute{ + tlsRoute := gwapiv1a2.TLSRoute{ ObjectMeta: metav1.ObjectMeta{ Name: "tlsroute-test", Namespace: ns.Name, }, - Spec: gwapiv1a3.TLSRouteSpec{ + Spec: gwapiv1a2.TLSRouteSpec{ CommonRouteSpec: gwapiv1.CommonRouteSpec{ ParentRefs: []gwapiv1.ParentReference{{ Name: gwapiv1.ObjectName(gw.Name), diff --git a/internal/provider/kubernetes/predicates.go b/internal/provider/kubernetes/predicates.go index e87dcb7815..fcb4b269b9 100644 --- a/internal/provider/kubernetes/predicates.go +++ b/internal/provider/kubernetes/predicates.go @@ -253,7 +253,7 @@ func (r *gatewayAPIReconciler) isBackendReferencingClusterTrustBundle(ctb *certi } func (r *gatewayAPIReconciler) isBackendTLSPolicyReferencingClusterTrustBundle(ctb *certificatesv1b1.ClusterTrustBundle) bool { - btlsList := &gwapiv1.BackendTLSPolicyList{} + btlsList := &gwapiv1a3.BackendTLSPolicyList{} if err := r.client.List(context.Background(), btlsList, &client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(clusterTrustBundleBtlsIndex, ctb.Name), }); err != nil { @@ -285,7 +285,7 @@ func (r *gatewayAPIReconciler) isHTTPRouteFilterReferencingSecret(nsName *types. } func (r *gatewayAPIReconciler) isBackendTLSPolicyReferencingSecret(nsName *types.NamespacedName) bool { - btlsList := &gwapiv1.BackendTLSPolicyList{} + btlsList := &gwapiv1a3.BackendTLSPolicyList{} if err := r.client.List(context.Background(), btlsList, &client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(secretBtlsIndex, nsName.String()), }); err != nil { @@ -538,7 +538,7 @@ func (r *gatewayAPIReconciler) isRouteReferencingBackend(nsName *types.Namespace } if r.tlsRouteCRDExists { - tlsRouteList := &gwapiv1a3.TLSRouteList{} + tlsRouteList := &gwapiv1a2.TLSRouteList{} if err := r.client.List(ctx, tlsRouteList, &client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(backendTLSRouteIndex, nsName.String()), }); err != nil && !kerrors.IsNotFound(err) { @@ -839,7 +839,7 @@ func (r *gatewayAPIReconciler) validateConfigMapForReconcile(obj client.Object) } if r.bTLSPolicyCRDExists { - btlsList := &gwapiv1.BackendTLSPolicyList{} + btlsList := &gwapiv1a3.BackendTLSPolicyList{} if err := r.client.List(context.Background(), btlsList, &client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(configMapBtlsIndex, utils.NamespacedName(configMap).String()), }); err != nil { diff --git a/internal/provider/kubernetes/predicates_test.go b/internal/provider/kubernetes/predicates_test.go index 41bc6ef9ad..e66df830bd 100644 --- a/internal/provider/kubernetes/predicates_test.go +++ b/internal/provider/kubernetes/predicates_test.go @@ -932,7 +932,7 @@ func TestValidateEndpointSliceForReconcile(t *testing.T) { WithObjects(tc.configs...). WithIndex(&gwapiv1.HTTPRoute{}, backendHTTPRouteIndex, backendHTTPRouteIndexFunc). WithIndex(&gwapiv1.GRPCRoute{}, backendGRPCRouteIndex, backendGRPCRouteIndexFunc). - WithIndex(&gwapiv1a3.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). + WithIndex(&gwapiv1a2.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). WithIndex(&gwapiv1a2.TCPRoute{}, backendTCPRouteIndex, backendTCPRouteIndexFunc). WithIndex(&gwapiv1a2.UDPRoute{}, backendUDPRouteIndex, backendUDPRouteIndexFunc). Build() @@ -1370,7 +1370,7 @@ func TestValidateServiceForReconcile(t *testing.T) { WithObjects(tc.configs...). WithIndex(&gwapiv1.HTTPRoute{}, backendHTTPRouteIndex, backendHTTPRouteIndexFunc). WithIndex(&gwapiv1.GRPCRoute{}, backendGRPCRouteIndex, backendGRPCRouteIndexFunc). - WithIndex(&gwapiv1a3.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). + WithIndex(&gwapiv1a2.TLSRoute{}, backendTLSRouteIndex, backendTLSRouteIndexFunc). WithIndex(&gwapiv1a2.TCPRoute{}, backendTCPRouteIndex, backendTCPRouteIndexFunc). WithIndex(&gwapiv1a2.UDPRoute{}, backendUDPRouteIndex, backendUDPRouteIndexFunc). WithIndex(&egv1a1.SecurityPolicy{}, backendSecurityPolicyIndex, backendSecurityPolicyIndexFunc). @@ -1769,7 +1769,7 @@ func TestValidateClusterTrustBundleForReconcile(t *testing.T) { }, }, } - btp := &gwapiv1.BackendTLSPolicy{ + btp := &gwapiv1a3.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "backend-tls-policy-dynamic-resolver-clustertrustbundle", Namespace: "default", @@ -1868,7 +1868,7 @@ func TestValidateClusterTrustBundleForReconcile(t *testing.T) { WithScheme(envoygateway.GetScheme()). WithObjects(tc.configs...). WithIndex(&egv1a1.Backend{}, clusterTrustBundleBackendIndex, clusterTrustBundleBackendIndexFunc). - WithIndex(&gwapiv1.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc). + WithIndex(&gwapiv1a3.BackendTLSPolicy{}, clusterTrustBundleBtlsIndex, clusterTrustBundleBtlsIndexFunc). WithIndex(&egv1a1.ClientTrafficPolicy{}, clusterTrustBundleCtpIndex, clusterTrustBundleCtpIndexFunc). Build() t.Run(tc.name, func(t *testing.T) { diff --git a/internal/provider/kubernetes/routes.go b/internal/provider/kubernetes/routes.go index 5a4844f1fd..37dd5b4604 100644 --- a/internal/provider/kubernetes/routes.go +++ b/internal/provider/kubernetes/routes.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi" @@ -29,7 +28,7 @@ import ( func (r *gatewayAPIReconciler) processTLSRoutes(ctx context.Context, gatewayNamespaceName string, resourceMap *resourceMappings, resourceTree *resource.Resources, ) error { - tlsRouteList := &gwapiv1a3.TLSRouteList{} + tlsRouteList := &gwapiv1a2.TLSRouteList{} if err := r.client.List(ctx, tlsRouteList, &client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(gatewayTLSRouteIndex, gatewayNamespaceName), }); err != nil { diff --git a/internal/provider/kubernetes/status.go b/internal/provider/kubernetes/status.go index 6bc214dd51..773185e29d 100644 --- a/internal/provider/kubernetes/status.go +++ b/internal/provider/kubernetes/status.go @@ -180,11 +180,12 @@ func (r *gatewayAPIReconciler) updateStatusFromSubscriptions(ctx context.Context } key := update.Key val := update.Value + // For status updater, need to use storage version. r.statusUpdater.Send(Update{ NamespacedName: key, - Resource: new(gwapiv1a3.TLSRoute), + Resource: new(gwapiv1a2.TLSRoute), Mutator: MutatorFunc(func(obj client.Object) client.Object { - t, ok := obj.(*gwapiv1a3.TLSRoute) + t, ok := obj.(*gwapiv1a2.TLSRoute) if !ok { err := fmt.Errorf("unsupported object type %T", obj) errChan <- err @@ -192,8 +193,11 @@ func (r *gatewayAPIReconciler) updateStatusFromSubscriptions(ctx context.Context } valCopy := val.DeepCopy() setLastTransitionTimeInConditionsForRouteStatus(&valCopy.RouteStatus, metav1.Now()) - tCopy := &gwapiv1a3.TLSRoute{ - TypeMeta: t.TypeMeta, + tCopy := &gwapiv1a2.TLSRoute{ + TypeMeta: metav1.TypeMeta{ + APIVersion: gwapiv1a2.GroupVersion.String(), + Kind: "TLSRoute", + }, ObjectMeta: t.ObjectMeta, Spec: t.Spec, Status: gwapiv1a2.TLSRouteStatus{ @@ -456,11 +460,12 @@ func (r *gatewayAPIReconciler) updateStatusFromSubscriptions(ctx context.Context } key := update.Key val := update.Value + // For status updater, need to use storage version. r.statusUpdater.Send(Update{ NamespacedName: key, - Resource: new(gwapiv1.BackendTLSPolicy), + Resource: new(gwapiv1a3.BackendTLSPolicy), Mutator: MutatorFunc(func(obj client.Object) client.Object { - t, ok := obj.(*gwapiv1.BackendTLSPolicy) + t, ok := obj.(*gwapiv1a3.BackendTLSPolicy) if !ok { err := fmt.Errorf("unsupported object type %T", obj) errChan <- err @@ -468,7 +473,7 @@ func (r *gatewayAPIReconciler) updateStatusFromSubscriptions(ctx context.Context } valCopy := val.DeepCopy() setLastTransitionTimeInConditionsForPolicyStatus(valCopy, metav1.Now()) - tCopy := &gwapiv1.BackendTLSPolicy{ + tCopy := &gwapiv1a3.BackendTLSPolicy{ TypeMeta: t.TypeMeta, ObjectMeta: t.ObjectMeta, Spec: t.Spec, diff --git a/internal/provider/kubernetes/status_updater.go b/internal/provider/kubernetes/status_updater.go index e9404f91ef..f840303287 100644 --- a/internal/provider/kubernetes/status_updater.go +++ b/internal/provider/kubernetes/status_updater.go @@ -7,6 +7,7 @@ package kubernetes import ( "context" + "fmt" "sync" "time" @@ -99,7 +100,7 @@ func (u *UpdateHandler) apply(update Update) { if kerrors.IsNotFound(err) { return nil } - return err + return fmt.Errorf("failed to get resource for status update: %w", err) } newObj := update.Mutator.Mutate(obj) @@ -113,7 +114,11 @@ func (u *UpdateHandler) apply(update Update) { newObj.SetUID(obj.GetUID()) - return u.client.Status().Update(context.Background(), newObj) + err := u.client.Status().Update(context.Background(), newObj) + if err != nil { + return fmt.Errorf("failed to update status: %w", err) + } + return nil }); err != nil { log.Error(err, "unable to update status") @@ -218,8 +223,8 @@ func isStatusEqual(objA, objB interface{}) bool { return true } } - case *gwapiv1a3.TLSRoute: - if b, ok := objB.(*gwapiv1a3.TLSRoute); ok { + case *gwapiv1a2.TLSRoute: + if b, ok := objB.(*gwapiv1a2.TLSRoute); ok { if cmp.Equal(a.Status, b.Status, opts) { return true } @@ -266,8 +271,8 @@ func isStatusEqual(objA, objB interface{}) bool { return true } } - case *gwapiv1.BackendTLSPolicy: - if b, ok := objB.(*gwapiv1.BackendTLSPolicy); ok { + case *gwapiv1a3.BackendTLSPolicy: + if b, ok := objB.(*gwapiv1a3.BackendTLSPolicy); ok { if cmp.Equal(a.Status, b.Status, opts) { return true } @@ -323,7 +328,7 @@ func KindOf(obj interface{}) string { kind = resource.KindGateway case *gwapiv1.HTTPRoute: kind = resource.KindHTTPRoute - case *gwapiv1a3.TLSRoute: + case *gwapiv1a2.TLSRoute: kind = resource.KindTLSRoute case *gwapiv1a2.TCPRoute: kind = resource.KindTCPRoute @@ -341,7 +346,7 @@ func KindOf(obj interface{}) string { kind = resource.KindSecurityPolicy case *egv1a1.EnvoyExtensionPolicy: kind = resource.KindEnvoyExtensionPolicy - case *gwapiv1.BackendTLSPolicy: + case *gwapiv1a3.BackendTLSPolicy: kind = resource.KindBackendTLSPolicy case *unstructured.Unstructured: kind = o.GetKind() diff --git a/internal/provider/kubernetes/test/utils.go b/internal/provider/kubernetes/test/utils.go index ba01fe17f8..42b9a915d0 100644 --- a/internal/provider/kubernetes/test/utils.go +++ b/internal/provider/kubernetes/test/utils.go @@ -203,13 +203,13 @@ func GetGRPCRoute(nsName types.NamespacedName, parent string, serviceName types. } // GetTLSRoute returns a sample TLSRoute with a parent reference. -func GetTLSRoute(nsName types.NamespacedName, parent string, serviceName types.NamespacedName, port int32) *gwapiv1a3.TLSRoute { - return &gwapiv1a3.TLSRoute{ +func GetTLSRoute(nsName types.NamespacedName, parent string, serviceName types.NamespacedName, port int32) *gwapiv1a2.TLSRoute { + return &gwapiv1a2.TLSRoute{ ObjectMeta: metav1.ObjectMeta{ Namespace: nsName.Namespace, Name: nsName.Name, }, - Spec: gwapiv1a3.TLSRouteSpec{ + Spec: gwapiv1a2.TLSRouteSpec{ Hostnames: []gwapiv1a3.Hostname{"example.com"}, CommonRouteSpec: gwapiv1.CommonRouteSpec{ ParentRefs: []gwapiv1.ParentReference{ diff --git a/tools/make/kube.mk b/tools/make/kube.mk index b247975ad9..2c4f32fc64 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -151,15 +151,16 @@ kube-generate: kube-generate-clients ## Generate code containing DeepCopy, DeepC .PHONY: kube-test kube-test: manifests generate run-kube-test -# KUBE_TEST_PACKAGE=./internal/provider/kubernetes/... make run-kube-tes +# KUBE_TEST_PACKAGE=./internal/provider/kubernetes/... make run-kube-test KUBE_TEST_PACKAGE ?= ./... # KUBE_TEST_ARGS can be used to pass extra args to `go test`, e.g. -run ^TestNamespaceSelectorProvider -KUBE_TEST_ARGS ?= -race +KUBE_TEST_TAGS ?= integration,celvalidation +KUBE_TEST_ARGS ?= --tags=$(KUBE_TEST_TAGS) -race .PHONY: run-kube-test run-kube-test: # Run Kubernetes provider tests. @$(LOG_TARGET) - KUBEBUILDER_ASSETS="$(shell $(GO_TOOL) setup-envtest use $(ENVTEST_K8S_VERSION) -p path)" go test $(KUBE_TEST_ARGS) --tags=integration,celvalidation $(KUBE_TEST_PACKAGE) -coverprofile cover.out + KUBEBUILDER_ASSETS="$(shell $(GO_TOOL) setup-envtest use $(ENVTEST_K8S_VERSION) -p path)" go test $(KUBE_TEST_ARGS) $(KUBE_TEST_PACKAGE) -coverprofile cover.out ##@ Kubernetes Deployment