Update Gateway API to v0.7.0 #25711

meyskens · 2023-05-26T11:35:45Z

This PR updates our Gateway API to v0.7.0. This includes the new vendor changes as well as all fixes we needed to pass the additional conformance tests in individual commits.

Fixes: #25474

Support Gateway API v0.7.0

sayboras

Thanks for working on this, also cleaning up my bad code/mistake before 👍

sayboras · 2023-05-29T12:16:01Z

operator/pkg/gateway-api/httproute.go

@@ -92,6 +93,8 @@ func (r *httpRouteReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		For(&gatewayv1beta1.HTTPRoute{}).
 		// Watch for changes to Backend services
 		Watches(&source.Kind{Type: &corev1.Service{}}, r.enqueueRequestForBackendService()).
+		// Watch for changes to Reference Grants
+		Watches(&source.Kind{Type: &gatewayv1beta1.ReferenceGrant{}}, r.enqueueRequestForRequestGrant()).


sayboras · 2023-05-29T12:18:10Z

/test

viktor-kurchenko · 2023-05-30T06:38:29Z

operator/pkg/gateway-api/gateway_status.go

@@ -45,6 +51,29 @@ func gatewayStatusAcceptedCondition(gw *gatewayv1beta1.Gateway, accepted bool, m
 	}
 }

+func gatewayStatusProgrammedCondition(gw *gatewayv1beta1.Gateway, scheduled bool, msg string) metav1.Condition {
+	switch scheduled {


Just wondering, why switch not if?

This is an adaptation from @sayboras's original code, not sure what his reasoning was :)

ah i might have started with some enum, and then refactored to bool, so switch might be just lazy refactor.

I have had an idea last night to re-factor this into 1 generic blob to re-use. But that is probably out of scope for this PR.

operator/pkg/gateway-api/helpers/referencegrants.go

meyskens · 2023-05-30T14:24:27Z

/test

This status condition is now required to be set for Gateway API conformance. This status is now set once a gateway has valid config and has an assidned address Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

This adds a count for the attachedroutes field in the gateway status. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Setting gatewayListenerAcceptedCondition is now required to pass conformance Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

The new conformance tests now explicitly test for removed listeners to be removed from the status. We did not do this before, this adds a filter for that. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

This change sets the resolved reference status to true when they have been found. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

when a section is demanded on a gateway reference we should check if it actually exists. The conformace tests now check against this. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

This renames the function to check reference grants for certificates to a less generic name to avoid confusion with the one responsible for checking route backends. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

We previously did not perform checks for reference grants when validating routes. This now extracts this check into a helper which is re-used in both ingestion code as well as in the route validation code. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Previously we would check all references. This would cause the status of the reference to be overritten in the last one was correct. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

HTTPRoute is no logner a standard enabled feature in the conformace tests, This adds this back in our CI tests Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

This PR adds correct ReferenceGrant checks into TLSRoute. It also adds a check for resource kind in the helper function. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Improve the function arguments to the checked route is the last one. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

This adds IsSecretReferenceAllowed to check the secret reference logic in one place. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

sayboras · 2023-06-06T01:02:09Z

/test

sayboras · 2023-06-06T02:53:07Z

/test-1.16-4.19

This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>

This commit adds the missing reference-grant watch to the TLS route controller. Fixes: #25573 & #25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>

[ upstream commit 30d3a6f ] This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>

This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>

[ upstream commit 30d3a6f ] This commit adds the missing reference-grant watch to the TLS route controller. Fixes: #25573 & #25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>

This commit adds the missing reference-grant watch to the TLS route controller. Fixes: cilium#25573 & cilium#25711 Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>

maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 26, 2023

meyskens added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/servicemesh GH issues or PRs regarding servicemesh labels May 26, 2023

maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels May 26, 2023

meyskens force-pushed the meyskens/gatewayapi070 branch 6 times, most recently from a705072 to 741e3f8 Compare May 26, 2023 16:40

meyskens marked this pull request as ready for review May 29, 2023 07:33

meyskens requested review from a team as code owners May 29, 2023 07:33

meyskens requested review from sayboras and youngnick May 29, 2023 07:33

meyskens force-pushed the meyskens/gatewayapi070 branch from 741e3f8 to 801f311 Compare May 29, 2023 08:05

meyskens requested review from a team as code owners May 29, 2023 11:14

meyskens requested a review from viktor-kurchenko May 29, 2023 11:14

sayboras approved these changes May 29, 2023

View reviewed changes

meyskens force-pushed the meyskens/gatewayapi070 branch 2 times, most recently from 64fc503 to e24f5d2 Compare May 29, 2023 14:50

viktor-kurchenko reviewed May 30, 2023

View reviewed changes

operator/pkg/gateway-api/helpers/referencegrants.go Outdated Show resolved Hide resolved

meyskens force-pushed the meyskens/gatewayapi070 branch 2 times, most recently from 023ce23 to bace3b0 Compare May 30, 2023 12:22

meyskens added 15 commits June 6, 2023 11:01

Implement programmed flag

8731967

This status condition is now required to be set for Gateway API conformance. This status is now set once a gateway has valid config and has an assidned address Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Add AttachedRoutes

b4a6127

This adds a count for the attachedroutes field in the gateway status. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Set Accepted status on listeners

fe6d9dd

Setting gatewayListenerAcceptedCondition is now required to pass conformance Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Add logic to remove listener status

d4d5b1f

The new conformance tests now explicitly test for removed listeners to be removed from the status. We did not do this before, this adds a filter for that. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Set refernece resolved to true when ok

baab8fc

This change sets the resolved reference status to true when they have been found. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Check for section match on gateway

684fc1f

when a section is demanded on a gateway reference we should check if it actually exists. The conformace tests now check against this. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Rename cert reference allowed function

72e9b5b

This renames the function to check reference grants for certificates to a less generic name to avoid confusion with the one responsible for checking route backends. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Break in validation to not accept partial invalid routes

c8872df

Previously we would check all references. This would cause the status of the reference to be overritten in the last one was correct. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Enable HTTPRoute in conformance

2f50282

HTTPRoute is no logner a standard enabled feature in the conformace tests, This adds this back in our CI tests Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Implement ReferenceGrants correct for TLSRoute

ebf0819

This PR adds correct ReferenceGrant checks into TLSRoute. It also adds a check for resource kind in the helper function. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Improve func argument order

8d7c360

Improve the function arguments to the checked route is the last one. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Add IsSecretReferenceAllowed

ecd6928

This adds IsSecretReferenceAllowed to check the secret reference logic in one place. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Improve error messages on ReferenceGrant fetch

e4f0e5e

Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

Remove deprecated ready status

473e031

Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>

sayboras force-pushed the meyskens/gatewayapi070 branch from b9a8be9 to 473e031 Compare June 6, 2023 01:02

sayboras removed the dont-merge/preview-only Only for preview or testing, don't merge it. label Jun 6, 2023

sayboras merged commit 1055d59 into cilium:main Jun 6, 2023

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 6, 2023

mhofstetter mentioned this pull request Jun 7, 2023

CI: generate-k8s-api (check) #25974

Closed

mhofstetter mentioned this pull request Nov 6, 2023

gateway-api: add watch for reference grant in TLSRoute reconciler #29007

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update Gateway API to v0.7.0 #25711

Update Gateway API to v0.7.0 #25711

Uh oh!

meyskens commented May 26, 2023

Uh oh!

sayboras left a comment

Uh oh!

sayboras May 29, 2023

Uh oh!

sayboras commented May 29, 2023

Uh oh!

viktor-kurchenko May 30, 2023

Uh oh!

meyskens May 30, 2023

Uh oh!

sayboras May 30, 2023

Uh oh!

meyskens May 30, 2023

Uh oh!

Uh oh!

meyskens commented May 30, 2023

Uh oh!

sayboras commented Jun 6, 2023

Uh oh!

sayboras commented Jun 6, 2023

Uh oh!

Uh oh!

Update Gateway API to v0.7.0 #25711

Update Gateway API to v0.7.0 #25711

Uh oh!

Conversation

meyskens commented May 26, 2023

Uh oh!

sayboras left a comment

Choose a reason for hiding this comment

Uh oh!

sayboras May 29, 2023

Choose a reason for hiding this comment

Uh oh!

sayboras commented May 29, 2023

Uh oh!

viktor-kurchenko May 30, 2023

Choose a reason for hiding this comment

Uh oh!

meyskens May 30, 2023

Choose a reason for hiding this comment

Uh oh!

sayboras May 30, 2023

Choose a reason for hiding this comment

Uh oh!

meyskens May 30, 2023

Choose a reason for hiding this comment

Uh oh!

Uh oh!

meyskens commented May 30, 2023

Uh oh!

sayboras commented Jun 6, 2023

Uh oh!

sayboras commented Jun 6, 2023

Uh oh!

Uh oh!