Merge branch origin/release-v2-dev

Author: dspo

api/v1alpha1/backendtrafficpolicy_types.go

@@ -2,8 +2,6 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
 // +kubebuilder:object:root=true
@@ -12,22 +10,18 @@ type BackendTrafficPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   BackendTrafficPolicySpec     `json:"spec,omitempty"`
-	Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
+	Spec   BackendTrafficPolicySpec `json:"spec,omitempty"`
+	Status PolicyStatus             `json:"status,omitempty"`
 }
 
 type BackendTrafficPolicySpec struct {
 	// TargetRef identifies an API object to apply policy to.
 	// Currently, Backends (i.e. Service, ServiceImport, or any
 	// implementation-specific backendRef) are the only valid API
 	// target references.
-	// +listType=map
-	// +listMapKey=group
-	// +listMapKey=kind
-	// +listMapKey=name
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
-	TargetRefs []gatewayv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs"`
+	TargetRefs []BackendPolicyTargetReferenceWithSectionName `json:"targetRefs"`
 	// LoadBalancer represents the load balancer configuration for Kubernetes Service.
 	// The default strategy is round robin.
 	LoadBalancer *LoadBalancer `json:"loadbalancer,omitempty" yaml:"loadbalancer,omitempty"`
@@ -74,9 +68,12 @@ type LoadBalancer struct {
 }
 
 type Timeout struct {
+	// +kubebuilder:default="60s"
 	Connect metav1.Duration `json:"connect,omitempty" yaml:"connect,omitempty"`
-	Send    metav1.Duration `json:"send,omitempty" yaml:"send,omitempty"`
-	Read    metav1.Duration `json:"read,omitempty" yaml:"read,omitempty"`
+	// +kubebuilder:default="60s"
+	Send metav1.Duration `json:"send,omitempty" yaml:"send,omitempty"`
+	// +kubebuilder:default="60s"
+	Read metav1.Duration `json:"read,omitempty" yaml:"read,omitempty"`
 }
 
 // +kubebuilder:object:root=true

api/v1alpha1/gatewayproxy_types.go

@@ -113,6 +113,10 @@ type ControlPlaneProvider struct {
 	// +kubebuilder:validation:MinItems=1
 	Endpoints []string `json:"endpoints"`
 
+	// TlsVerify specifies whether to verify the TLS certificate of the control plane
+	// +optional
+	TlsVerify *bool `json:"tlsVerify,omitempty"`
+
 	// Auth specifies the authentication configuration
 	// +kubebuilder:validation:Required
 	Auth ControlPlaneAuth `json:"auth"`

api/v1alpha1/policies_type.go

@@ -0,0 +1,8 @@
+package v1alpha1
+
+import gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+
+type PolicyStatus gatewayv1alpha2.PolicyStatus
+
+// +kubebuilder:validation:XValidation:rule="self.kind == 'Service' && self.group == \"\""
+type BackendPolicyTargetReferenceWithSectionName gatewayv1alpha2.LocalPolicyTargetReferenceWithSectionName

api/v1alpha1/zz_generated.deepcopy.go

@@ -153,23 +153,23 @@ spec:
                   - kind
                   - name
                   type: object
+                  x-kubernetes-validations:
+                  - rule: self.kind == 'Service' && self.group == ""
                 maxItems: 16
                 minItems: 1
                 type: array
-                x-kubernetes-list-map-keys:
-                - group
-                - kind
-                - name
-                x-kubernetes-list-type: map
               timeout:
                 description: Timeout settings for the read, send and connect to the
                   upstream.
                 properties:
                   connect:
+                    default: 60s
                     type: string
                   read:
+                    default: 60s
                     type: string
                   send:
+                    default: 60s
                     type: string
                 type: object
               upstream_host:

config/crd/bases/gateway.apisix.io_backendtrafficpolicies.yaml

@@ -108,6 +108,10 @@ spec:
                           type: string
                         minItems: 1
                         type: array
+                      tlsVerify:
+                        description: TlsVerify specifies whether to verify the TLS
+                          certificate of the control plane
+                        type: boolean
                     required:
                     - auth
                     - endpoints

config/crd/bases/gateway.apisix.io_gatewayproxies.yaml

@@ -24,7 +24,7 @@ gateway_configs:                  # The configuration of the API7 Gateway.
   control_plane:
     admin_key: "${ADMIN_KEY}"     # The admin key of the control plane.
     endpoints:         
-      - ${ENDPOINT}               # The endpoint of the control plane.                    
+      - ${ENDPOINT}               # The endpoint of the control plane.
     tls_verify: false
   addresses:                      # record the status address of the gateway-api gateway
   - "172.18.0.4"                  # The LB IP of the gateway service.

config/samples/config.yaml

@@ -136,7 +136,24 @@ func (r *ConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	}
 
 	var statusErr error
-	tctx := provider.NewDefaultTranslateContext()
+	tctx := provider.NewDefaultTranslateContext(ctx)
+
+	gateway, err := r.getGateway(ctx, consumer)
+	if err != nil {
+		r.Log.Error(err, "failed to get gateway", "consumer", consumer)
+		statusErr = err
+	}
+
+	rk := provider.ResourceKind{
+		Kind:      consumer.Kind,
+		Namespace: consumer.Namespace,
+		Name:      consumer.Name,
+	}
+
+	if err := ProcessGatewayProxy(r.Client, tctx, gateway, rk); err != nil {
+		r.Log.Error(err, "failed to process gateway proxy", "gateway", gateway)
+		statusErr = err
+	}
 
 	if err := r.processSpec(ctx, tctx, consumer); err != nil {
 		r.Log.Error(err, "failed to process consumer spec", "consumer", consumer)
@@ -201,6 +218,22 @@ func (r *ConsumerReconciler) updateStatus(ctx context.Context, consumer *v1alpha
 	return nil
 }
 
+func (r *ConsumerReconciler) getGateway(ctx context.Context, consumer *v1alpha1.Consumer) (*gatewayv1.Gateway, error) {
+	ns := consumer.GetNamespace()
+	if consumer.Spec.GatewayRef.Namespace != nil {
+		ns = *consumer.Spec.GatewayRef.Namespace
+	}
+	gateway := &gatewayv1.Gateway{}
+	if err := r.Get(ctx, client.ObjectKey{
+		Name:      consumer.Spec.GatewayRef.Name,
+		Namespace: ns,
+	}, gateway); err != nil {
+		r.Log.Error(err, "failed to get gateway", "gateway", consumer.Spec.GatewayRef.Name)
+		return nil, err
+	}
+	return gateway, nil
+}
+
 func (r *ConsumerReconciler) checkGatewayRef(object client.Object) bool {
 	consumer, ok := object.(*v1alpha1.Consumer)
 	if !ok {

internal/controller/consumer_controller.go

@@ -107,9 +107,10 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		status: true,
 		msg:    acceptedMessage("gateway"),
 	}
-	tctx := &provider.TranslateContext{
-		Secrets: make(map[types.NamespacedName]*corev1.Secret),
-	}
+
+	// create a translate context
+	tctx := provider.NewDefaultTranslateContext(ctx)
+
 	r.processListenerConfig(tctx, gateway)
 	if err := r.processInfrastructure(tctx, gateway); err != nil {
 		acceptStatus = status{
@@ -267,28 +268,12 @@ func (r *GatewayReconciler) listGatewaysForHTTPRoute(_ context.Context, obj clie
 }
 
 func (r *GatewayReconciler) processInfrastructure(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) error {
-	infra := gateway.Spec.Infrastructure
-	if infra == nil || infra.ParametersRef == nil {
-		return nil
+	rk := provider.ResourceKind{
+		Kind:      gateway.Kind,
+		Namespace: gateway.Namespace,
+		Name:      gateway.Name,
 	}
-
-	ns := gateway.GetNamespace()
-	paramRef := infra.ParametersRef
-	if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == "GatewayProxy" {
-		gatewayProxy := &v1alpha1.GatewayProxy{}
-		if err := r.Get(context.Background(), client.ObjectKey{
-			Namespace: ns,
-			Name:      paramRef.Name,
-		}, gatewayProxy); err != nil {
-			log.Error(err, "failed to get GatewayProxy", "namespace", ns, "name", paramRef.Name)
-			return err
-		} else {
-			log.Info("found GatewayProxy for Gateway", "gateway", gateway.Name, "gatewayproxy", gatewayProxy.Name)
-			tctx.GatewayProxy = gatewayProxy
-		}
-	}
-
-	return nil
+	return ProcessGatewayProxy(r.Client, tctx, gateway, rk)
 }
 
 func (r *GatewayReconciler) processListenerConfig(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) {

internal/controller/gateway_controller.go

@@ -115,7 +115,19 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return ctrl.Result{}, nil
 	}
 
-	tctx := provider.NewDefaultTranslateContext()
+	tctx := provider.NewDefaultTranslateContext(ctx)
+
+	rk := provider.ResourceKind{
+		Kind:      hr.Kind,
+		Namespace: hr.Namespace,
+		Name:      hr.Name,
+	}
+	for _, gateway := range gateways {
+		if err := ProcessGatewayProxy(r.Client, tctx, gateway.Gateway, rk); err != nil {
+			acceptStatus.status = false
+			acceptStatus.msg = err.Error()
+		}
+	}
 
 	if err := r.processHTTPRoute(tctx, hr); err != nil {
 		acceptStatus.status = false
@@ -305,7 +317,7 @@ func (r *HTTPRouteReconciler) processHTTPRouteBackendRefs(tctx *provider.Transla
 		}
 
 		var service corev1.Service
-		if err := r.Get(context.TODO(), client.ObjectKey{
+		if err := r.Get(tctx, client.ObjectKey{
 			Namespace: namespace,
 			Name:      name,
 		}, &service); err != nil {
@@ -324,9 +336,13 @@ func (r *HTTPRouteReconciler) processHTTPRouteBackendRefs(tctx *provider.Transla
 			terr = fmt.Errorf("port %d not found in service %s", *backend.Port, name)
 			continue
 		}
+		tctx.Services[client.ObjectKey{
+			Namespace: namespace,
+			Name:      name,
+		}] = &service
 
 		endpointSliceList := new(discoveryv1.EndpointSliceList)
-		if err := r.List(context.TODO(), endpointSliceList,
+		if err := r.List(tctx, endpointSliceList,
 			client.InNamespace(namespace),
 			client.MatchingLabels{
 				discoveryv1.LabelServiceName: name,