feat: support gateway proxy plugin metadata

Author: dspo

Makefile

@@ -196,11 +196,11 @@ endif
 
 .PHONY: install-gateway-api
 install-gateway-api: ## Install Gateway API CRDs into the K8s cluster specified in ~/.kube/config.
-	kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEAY_API_VERSION)/standard-install.yaml
+	kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEAY_API_VERSION)/experimental-install.yaml
 
 .PHONY: uninstall-gateway-api
 uninstall-gateway-api: ## Uninstall Gateway API CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEAY_API_VERSION)/standard-install.yaml
+	kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEAY_API_VERSION)/experimental-install.yaml
 
 .PHONY: install
 install: manifests kustomize install-gateway-api ## Install CRDs into the K8s cluster specified in ~/.kube/config.

config/rbac/role.yaml

@@ -55,6 +55,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - gateway.apisix.io
+  resources:
+  - gatewayproxies
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - gateway.apisix.io
   resources:

internal/controller/gateway_controller.go

@@ -5,7 +5,9 @@ import (
 	"fmt"
 	"reflect"
 
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
 	"github.com/api7/api7-ingress-controller/internal/controller/config"
+	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
 	"github.com/api7/api7-ingress-controller/internal/provider"
 	"github.com/api7/gopkg/pkg/log"
 	"github.com/go-logr/logr"
@@ -33,8 +35,23 @@ type GatewayReconciler struct { //nolint:revive
 	Provider provider.Provider
 }
 
+func (r *GatewayReconciler) setupIndexer(mgr ctrl.Manager) error {
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&gatewayv1.Gateway{},
+		indexer.ParametersRef,
+		indexer.GatewayParametersRefIndexFunc,
+	); err != nil {
+		return err
+	}
+	return nil
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	if err := r.setupIndexer(mgr); err != nil {
+		return err
+	}
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&gatewayv1.Gateway{}).
 		Watches(
@@ -46,6 +63,10 @@ func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&gatewayv1.HTTPRoute{},
 			handler.EnqueueRequestsFromMapFunc(r.listGatewaysForHTTPRoute),
 		).
+		Watches(
+			&v1alpha1.GatewayProxy{},
+			handler.EnqueueRequestsFromMapFunc(r.listGatewaysForGatewayProxy),
+		).
 		Complete(r)
 }
 
@@ -99,6 +120,13 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		Secrets: make(map[types.NamespacedName]*corev1.Secret),
 	}
 	r.processListenerConfig(tctx, gateway, ns)
+	if err := r.processGatewayProxy(tctx, gateway, ns); err != nil {
+		acceptStatus = status{
+			status: false,
+			msg:    err.Error(),
+		}
+	}
+
 	if err := r.Provider.Update(ctx, tctx, gateway); err != nil {
 		acceptStatus = status{
 			status: false,
@@ -181,6 +209,35 @@ func (r *GatewayReconciler) checkGatewayClass(gateway *gatewayv1.Gateway) bool {
 	return matchesController(string(gatewayClass.Spec.ControllerName))
 }
 
+func (r *GatewayReconciler) listGatewaysForGatewayProxy(ctx context.Context, obj client.Object) []reconcile.Request {
+	gatewayProxy, ok := obj.(*v1alpha1.GatewayProxy)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to GatewayProxy")
+		return nil
+	}
+	namespace := gatewayProxy.GetNamespace()
+	name := gatewayProxy.GetName()
+
+	gatewayList := &gatewayv1.GatewayList{}
+	if err := r.List(ctx, gatewayList, client.MatchingFields{
+		indexer.ParametersRef: indexer.GenIndexKey(namespace, name),
+	}); err != nil {
+		r.Log.Error(err, "failed to list gateways for gateway proxy", "gatewayproxy", gatewayProxy.GetName())
+		return nil
+	}
+
+	recs := make([]reconcile.Request, 0, len(gatewayList.Items))
+	for _, gateway := range gatewayList.Items {
+		recs = append(recs, reconcile.Request{
+			NamespacedName: client.ObjectKey{
+				Namespace: gateway.GetNamespace(),
+				Name:      gateway.GetName(),
+			},
+		})
+	}
+	return recs
+}
+
 func (r *GatewayReconciler) listGatewaysForHTTPRoute(_ context.Context, obj client.Object) []reconcile.Request {
 	httpRoute, ok := obj.(*gatewayv1.HTTPRoute)
 	if !ok {
@@ -215,6 +272,28 @@ func (r *GatewayReconciler) listGatewaysForHTTPRoute(_ context.Context, obj clie
 	return recs
 }
 
+func (r *GatewayReconciler) processGatewayProxy(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway, ns string) error {
+	infra := gateway.Spec.Infrastructure
+	if infra != nil && infra.ParametersRef != nil {
+		paramRef := infra.ParametersRef
+		if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == "GatewayProxy" {
+			gatewayProxy := &v1alpha1.GatewayProxy{}
+			if err := r.Get(context.Background(), client.ObjectKey{
+				Namespace: ns,
+				Name:      paramRef.Name,
+			}, gatewayProxy); err != nil {
+				log.Error(err, "failed to get GatewayProxy", "namespace", ns, "name", paramRef.Name)
+				return err
+			} else {
+				log.Info("found GatewayProxy for Gateway", "gateway", gateway.Name, "gatewayproxy", gatewayProxy.Name)
+				tctx.GatewayProxy = gatewayProxy
+			}
+		}
+	}
+
+	return nil
+}
+
 func (r *GatewayReconciler) processListenerConfig(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway, ns string) {
 	listeners := gateway.Spec.Listeners
 	for _, listener := range listeners {

internal/controller/indexer/indexer.go

@@ -8,6 +8,7 @@ import (
 const (
 	ServiceIndexRef = "serviceRef"
 	ExtensionRef    = "extensionRef"
+	ParametersRef   = "parametersRef"
 )
 
 func GenIndexKey(namespace, name string) string {
@@ -50,3 +51,14 @@ func HTTPRouteExtensionIndexFunc(rawObj client.Object) []string {
 	}
 	return keys
 }
+
+func GatewayParametersRefIndexFunc(rawObj client.Object) []string {
+	gw := rawObj.(*gatewayv1.Gateway)
+	if gw.Spec.Infrastructure != nil && gw.Spec.Infrastructure.ParametersRef != nil {
+		// now we only care about kind: GatewayProxy
+		if gw.Spec.Infrastructure.ParametersRef.Kind == "GatewayProxy" {
+			return []string{GenIndexKey(gw.GetNamespace(), gw.Spec.Infrastructure.ParametersRef.Name)}
+		}
+	}
+	return nil
+}

internal/manager/controllers.go

@@ -17,6 +17,7 @@ import (
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch
 // +kubebuilder:rbac:groups=gateway.apisix.io,resources=pluginconfigs,verbs=get;list;watch
+// +kubebuilder:rbac:groups=gateway.apisix.io,resources=gatewayproxies,verbs=get;list;watch
 
 type Controller interface {
 	SetupWithManager(mgr manager.Manager) error

internal/provider/adc/adc.go

@@ -49,6 +49,8 @@ func (d *adcClient) Update(ctx context.Context, tctx *provider.TranslateContext,
 	switch obj := obj.(type) {
 	case *gatewayv1.HTTPRoute:
 		result, err = d.translator.TranslateHTTPRoute(tctx, obj.DeepCopy())
+	case *gatewayv1.Gateway:
+		result, err = d.translator.TranslateGateway(tctx, obj.DeepCopy())
 	}
 	if err != nil {
 		return err
@@ -58,7 +60,9 @@ func (d *adcClient) Update(ctx context.Context, tctx *provider.TranslateContext,
 	}
 
 	resources := types.Resources{
-		Services: result.Services,
+		GlobalRules:    result.GlobalRules,
+		PluginMetadata: result.PluginMetadata,
+		Services:       result.Services,
 	}
 
 	return d.sync(Task{
@@ -78,7 +82,7 @@ func (d *adcClient) Delete(ctx context.Context, obj client.Object) error {
 func (d *adcClient) sync(task Task) error {
 	log.Debugw("syncing task", zap.Any("task", task))
 
-	yaml, err := yaml.Marshal(task.Resources)
+	data, err := yaml.Marshal(task.Resources)
 	if err != nil {
 		return err
 	}
@@ -92,15 +96,17 @@ func (d *adcClient) sync(task Task) error {
 		_ = os.Remove(tmpFile.Name())
 	}()
 
-	log.Debugw("syncing resources", zap.String("file", tmpFile.Name()), zap.String("yaml", string(yaml)))
+	log.Debugw("syncing resources", zap.String("file", tmpFile.Name()), zap.String("yaml", string(data)))
 
-	if _, err := tmpFile.Write(yaml); err != nil {
+	if _, err := tmpFile.Write(data); err != nil {
 		return err
 	}
 	args := []string{
 		"sync",
 		"-f", tmpFile.Name(),
 		"--include-resource-type", "service",
+		"--include-resource-type", "global_rule",
+		"--include-resource-type", "plugin_metadata",
 		"--tls-skip-verify",
 	}
 

internal/provider/adc/translator/gateway.go

@@ -1 +1,64 @@
 package translator
+
+import (
+	"encoding/json"
+
+	adctypes "github.com/api7/api7-ingress-controller/api/adc"
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
+	"github.com/api7/api7-ingress-controller/internal/provider"
+	"github.com/api7/gopkg/pkg/log"
+	"go.uber.org/zap"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+)
+
+// FillPluginsFromGatewayProxy fill plugins from GatewayProxy to given plugins
+func (t *Translator) FillPluginsFromGatewayProxy(plugins adctypes.Plugins, gatewayProxy *v1alpha1.GatewayProxy) {
+	if gatewayProxy == nil {
+		return
+	}
+
+	for _, plugin := range gatewayProxy.Spec.Plugins {
+		// only apply enabled plugins
+		if !plugin.Enabled {
+			continue
+		}
+
+		pluginName := plugin.Name
+		var pluginConfig map[string]any
+		if err := json.Unmarshal(plugin.Config.Raw, &pluginConfig); err != nil {
+			log.Errorw("gateway proxy plugin config unmarshal failed", zap.Error(err), zap.String("plugin", pluginName))
+			continue
+		}
+
+		log.Debugw("fill plugin from gateway proxy", zap.String("plugin", pluginName), zap.Any("config", pluginConfig))
+		plugins[pluginName] = pluginConfig
+	}
+}
+
+func (t *Translator) FillPluginMetadataFromGatewayProxy(pluginMetadata adctypes.Plugins, gatewayProxy *v1alpha1.GatewayProxy) {
+	if gatewayProxy == nil {
+		return
+	}
+	for k, v := range gatewayProxy.Spec.PluginMetadata {
+		pluginMetadata[k] = v
+	}
+}
+
+// TranslateGateway translate gateway to adc resources
+func (t *Translator) TranslateGateway(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) (*TranslateResult, error) {
+	result := &TranslateResult{}
+
+	// if gateway has a GatewayProxy resource, create a global service and apply plugins
+	if tctx.GatewayProxy != nil {
+		var (
+			globalRules    = adctypes.Plugins{}
+			pluginMetadata = adctypes.Plugins{}
+		)
+		// apply plugins from GatewayProxy to global rules
+		t.FillPluginsFromGatewayProxy(globalRules, tctx.GatewayProxy)
+		t.FillPluginMetadataFromGatewayProxy(pluginMetadata, tctx.GatewayProxy)
+		result.GlobalRules = globalRules
+	}
+
+	return result, nil
+}

internal/provider/adc/translator/translator.go

@@ -10,7 +10,9 @@ type Translator struct {
 	Log logr.Logger
 }
 type TranslateResult struct {
-	Routes   []*adctypes.Route
-	Services []*adctypes.Service
-	SSL      []*adctypes.SSL
+	Routes         []*adctypes.Route
+	Services       []*adctypes.Service
+	SSL            []*adctypes.SSL
+	GlobalRules    adctypes.Plugins
+	PluginMetadata adctypes.Plugins
 }

internal/provider/provider.go

@@ -20,6 +20,7 @@ type Provider interface {
 type TranslateContext struct {
 	BackendRefs      []gatewayv1.BackendRef
 	GatewayTLSConfig []gatewayv1.GatewayTLSConfig
+	GatewayProxy     *v1alpha1.GatewayProxy
 	EndpointSlices   map[types.NamespacedName][]discoveryv1.EndpointSlice
 	Secrets          map[types.NamespacedName]*corev1.Secret
 	PluginConfigs    map[types.NamespacedName]*v1alpha1.PluginConfig

test/e2e/framework/manifests/ingress.yaml

@@ -160,6 +160,7 @@ rules:
   - gateway.apisix.io
   resources:
   - pluginconfigs
+  - gatewayproxies
   verbs:
   - get
   - list