optimize the code

Author: Skcey

internal/controller/manager_test.go

@@ -93,6 +93,8 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) {
 				partialObjectMetadataList,
 				&gatewayv1alpha3.BackendTLSPolicyList{},
 				&gatewayv1alpha2.TLSRouteList{},
+				&gatewayv1alpha2.TCPRouteList{},
+				&gatewayv1alpha2.UDPRouteList{},
 				&gatewayv1.GRPCRouteList{},
 				&ngfAPIv1alpha1.ClientSettingsPolicyList{},
 				&ngfAPIv1alpha2.ObservabilityPolicyList{},
@@ -149,6 +151,8 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) {
 				partialObjectMetadataList,
 				&gatewayv1alpha3.BackendTLSPolicyList{},
 				&gatewayv1alpha2.TLSRouteList{},
+				&gatewayv1alpha2.TCPRouteList{},
+				&gatewayv1alpha2.UDPRouteList{},
 				&gatewayv1.GRPCRouteList{},
 				&ngfAPIv1alpha1.ClientSettingsPolicyList{},
 				&ngfAPIv1alpha2.ObservabilityPolicyList{},

internal/controller/nginx/agent/agent.go

@@ -119,7 +119,10 @@ func (n *NginxUpdaterImpl) UpdateUpstreamServers(
 
 	var errs []error
 	var applied bool
-	actions := make([]*pb.NGINXPlusAction, 0, len(conf.Upstreams)+len(conf.StreamUpstreams))
+	actions := make([]*pb.NGINXPlusAction, 0,
+		len(conf.Upstreams)+len(conf.StreamUpstreams)+len(conf.TCPUpstreams)+len(conf.UDPUpstreams))
+
+	// HTTP/GRPC Upstreams
 	for _, upstream := range conf.Upstreams {
 		// Skip upstreams that have resolve servers to avoid "UpstreamServerImmutable" errors
 		if upstreamHasResolveServers(upstream) {
@@ -133,6 +136,7 @@ func (n *NginxUpdaterImpl) UpdateUpstreamServers(
 		actions = append(actions, action)
 	}
 
+	// TLS Passthrough Upstreams
 	for _, upstream := range conf.StreamUpstreams {
 		// Skip upstreams that have resolve servers to avoid "UpstreamServerImmutable" errors
 		if upstreamHasResolveServers(upstream) {
@@ -146,6 +150,34 @@ func (n *NginxUpdaterImpl) UpdateUpstreamServers(
 		actions = append(actions, action)
 	}
 
+	// TCP Upstreams
+	for _, upstream := range conf.TCPUpstreams {
+		// Skip upstreams that have resolve servers to avoid "UpstreamServerImmutable" errors
+		if upstreamHasResolveServers(upstream) {
+			continue
+		}
+		action := &pb.NGINXPlusAction{
+			Action: &pb.NGINXPlusAction_UpdateStreamServers{
+				UpdateStreamServers: buildStreamUpstreamServers(upstream),
+			},
+		}
+		actions = append(actions, action)
+	}
+
+	// UDP Upstreams
+	for _, upstream := range conf.UDPUpstreams {
+		// Skip upstreams that have resolve servers to avoid "UpstreamServerImmutable" errors
+		if upstreamHasResolveServers(upstream) {
+			continue
+		}
+		action := &pb.NGINXPlusAction{
+			Action: &pb.NGINXPlusAction_UpdateStreamServers{
+				UpdateStreamServers: buildStreamUpstreamServers(upstream),
+			},
+		}
+		actions = append(actions, action)
+	}
+
 	if actionsEqual(deployment.GetNGINXPlusActions(), actions) {
 		return
 	}

internal/controller/nginx/config/upstreams.go

@@ -115,15 +115,13 @@ func (g GeneratorImpl) createStreamUpstream(up dataplane.Upstream) stream.Upstre
 		if ep.IPv6 {
 			format = "[%s]:%d"
 		}
-		// Default weight to 1 if not specified
-		weight := ep.Weight
-		if weight == 0 {
-			weight = 1
-		}
+		// Keep the original weight from endpoint
+		// For single backend: Weight is 0 (template won't output weight directive)
+		// For multi-backend: Weight is set from BackendRef.Weight (template outputs weight=X if > 1)
 		upstreamServers[idx] = stream.UpstreamServer{
 			Address: fmt.Sprintf(format, ep.Address, ep.Port),
 			Resolve: ep.Resolve,
-			Weight:  weight,
+			Weight:  ep.Weight,
 		}
 	}
 

internal/controller/state/dataplane/configuration.go

@@ -74,8 +74,8 @@ func BuildConfiguration(
 		HTTPServers:           httpServers,
 		SSLServers:            sslServers,
 		TLSPassthroughServers: buildPassthroughServers(gateway),
-		TCPServers:            buildTCPServers(logger, gateway),
-		UDPServers:            buildUDPServers(logger, gateway),
+		TCPServers:            buildL4Servers(logger, gateway, v1.TCPProtocolType),
+		UDPServers:            buildL4Servers(logger, gateway, v1.UDPProtocolType),
 		Upstreams:             upstreams,
 		StreamUpstreams: buildStreamUpstreams(
 			ctx,
@@ -84,8 +84,8 @@ func BuildConfiguration(
 			serviceResolver,
 			g.ReferencedServices,
 			baseHTTPConfig.IPFamily),
-		TCPUpstreams:  buildTCPUpstreams(ctx, logger, gateway, serviceResolver, baseHTTPConfig.IPFamily),
-		UDPUpstreams:  buildUDPUpstreams(ctx, logger, gateway, serviceResolver, baseHTTPConfig.IPFamily),
+		TCPUpstreams:  buildL4Upstreams(ctx, logger, gateway, serviceResolver, baseHTTPConfig.IPFamily, v1.TCPProtocolType),
+		UDPUpstreams:  buildL4Upstreams(ctx, logger, gateway, serviceResolver, baseHTTPConfig.IPFamily, v1.UDPProtocolType),
 		BackendGroups: backendGroups,
 		SSLKeyPairs:   buildSSLKeyPairs(g.ReferencedSecrets, gateway.Listeners),
 		CertBundles: buildCertBundles(
@@ -238,16 +238,6 @@ func buildL4Servers(logger logr.Logger, gateway *graph.Gateway, protocol v1.Prot
 	return servers
 }
 
-// buildTCPServers builds TCPServers from TCPRoutes attached to listeners.
-func buildTCPServers(logger logr.Logger, gateway *graph.Gateway) []Layer4VirtualServer {
-	return buildL4Servers(logger, gateway, v1.TCPProtocolType)
-}
-
-// buildUDPServers builds UDPServers from UDPRoutes attached to listeners.
-func buildUDPServers(logger logr.Logger, gateway *graph.Gateway) []Layer4VirtualServer {
-	return buildL4Servers(logger, gateway, v1.UDPProtocolType)
-}
-
 // buildStreamUpstreams builds all stream upstreams.
 func buildStreamUpstreams(
 	ctx context.Context,
@@ -452,28 +442,6 @@ func buildL4Upstreams(
 	return upstreams
 }
 
-// buildTCPUpstreams builds all TCP upstreams.
-func buildTCPUpstreams(
-	ctx context.Context,
-	logger logr.Logger,
-	gateway *graph.Gateway,
-	serviceResolver resolver.ServiceResolver,
-	ipFamily IPFamilyType,
-) []Upstream {
-	return buildL4Upstreams(ctx, logger, gateway, serviceResolver, ipFamily, v1.TCPProtocolType)
-}
-
-// buildUDPUpstreams builds all UDP upstreams.
-func buildUDPUpstreams(
-	ctx context.Context,
-	logger logr.Logger,
-	gateway *graph.Gateway,
-	serviceResolver resolver.ServiceResolver,
-	ipFamily IPFamilyType,
-) []Upstream {
-	return buildL4Upstreams(ctx, logger, gateway, serviceResolver, ipFamily, v1.UDPProtocolType)
-}
-
 // buildSSLKeyPairs builds the SSLKeyPairs from the Secrets. It will only include Secrets that are referenced by
 // valid listeners, so that we don't include unused Secrets in the configuration of the data plane.
 func buildSSLKeyPairs(

internal/controller/state/graph/gateway_listener.go

@@ -151,7 +151,7 @@ func newListenerConfiguratorFactory(
 			validators: []listenerValidator{
 				validateListenerAllowedRouteKind,
 				validateListenerLabelSelector,
-				createTCPListenerValidator(protectedPorts),
+				createL4ListenerValidator(v1.TCPProtocolType, protectedPorts),
 			},
 			conflictResolvers: []listenerConflictResolver{
 				sharedPortConflictResolver,
@@ -161,7 +161,7 @@ func newListenerConfiguratorFactory(
 			validators: []listenerValidator{
 				validateListenerAllowedRouteKind,
 				validateListenerLabelSelector,
-				createUDPListenerValidator(protectedPorts),
+				createL4ListenerValidator(v1.UDPProtocolType, protectedPorts),
 			},
 			conflictResolvers: []listenerConflictResolver{
 				sharedPortConflictResolver,
@@ -487,13 +487,14 @@ func createPortConflictResolver() listenerConflictResolver {
 	const (
 		secureProtocolGroup   int = 0
 		insecureProtocolGroup int = 1
+		l4ProtocolGroup       int = 2
 	)
 	protocolGroups := map[v1.ProtocolType]int{
 		v1.TLSProtocolType:   secureProtocolGroup,
 		v1.HTTPProtocolType:  insecureProtocolGroup,
 		v1.HTTPSProtocolType: secureProtocolGroup,
-		v1.TCPProtocolType:   insecureProtocolGroup,
-		v1.UDPProtocolType:   insecureProtocolGroup,
+		v1.TCPProtocolType:   l4ProtocolGroup,
+		v1.UDPProtocolType:   l4ProtocolGroup,
 	}
 	conflictedPorts := make(map[v1.PortNumber]bool)
 	portProtocolOwner := make(map[v1.PortNumber]int)
@@ -505,6 +506,8 @@ func createPortConflictResolver() listenerConflictResolver {
 	formatHostname := "HTTPS and TLS listeners for the same port %d specify overlapping hostnames; " +
 		"ensure no overlapping hostnames for HTTPS and TLS listeners for the same port"
 
+	formatL4SameProtocol := "Multiple %s listeners cannot share the same port %d"
+
 	return func(l *Listener) {
 		port := l.Source.Port
 
@@ -542,6 +545,14 @@ func createPortConflictResolver() listenerConflictResolver {
 		} else {
 			foundConflict := false
 			for _, listener := range listenersByPort[port] {
+				if isL4Protocol(l.Source.Protocol) &&
+					listener.Source.Protocol == l.Source.Protocol {
+					listener.Valid = false
+					conflictedConds := conditions.NewListenerProtocolConflict(
+						fmt.Sprintf(formatL4SameProtocol, l.Source.Protocol, port))
+					listener.Conditions = append(listener.Conditions, conflictedConds...)
+					foundConflict = true
+				}
 				if listener.Source.Protocol != l.Source.Protocol &&
 					!isL4Protocol(listener.Source.Protocol) && !isL4Protocol(l.Source.Protocol) &&
 					haveOverlap(l.Source.Hostname, listener.Source.Hostname) {
@@ -554,8 +565,14 @@ func createPortConflictResolver() listenerConflictResolver {
 
 			if foundConflict {
 				l.Valid = false
-				conflictedConds := conditions.NewListenerHostnameConflict(fmt.Sprintf(formatHostname, port))
-				l.Conditions = append(l.Conditions, conflictedConds...)
+				if isL4Protocol(l.Source.Protocol) {
+					conflictedConds := conditions.NewListenerProtocolConflict(
+						fmt.Sprintf(formatL4SameProtocol, l.Source.Protocol, port))
+					l.Conditions = append(l.Conditions, conflictedConds...)
+				} else {
+					conflictedConds := conditions.NewListenerHostnameConflict(fmt.Sprintf(formatHostname, port))
+					l.Conditions = append(l.Conditions, conflictedConds...)
+				}
 			}
 		}
 
@@ -668,14 +685,6 @@ func createL4ListenerValidator(protocol v1.ProtocolType, protectedPorts Protecte
 	}
 }
 
-func createTCPListenerValidator(protectedPorts ProtectedPorts) listenerValidator {
-	return createL4ListenerValidator(v1.TCPProtocolType, protectedPorts)
-}
-
-func createUDPListenerValidator(protectedPorts ProtectedPorts) listenerValidator {
-	return createL4ListenerValidator(v1.UDPProtocolType, protectedPorts)
-}
-
 func createOverlappingTLSConfigResolver() listenerConflictResolver {
 	listenersByPort := make(map[v1.PortNumber][]*Listener)
 

internal/controller/state/graph/route_common.go

@@ -1283,7 +1283,7 @@ func buildGenericL4Route(
 
 		for refIdx, ref := range rule.backendRefs {
 			br, conds := validateBackendRefL4RouteMulti(
-				config.namespace, config.routeType, ref, services, r.ParentRefs,
+				config.namespace, ref, services, r.ParentRefs,
 				config.refGrantResolver, ruleIdx, refIdx,
 			)
 			allBackendRefs = append(allBackendRefs, br)
@@ -1307,7 +1307,6 @@ func buildGenericL4Route(
 // This eliminates code duplication between validateBackendRefTCPRouteMulti and validateBackendRefUDPRouteMulti.
 func validateBackendRefL4RouteMulti(
 	namespace string,
-	routeType string, // "TCP" or "UDP"
 	ref v1alpha.BackendRef,
 	services map[types.NamespacedName]*apiv1.Service,
 	parentRefs []ParentRef,