change process GVK for TLSRoute/BackendTLSPolicy

internal/cmd/egctl/status.go

@@ -198,15 +198,15 @@ func runStatus(ctx context.Context, logOut io.Writer, cli client.Client, inputRe
 		resourceKind = resource.KindUDPRoute
 
 	case "tlsroute":
-		tlsroute := gwapiv1a3.TLSRouteList{}
+		tlsroute := gwapiv1a2.TLSRouteList{}
 		if err := cli.List(ctx, &tlsroute, client.InNamespace(namespace)); err != nil {
 			return err
 		}
 		resourcesList = &tlsroute
 		resourceKind = resource.KindTLSRoute
 
 	case "btlspolicy", "backendtlspolicy":
-		btlspolicy := gwapiv1.BackendTLSPolicyList{}
+		btlspolicy := gwapiv1a3.BackendTLSPolicyList{}
 		if err := cli.List(ctx, &btlspolicy, client.InNamespace(namespace)); err != nil {
 			return err
 		}

internal/cmd/egctl/status_test.go

@@ -14,6 +14,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/gatewayapi"
@@ -479,8 +480,8 @@ http2     gateway/test-2   foobar4   test-status-4   test reason 4
 		},
 		{
 			name: "egctl x status btlspolicy",
-			resourceList: &gwapiv1.BackendTLSPolicyList{
-				Items: []gwapiv1.BackendTLSPolicy{
+			resourceList: &gwapiv1a3.BackendTLSPolicyList{
+				Items: []gwapiv1a3.BackendTLSPolicy{
 					{
 						ObjectMeta: metav1.ObjectMeta{
 							Name:      "btls",

internal/cmd/egctl/testdata/translate/in/default-resources.yaml

@@ -75,7 +75,7 @@ spec:
           port: 3000
           weight: 1
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/cmd/egctl/testdata/translate/in/from-gateway-api-to-xds.yaml

@@ -106,7 +106,7 @@ spec:
           port: 3000
           weight: 1
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/cmd/egctl/testdata/translate/in/invalid-envoyproxy.yaml

@@ -131,7 +131,7 @@ spec:
           port: 3000
           weight: 1
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/cmd/egctl/testdata/translate/in/valid-envoyproxy.yaml

@@ -124,7 +124,7 @@ spec:
           port: 3000
           weight: 1
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml

@@ -472,7 +472,7 @@ tcpRoutes:
         name: eg
         sectionName: tcp
 tlsRoutes:
-- apiVersion: gateway.networking.k8s.io/v1alpha3
+- apiVersion: gateway.networking.k8s.io/v1alpha2
   kind: TLSRoute
   metadata:
     name: backend

internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml

@@ -317,7 +317,7 @@ tcpRoutes:
         name: eg
         sectionName: tcp
 tlsRoutes:
-- apiVersion: gateway.networking.k8s.io/v1alpha3
+- apiVersion: gateway.networking.k8s.io/v1alpha2
   kind: TLSRoute
   metadata:
     name: backend

internal/gatewayapi/backend.go

@@ -13,14 +13,14 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/utils/ptr"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/gatewayapi/status"
 	"github.com/envoyproxy/gateway/internal/utils/net"
 )
 
-func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy) []*egv1a1.Backend {
+func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy) []*egv1a1.Backend {
 	res := make([]*egv1a1.Backend, 0, len(backends))
 	for _, backend := range backends {
 		// Ensure Backends are enabled
@@ -41,7 +41,7 @@ func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolic
 	return res
 }
 
-func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy, runningOnHost bool) status.Error {
+func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy, runningOnHost bool) status.Error {
 	if backend.Spec.Type != nil && *backend.Spec.Type == egv1a1.BackendTypeDynamicResolver {
 		if len(backend.Spec.Endpoints) > 0 {
 			return status.NewRouteStatusError(
@@ -87,7 +87,7 @@ func validateBackend(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.Back
 }
 
 // validateBackendTLSSettings validates CACert is specified if InsecureSkipVerify is false
-func validateBackendTLSSettings(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1.BackendTLSPolicy) status.Error {
+func validateBackendTLSSettings(backend *egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy) status.Error {
 	if backend.Spec.TLS == nil {
 		return nil
 	}

internal/gatewayapi/backendtlspolicy.go

@@ -14,6 +14,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/gatewayapi/resource"
@@ -26,10 +27,10 @@ var ErrBackendTLSPolicyInvalidKind = fmt.Errorf("no CA bundle found in reference
 
 // ProcessBackendTLSPolicyStatus is called to post-process Backend TLS Policy status
 // after they were applied in all relevant translations.
-func (t *Translator) ProcessBackendTLSPolicyStatus(btlsp []*gwapiv1.BackendTLSPolicy) {
-	targetRefs := map[string]*gwapiv1.BackendTLSPolicy{}
+func (t *Translator) ProcessBackendTLSPolicyStatus(btlsp []*gwapiv1a3.BackendTLSPolicy) {
+	targetRefs := map[string]*gwapiv1a3.BackendTLSPolicy{}
 	for _, policy := range btlsp {
-		conflicted, conflictPolicy := false, &gwapiv1.BackendTLSPolicy{}
+		conflicted, conflictPolicy := false, &gwapiv1a3.BackendTLSPolicy{}
 		for _, ref := range policy.Spec.TargetRefs {
 			key := localPolicyTargetReferenceWithSectionNameToKey(policy.Namespace, ref)
 			p, exists := targetRefs[key]
@@ -392,7 +393,7 @@ func (t *Translator) processClientTLSSettings(
 	return tlsConfig, nil
 }
 
-func backendTLSTargetMatched(policy *gwapiv1.BackendTLSPolicy, target gwapiv1.LocalPolicyTargetReferenceWithSectionName, backendNamespace string) bool {
+func backendTLSTargetMatched(policy *gwapiv1a3.BackendTLSPolicy, target gwapiv1.LocalPolicyTargetReferenceWithSectionName, backendNamespace string) bool {
 	for _, currTarget := range policy.Spec.TargetRefs {
 		if target.Group == currTarget.Group &&
 			target.Kind == currTarget.Kind &&
@@ -410,10 +411,10 @@ func backendTLSTargetMatched(policy *gwapiv1.BackendTLSPolicy, target gwapiv1.Lo
 }
 
 func (t *Translator) getBackendTLSPolicy(
-	policies []*gwapiv1.BackendTLSPolicy,
+	policies []*gwapiv1a3.BackendTLSPolicy,
 	backendRef gwapiv1.BackendObjectReference,
 	backendNamespace string,
-) *gwapiv1.BackendTLSPolicy {
+) *gwapiv1a3.BackendTLSPolicy {
 	// SectionName is port number for EG Backend object
 	target := t.getTargetBackendReference(backendRef, backendNamespace)
 	for _, policy := range policies {
@@ -424,7 +425,7 @@ func (t *Translator) getBackendTLSPolicy(
 	return nil
 }
 
-func (t *Translator) getBackendTLSBundle(backendTLSPolicy *gwapiv1.BackendTLSPolicy) (*ir.TLSUpstreamConfig, error) {
+func (t *Translator) getBackendTLSBundle(backendTLSPolicy *gwapiv1a3.BackendTLSPolicy) (*ir.TLSUpstreamConfig, error) {
 	// Translate SubjectAltNames from gwapiv1a3 to ir
 	subjectAltNames := make([]ir.SubjectAltName, 0, len(backendTLSPolicy.Spec.Validation.SubjectAltNames))
 	for _, san := range backendTLSPolicy.Spec.Validation.SubjectAltNames {
@@ -520,7 +521,7 @@ func (t *Translator) getCaCertsFromCARefs(
 	return []byte(ca), nil
 }
 
-func getAncestorRefs(policy *gwapiv1.BackendTLSPolicy) []*gwapiv1.ParentReference {
+func getAncestorRefs(policy *gwapiv1a3.BackendTLSPolicy) []*gwapiv1.ParentReference {
 	ret := make([]*gwapiv1.ParentReference, len(policy.Status.Ancestors))
 	for i, ancestor := range policy.Status.Ancestors {
 		ret[i] = &ancestor.AncestorRef

internal/gatewayapi/contexts.go

@@ -15,7 +15,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 	mcsapiv1a1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
@@ -276,7 +275,7 @@ func (r *GRPCRouteContext) SetRouteParentContext(forParentRef gwapiv1.ParentRefe
 // TLSRouteContext wraps a TLSRoute and provides helper methods for
 // accessing the route's parents.
 type TLSRouteContext struct {
-	*gwapiv1a3.TLSRoute
+	*gwapiv1a2.TLSRoute
 
 	ParentRefs map[gwapiv1.ParentReference]*RouteParentContext
 }
@@ -596,7 +595,7 @@ type RouteParentContext struct {
 	// a single field pointing to *gwapiv1.RouteStatus.
 	HTTPRoute *gwapiv1.HTTPRoute
 	GRPCRoute *gwapiv1.GRPCRoute
-	TLSRoute  *gwapiv1a3.TLSRoute
+	TLSRoute  *gwapiv1a2.TLSRoute
 	TCPRoute  *gwapiv1a2.TCPRoute
 	UDPRoute  *gwapiv1a2.UDPRoute
 

internal/gatewayapi/resource/load.go

@@ -234,7 +234,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy
 			resources.UDPRoutes = append(resources.UDPRoutes, udpRoute)
 		case KindTLSRoute:
 			typedSpec := spec.Interface()
-			tlsRoute := &gwapiv1a3.TLSRoute{
+			tlsRoute := &gwapiv1a2.TLSRoute{
 				TypeMeta: metav1.TypeMeta{
 					Kind:       KindTLSRoute,
 					APIVersion: gv,
@@ -243,7 +243,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy
 					Name:      name,
 					Namespace: namespace,
 				},
-				Spec: typedSpec.(gwapiv1a3.TLSRouteSpec),
+				Spec: typedSpec.(gwapiv1a2.TLSRouteSpec),
 			}
 			resources.TLSRoutes = append(resources.TLSRoutes, tlsRoute)
 		case KindHTTPRoute:
@@ -423,7 +423,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool, envoy
 			resources.ConfigMaps = append(resources.ConfigMaps, configMap)
 		case KindBackendTLSPolicy:
 			typedSpec := spec.Interface()
-			backendTLSPolicy := &gwapiv1.BackendTLSPolicy{
+			backendTLSPolicy := &gwapiv1a3.BackendTLSPolicy{
 				TypeMeta: metav1.TypeMeta{
 					Kind:       KindBackendTLSPolicy,
 					APIVersion: gv,
@@ -594,7 +594,7 @@ func addMissingServices(requiredServices map[string]*corev1.Service, obj interfa
 				refs = append(refs, rule.BackendRefs[i].BackendRef)
 			}
 		}
-	case *gwapiv1a3.TLSRoute:
+	case *gwapiv1a2.TLSRoute:
 		objNamespace = route.Namespace
 		for _, rule := range route.Spec.Rules {
 			refs = append(refs, rule.BackendRefs...)

internal/gatewayapi/resource/resource.go

@@ -46,7 +46,7 @@ type Resources struct {
 	Gateways                []*gwapiv1.Gateway             `json:"gateways,omitempty" yaml:"gateways,omitempty"`
 	HTTPRoutes              []*gwapiv1.HTTPRoute           `json:"httpRoutes,omitempty" yaml:"httpRoutes,omitempty"`
 	GRPCRoutes              []*gwapiv1.GRPCRoute           `json:"grpcRoutes,omitempty" yaml:"grpcRoutes,omitempty"`
-	TLSRoutes               []*gwapiv1a3.TLSRoute          `json:"tlsRoutes,omitempty" yaml:"tlsRoutes,omitempty"`
+	TLSRoutes               []*gwapiv1a2.TLSRoute          `json:"tlsRoutes,omitempty" yaml:"tlsRoutes,omitempty"`
 	TCPRoutes               []*gwapiv1a2.TCPRoute          `json:"tcpRoutes,omitempty" yaml:"tcpRoutes,omitempty"`
 	UDPRoutes               []*gwapiv1a2.UDPRoute          `json:"udpRoutes,omitempty" yaml:"udpRoutes,omitempty"`
 	ReferenceGrants         []*gwapiv1b1.ReferenceGrant    `json:"referenceGrants,omitempty" yaml:"referenceGrants,omitempty"`
@@ -61,7 +61,7 @@ type Resources struct {
 	ClientTrafficPolicies   []*egv1a1.ClientTrafficPolicy  `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"`
 	BackendTrafficPolicies  []*egv1a1.BackendTrafficPolicy `json:"backendTrafficPolicies,omitempty" yaml:"backendTrafficPolicies,omitempty"`
 	SecurityPolicies        []*egv1a1.SecurityPolicy       `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"`
-	BackendTLSPolicies      []*gwapiv1.BackendTLSPolicy    `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"`
+	BackendTLSPolicies      []*gwapiv1a3.BackendTLSPolicy  `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"`
 	EnvoyExtensionPolicies  []*egv1a1.EnvoyExtensionPolicy `json:"envoyExtensionPolicies,omitempty" yaml:"envoyExtensionPolicies,omitempty"`
 	ExtensionServerPolicies []unstructured.Unstructured    `json:"extensionServerPolicies,omitempty" yaml:"extensionServerPolicies,omitempty"`
 	Backends                []*egv1a1.Backend              `json:"backends,omitempty" yaml:"backends,omitempty"`
@@ -75,7 +75,7 @@ func NewResources() *Resources {
 		Gateways:                []*gwapiv1.Gateway{},
 		HTTPRoutes:              []*gwapiv1.HTTPRoute{},
 		GRPCRoutes:              []*gwapiv1.GRPCRoute{},
-		TLSRoutes:               []*gwapiv1a3.TLSRoute{},
+		TLSRoutes:               []*gwapiv1a2.TLSRoute{},
 		Services:                []*corev1.Service{},
 		EndpointSlices:          []*discoveryv1.EndpointSlice{},
 		Secrets:                 []*corev1.Secret{},
@@ -87,7 +87,7 @@ func NewResources() *Resources {
 		ClientTrafficPolicies:   []*egv1a1.ClientTrafficPolicy{},
 		BackendTrafficPolicies:  []*egv1a1.BackendTrafficPolicy{},
 		SecurityPolicies:        []*egv1a1.SecurityPolicy{},
-		BackendTLSPolicies:      []*gwapiv1.BackendTLSPolicy{},
+		BackendTLSPolicies:      []*gwapiv1a3.BackendTLSPolicy{},
 		EnvoyExtensionPolicies:  []*egv1a1.EnvoyExtensionPolicy{},
 		ExtensionServerPolicies: []unstructured.Unstructured{},
 		Backends:                []*egv1a1.Backend{},

internal/gatewayapi/resource/testdata/all-resources.in.yaml

@@ -57,7 +57,7 @@ spec:
         - name: backend
           port: 3000
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/gatewayapi/resource/testdata/all-resources.out.yaml

@@ -429,7 +429,7 @@ tcpRoutes:
   status:
     parents: null
 tlsRoutes:
-- apiVersion: gateway.networking.k8s.io/v1alpha3
+- apiVersion: gateway.networking.k8s.io/v1alpha2
   kind: TLSRoute
   metadata:
     name: backend

internal/gatewayapi/resource/testdata/all-resources2.in.yaml

@@ -57,7 +57,7 @@ spec:
         - name: backend
           port: 3000
 ---
-apiVersion: gateway.networking.k8s.io/v1alpha3
+apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: TLSRoute
 metadata:
   name: backend

internal/gatewayapi/resource/testdata/all-resources2.out.yaml

@@ -429,7 +429,7 @@ tcpRoutes:
   status:
     parents: null
 tlsRoutes:
-- apiVersion: gateway.networking.k8s.io/v1alpha3
+- apiVersion: gateway.networking.k8s.io/v1alpha2
   kind: TLSRoute
   metadata:
     name: backend

internal/gatewayapi/route.go

@@ -21,7 +21,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 	mcsapiv1a1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
@@ -49,7 +48,7 @@ var (
 type RoutesTranslator interface {
 	ProcessHTTPRoutes(httpRoutes []*gwapiv1.HTTPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*HTTPRouteContext
 	ProcessGRPCRoutes(grpcRoutes []*gwapiv1.GRPCRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*GRPCRouteContext
-	ProcessTLSRoutes(tlsRoutes []*gwapiv1a3.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext
+	ProcessTLSRoutes(tlsRoutes []*gwapiv1a2.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext
 	ProcessTCPRoutes(tcpRoutes []*gwapiv1a2.TCPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TCPRouteContext
 	ProcessUDPRoutes(udpRoutes []*gwapiv1a2.UDPRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*UDPRouteContext
 }
@@ -1254,7 +1253,7 @@ func filterEGPrefix(in map[string]string) map[string]string {
 	return out
 }
 
-func (t *Translator) ProcessTLSRoutes(tlsRoutes []*gwapiv1a3.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext {
+func (t *Translator) ProcessTLSRoutes(tlsRoutes []*gwapiv1a2.TLSRoute, gateways []*GatewayContext, resources *resource.Resources, xdsIR resource.XdsIRMap) []*TLSRouteContext {
 	relevantTLSRoutes := make([]*TLSRouteContext, 0, len(tlsRoutes))
 	// TLSRoutes are already sorted by the provider layer
 

internal/gatewayapi/translator.go

@@ -141,7 +141,7 @@ func newTranslateResult(
 	clientTrafficPolicies []*egv1a1.ClientTrafficPolicy,
 	backendTrafficPolicies []*egv1a1.BackendTrafficPolicy,
 	securityPolicies []*egv1a1.SecurityPolicy,
-	backendTLSPolicies []*gwapiv1.BackendTLSPolicy,
+	backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy,
 	envoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy,
 	extPolicies []unstructured.Unstructured,
 	backends []*egv1a1.Backend,
@@ -176,7 +176,7 @@ func newTranslateResult(
 	}
 
 	if n := len(tlsRoutes); n > 0 {
-		translateResult.TLSRoutes = make([]*gwapiv1a3.TLSRoute, n)
+		translateResult.TLSRoutes = make([]*gwapiv1a2.TLSRoute, n)
 		for i, tlsRoute := range tlsRoutes {
 			translateResult.TLSRoutes[i] = tlsRoute.TLSRoute
 		}