Skip to content

gateway-api: Supports Addresses provided by the Gateway API specification #33042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 4, 2024
Merged

gateway-api: Supports Addresses provided by the Gateway API specification #33042

merged 1 commit into from
Sep 4, 2024
+176 −34

Conversation

chaunceyjiang
Copy link
Member

@chaunceyjiang chaunceyjiang commented Jun 11, 2024
edited
Loading

Fixes: #32865

Cilium Gateway supports Addresses provided by the Gateway API specification https://gateway-api.sigs.k8s.io/api-types/gateway/?h=addresses

Cilium Gateway supports Addresses provided by the Gateway API specification

@chaunceyjiang chaunceyjiang requested a review from a team as a code owner June 11, 2024 08:00
@chaunceyjiang chaunceyjiang requested a review from youngnick June 11, 2024 08:00
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 11, 2024
@chaunceyjiang chaunceyjiang changed the title [Gateway-API] Cilium Gateway supports Addresses provided by the Gateway API specification [Gateway-API] Supports Addresses provided by the Gateway API specification Jun 11, 2024
@chaunceyjiang
Copy link
Member Author

Test:

# kubectl get gateway my-gateway -oyaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  creationTimestamp: "2024-06-11T06:19:15Z"
  generation: 8
  name: my-gateway
  namespace: default
  resourceVersion: "3293345"
  uid: 41a0fb4c-4781-4e34-a1fd-462762fbc6f3
spec:
  addresses:
  - type: IPAddress
    value: 172.18.0.140
  gatewayClassName: cilium
  listeners:
  - allowedRoutes:
      namespaces:
        from: Same
    name: web-gw
    port: 80
    protocol: HTTP
status:
  addresses:
  - type: IPAddress
    value: 172.18.0.140
  conditions:
  - lastTransitionTime: "2024-06-11T08:04:55Z"
    message: Gateway successfully scheduled
    observedGeneration: 8
    reason: Accepted
    status: "True"
    type: Accepted
  - lastTransitionTime: "2024-06-11T08:04:55Z"
    message: Gateway successfully reconciled
    observedGeneration: 8
    reason: Programmed
    status: "True"
    type: Programmed
  listeners:
  - attachedRoutes: 1
    conditions:
    - lastTransitionTime: "2024-06-11T08:04:55Z"
      message: Listener Programmed
      observedGeneration: 8
      reason: Programmed
      status: "True"
      type: Programmed
    - lastTransitionTime: "2024-06-11T08:04:55Z"
      message: Listener Accepted
      observedGeneration: 8
      reason: Accepted
      status: "True"
      type: Accepted
    - lastTransitionTime: "2024-06-11T08:04:55Z"
      message: Resolved Refs
      reason: ResolvedRefs
      status: "True"
      type: ResolvedRefs
    name: web-gw
    supportedKinds:
    - group: gateway.networking.k8s.io
      kind: HTTPRoute

@chaunceyjiang chaunceyjiang changed the title [Gateway-API] Supports Addresses provided by the Gateway API specification gateway-api: Supports Addresses provided by the Gateway API specification Jun 11, 2024
@chaunceyjiang
Copy link
Member Author

/test

@chaunceyjiang
Copy link
Member Author

/cc @sayboras PTAL.

@sayboras sayboras added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Jun 11, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 11, 2024
@sayboras
Copy link
Member

sayboras commented Jun 11, 2024
edited
Loading

Thanks for your PR.

The current Gateway API is with kind + L2LB setup, so I assume that we can enable GatewayStaticAddresses theoretically? Probably we need to check how the upstream test is configured with additional params.

Exempt feature:

cilium/.github/workflows/conformance-gateway-api.yaml

Line 134 in f3e65e3

EXEMPT_FEATURES="GatewayStaticAddresses,HTTPRouteParentRefPort,HTTPRouteResponseHeaderModification"

Related PR on l2lb: #28926

@sayboras
Copy link
Member

Another point is to highlight the feature dependency L2LB + Gateway Address for end user.

@chaunceyjiang chaunceyjiang requested review from a team as code owners June 12, 2024 02:46
@chaunceyjiang
Copy link
Member Author

Another point is to highlight the feature dependency L2LB + Gateway Address for end user.

Should I highlight this in the cilium document?

@chaunceyjiang
Copy link
Member Author

/test

@chaunceyjiang
Copy link
Member Author

/ci-gateway-api

@chaunceyjiang
Copy link
Member Author

/ci-aks

@sayboras
Copy link
Member

Should I highlight this in the cilium document?

yes, it will be awesome. We can update the docs in a separate PR as well.

sayboras
sayboras reviewed Jun 13, 2024
View reviewed changes
@sayboras sayboras added the dont-merge/preview-only Only for preview or testing, don't merge it. label Jun 13, 2024
@sayboras sayboras mentioned this pull request Jun 13, 2024
Closed
9 tasks
@youngnick youngnick mentioned this pull request Jun 14, 2024
Closed
3 tasks
@youngnick
Copy link
Contributor

Thanks for this PR @chaunceyjiang! This is a great start, but as Tam says, it only addresses the case that the cluster is using Cilium's LBIPAM. If the cluster is using another Loadbalancer provider (for example, if it's running in a cloud), this won't work.

In order for this to work, this code will need to grow some way to know what loadbalancer provider it should use (Cilium LBIPAM, a cloud provider, or something else), so that it can know what annotations to add.

I suppose we could add this as is, but I suspect that even if we put a big "ONLY WORKS WITH CILIUM LB IPAM", then we will get a bunch of issues from folks who try it in EKS, GKE, or AKS, where this won't work.

@github-actions GitHub Actions
Copy link

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jul 15, 2024
@github-actions github-actions bot removed the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jul 24, 2024
@youngnick youngnick mentioned this pull request Jul 24, 2024
Open
2 tasks
@chaunceyjiang chaunceyjiang mentioned this pull request Jul 31, 2024
Closed
3 tasks
@chaunceyjiang
Copy link
Member Author

image 
# export GATEWAY_API_CONFORMANCE_UNUSABLE_NETWORK_ADDRESSES=182.18.0.150
#
# export GATEWAY_API_CONFORMANCE_USABLE_NETWORK_ADDRESSES=172.18.0.150
#
# GATEWAY_API_CONFORMANCE_TESTS=1 go test -v ./operator/pkg/gateway-api --gat
eway-class cilium --all-features --exempt-features=MeshConsumerRoute,HTTPRouteParentRefP
ort,HTTPRouteDestinationPortMatching,HTTPRouteRequestTimeout,HTTPRouteBackendTimeout --a
llow-crds-mismatch --debug -test.run "TestConformance/GatewayStaticAddresses"

@chaunceyjiang chaunceyjiang force-pushed the address branch 2 times, most recently from 05c31d4 to 07e6112 Compare August 2, 2024 06:16
@chaunceyjiang
Copy link
Member Author

Hi, @sayboras @youngnick

The Conformance/GatewayStaticAddresses conformance test has passed in my local environment. However, there are currently two issues that need to be discussed with you.

  1. Where should the documentation be written?
  2. During CI execution, how should the parameters UNUSABLE_NETWORK_ADDRESSES and USABLE_NETWORK_ADDRESSES be passed to the conformance test?

chaunceyjiang
chaunceyjiang commented Aug 2, 2024
View reviewed changes
@youngnick
Copy link
Contributor

youngnick commented Aug 9, 2024
edited
Loading

We'll need an update to the documentation in Documentation/network/servicemesh/gateway-api. I think the best way would be a new .rst file similar to the host-network-mode.rst one that documents the feature, along with clearly calling out that it's only available for LB-IPAM.

Writing that out, I think I'm going to end up being super picky about it, so it's probably better that I just write the docs as a followup once this merges. Let's get the feature in first, and I'll document it.

I think this one also updates #21926 - although it won't close it, since we may need to add support for more deployment scenarios in the future.

Thanks again for pushing this ahead, really appreciated!

youngnick
youngnick requested changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@youngnick youngnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly LGTM, with one small change to make this change non-breaking for now.

@chaunceyjiang chaunceyjiang force-pushed the address branch 3 times, most recently from 08ee0da to 71b623b Compare August 30, 2024 09:32
@chaunceyjiang
Copy link
Member Author

/cc @sayboras @youngnick PTAL.

sayboras
sayboras approved these changes Aug 30, 2024
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feature is highly asked by community, thanks a lot for your contribution.

I have one nit as per below, also other related docs (if required) can be done in separate PR as well.

@chaunceyjiang
gateway-api: Supports Addresses provided by the Gateway API specifica…
292f576 
…tion

Fixes: cilium#32865

Cilium Gateway supports Addresses provided by the Gateway API specification https://gateway-api.sigs.k8s.io/api-types/gateway/?h=addresses

Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@chaunceyjiang
Copy link
Member Author

/test

@chaunceyjiang
Copy link
Member Author

/cc @youngnick PTAL.

youngnick
youngnick approved these changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@youngnick youngnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice work @chaunceyjiang. Let's get this in and documented.

@sayboras sayboras removed the dont-merge/preview-only Only for preview or testing, don't merge it. label Sep 4, 2024
@sayboras sayboras enabled auto-merge September 4, 2024 03:57
@sayboras sayboras added this pull request to the merge queue Sep 4, 2024
Merged via the queue into cilium:main with commit 7eeac6a Sep 4, 2024
70 checks passed
@chaunceyjiang chaunceyjiang deleted the address branch September 4, 2024 05:44
@sayboras sayboras mentioned this pull request Sep 4, 2024
Merged
@chaunceyjiang chaunceyjiang mentioned this pull request Oct 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

@youngnick youngnick youngnick approved these changes

@viktor-kurchenko viktor-kurchenko Awaiting requested review from viktor-kurchenko viktor-kurchenko is a code owner automatically assigned from cilium/github-sec

+1 more reviewer

@rouke-broersma rouke-broersma rouke-broersma left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
feature/k8s-gateway-api release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cilium Gateway ignores Addresses
4 participants
@chaunceyjiang @sayboras @youngnick @rouke-broersma