diff --git a/CHANGELOG.md b/CHANGELOG.md index d5cf72d61b..1e076f580a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,13 +71,19 @@ #### Added +- Updated Gateway API dependencies to [v0.5.0][gw-v0.5.0] and updated `examples` + directory to use `v1beta1` versions of APIs where applicable. + [#2691](https://github.com/Kong/kubernetes-ingress-controller/pull/2691) - Added support for Gateway Listener TLS configuration, to enable full use of TLSRoute and HTTPS HTTPRoutes. [#2580](https://github.com/Kong/kubernetes-ingress-controller/pull/2580) - Added information about service mesh deployment and distribution in telemetry data reported to Kong. [#2642](https://github.com/Kong/kubernetes-ingress-controller/pull/2642) +[gw-v0.5.0]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.5.0 + #### Fixed + - Fixed the problem that logs from reporter does not appear in the pod log. [#2645](https://github.com/Kong/kubernetes-ingress-controller/pull/2645) diff --git a/Makefile b/Makefile index b82e60bec0..d0908d3f25 100644 --- a/Makefile +++ b/Makefile @@ -339,35 +339,19 @@ run: install # Gateway API # ------------------------------------------------------------------------------ -GATEWAY_API_PACKAGE ?= sigs.k8s.io/gateway-api -# TODO: Below hardcoded ref is a workaround for the fact that we're using an untagged version -# of sigs.k8s.io/gateway-api in go.mod - that occurred after v0.4.0 (which was tagged on master) -# but which contains a breaking change w.r.t to the file structure in said repo - and the -# fact that kustomize accepts only branch names, tags, or full commit hashes, i.e. short -# hashes or go pseudo versions are not supported [1]. -# Please also note that kustomize fails silently when provided with an unsupported ref -# and downloads the manifests from the main branch. -# -# [1]: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md#remote-directories -# -# This causes a problem where we cannot use go pseudo version from go.mod i.e. -# v0.4.1-0.20220306235253-71fee1c2808f and where we cannot update to a newer version -# sigs.k8s.io/gateway-api because v0.5.0 hasn't been released yet and v0.4.x versions -# do not contain the change in file structure that some of the code in this repo already -# relies on. +# GATEWAY_API_VERSION will be processed by kustomize and therefore accepts +# only branch names, tags, or full commit hashes, i.e. short hashes or go +# pseudo versions are not supported [1]. +# Please also note that kustomize fails silently when provided with an +# unsupported ref and downloads the manifests from the main branch. # -# In order to avoid unnecessary work we're just hardcoding the full SHA that -# corresponds to what's in go.mod - v0.4.1-0.20220306235253-71fee1c2808f - until -# v0.5.0 is released which we can then use in go.mod and scrape via go list ... -# -# Whenever the above happens the hardcoded SHA can be replaced with: -# $(shell go list -m -f "{{.Version}}" $(GATEWAY_API_PACKAGE)) -# -# Related issue: https://github.com/Kong/kubernetes-ingress-controller/issues/2595 -GATEWAY_API_VERSION ?= 71fee1c2808fa19a5f19d952d155fc072cf9324c +# [1]: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md#remote-directories +GATEWAY_API_VERSION ?= v0.5.0 +GATEWAY_API_RELEASE_CHANNEL ?= experimental +GATEWAY_API_PACKAGE ?= sigs.k8s.io/gateway-api GATEWAY_API_CRDS_LOCAL_PATH = $(shell go env GOPATH)/pkg/mod/$(GATEWAY_API_PACKAGE)@$(GATEWAY_API_VERSION)/config/crd GATEWAY_API_REPO ?= github.com/kubernetes-sigs/gateway-api -GATEWAY_API_CRDS_URL = $(GATEWAY_API_REPO)/config/crd?ref=$(GATEWAY_API_VERSION) +GATEWAY_API_CRDS_URL = $(GATEWAY_API_REPO)/config/crd/$(GATEWAY_API_RELEASE_CHANNEL)?ref=$(GATEWAY_API_VERSION) .PHONY: print-gateway-api-crds-url print-gateway-api-crds-url: diff --git a/examples/gateway-httproute.yaml b/examples/gateway-httproute.yaml index 2bbd876e00..3b0cd8e78c 100644 --- a/examples/gateway-httproute.yaml +++ b/examples/gateway-httproute.yaml @@ -77,15 +77,15 @@ spec: app: nginx type: ClusterIP --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: controllerName: konghq.com/kic-gateway-controller --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: @@ -95,7 +95,7 @@ spec: protocol: HTTP port: 80 --- -apiVersion: gateway.networking.k8s.io/v1alpha2 +apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: httproute-testing diff --git a/examples/gateway-tcproute.yaml b/examples/gateway-tcproute.yaml index 5dadcb9a02..6baceb52fc 100644 --- a/examples/gateway-tcproute.yaml +++ b/examples/gateway-tcproute.yaml @@ -42,15 +42,15 @@ spec: app: tcpecho type: ClusterIP --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: controllerName: konghq.com/kic-gateway-controller --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: diff --git a/examples/gateway-tlsroute.yaml b/examples/gateway-tlsroute.yaml index a847a31238..e230c86436 100644 --- a/examples/gateway-tlsroute.yaml +++ b/examples/gateway-tlsroute.yaml @@ -51,15 +51,15 @@ data: tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JRzJBZ0VBTUJBR0J5cUdTTTQ5QWdFR0JTdUJCQUFpQklHZU1JR2JBZ0VCQkRERFJuZGdQWVphb25WdXFIaXUKNXV1WVdJK0ExNkJZTG9VQm5ZMC85Qkw5VTBzNDdHN0xDL2IwNXdFLzdVUEpFQktoWkFOaUFBUkI1eC9PekdZLwpBTFRxNDJ6ZVRLSXNOdnB1dWVBemhtMFplREJ3WVBmM2R4dGlacTZkOEU5RzNHcUh2cEVwMUwzRE9yaXI2Z0h4CjAreEFxQUUyR1VsT3Y2SVVmME9MdHNGa1Z4aXJINUtjMVJkblIwTTBGdGJpczlWTWtkQzkyaWM9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K type: kubernetes.io/tls --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: controllerName: konghq.com/kic-gateway-controller --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: diff --git a/examples/gateway-udproute.yaml b/examples/gateway-udproute.yaml index 43d686f89f..2b37589f14 100644 --- a/examples/gateway-udproute.yaml +++ b/examples/gateway-udproute.yaml @@ -82,15 +82,15 @@ spec: app: coredns type: ClusterIP --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: controllerName: konghq.com/kic-gateway-controller --- +apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway -apiVersion: gateway.networking.k8s.io/v1alpha2 metadata: name: kong spec: diff --git a/go.mod b/go.mod index 752a010dbd..78d84659d0 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( knative.dev/networking v0.0.0-20220302134042-e8b2eb995165 knative.dev/pkg v0.0.0-20220301181942-2fdd5f232e77 sigs.k8s.io/controller-runtime v0.12.3 - sigs.k8s.io/gateway-api v0.4.1-0.20220306235253-71fee1c2808f + sigs.k8s.io/gateway-api v0.5.0 sigs.k8s.io/kustomize/api v0.11.5 sigs.k8s.io/kustomize/kyaml v0.13.7 sigs.k8s.io/yaml v1.3.0 @@ -46,6 +46,12 @@ require ( require ( cloud.google.com/go/compute v1.7.0 // indirect + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest v0.11.18 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/logger v0.2.1 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect @@ -63,6 +69,7 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.13.0 // indirect + github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-errors/errors v1.0.1 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -128,6 +135,7 @@ require ( go.opencensus.io v0.23.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect + golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 // indirect golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect diff --git a/go.sum b/go.sum index f859b3fb29..da50c164dd 100644 --- a/go.sum +++ b/go.sum @@ -68,12 +68,19 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7 github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= +github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -217,6 +224,7 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -835,6 +843,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 h1:K3x+yU+fbot38x5bQbU2QqUAVyYLEktdNH2GxZLnM3U= +golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1455,8 +1465,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyz sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98usMio= sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0= -sigs.k8s.io/gateway-api v0.4.1-0.20220306235253-71fee1c2808f h1:5OAEIvquOkiENoXzSskD2jNBWI15dWHjNIIqn0VF/dY= -sigs.k8s.io/gateway-api v0.4.1-0.20220306235253-71fee1c2808f/go.mod h1:Gj2je/oOS/22fEU/U4xJ/nRH0wuQ3/kcfJUmLqtqXV4= +sigs.k8s.io/gateway-api v0.5.0 h1:ze+k9fJqvmL8s1t3e4q1ST8RnN+f09dEv+gfacahlAE= +sigs.k8s.io/gateway-api v0.5.0/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag= diff --git a/internal/controllers/gateway/httproute_controller.go b/internal/controllers/gateway/httproute_controller.go index 33713f6b80..0d08febd73 100644 --- a/internal/controllers/gateway/httproute_controller.go +++ b/internal/controllers/gateway/httproute_controller.go @@ -376,7 +376,7 @@ func (r *HTTPRouteReconciler) ensureGatewayReferenceStatusAdded(ctx context.Cont }, ControllerName: ControllerName, Conditions: []metav1.Condition{{ - Type: string(gatewayv1alpha2.ConditionRouteAccepted), + Type: string(gatewayv1alpha2.RouteConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: httproute.Generation, LastTransitionTime: metav1.Now(), diff --git a/internal/controllers/gateway/tcproute_controller.go b/internal/controllers/gateway/tcproute_controller.go index d5ddb7328c..63bcd49838 100644 --- a/internal/controllers/gateway/tcproute_controller.go +++ b/internal/controllers/gateway/tcproute_controller.go @@ -376,7 +376,7 @@ func (r *TCPRouteReconciler) ensureGatewayReferenceStatusAdded(ctx context.Conte }, ControllerName: ControllerName, Conditions: []metav1.Condition{{ - Type: string(gatewayv1alpha2.ConditionRouteAccepted), + Type: string(gatewayv1alpha2.RouteConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: tcproute.Generation, LastTransitionTime: metav1.Now(), diff --git a/internal/controllers/gateway/tlsroute_controller.go b/internal/controllers/gateway/tlsroute_controller.go index 2e78f6f358..376df2397c 100644 --- a/internal/controllers/gateway/tlsroute_controller.go +++ b/internal/controllers/gateway/tlsroute_controller.go @@ -376,7 +376,7 @@ func (r *TLSRouteReconciler) ensureGatewayReferenceStatusAdded(ctx context.Conte }, ControllerName: ControllerName, Conditions: []metav1.Condition{{ - Type: string(gatewayv1alpha2.ConditionRouteAccepted), + Type: string(gatewayv1alpha2.RouteConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: tlsroute.Generation, LastTransitionTime: metav1.Now(), diff --git a/internal/controllers/gateway/udproute_controller.go b/internal/controllers/gateway/udproute_controller.go index 665a8b8fca..dd8d0e73d1 100644 --- a/internal/controllers/gateway/udproute_controller.go +++ b/internal/controllers/gateway/udproute_controller.go @@ -376,7 +376,7 @@ func (r *UDPRouteReconciler) ensureGatewayReferenceStatusAdded(ctx context.Conte }, ControllerName: ControllerName, Conditions: []metav1.Condition{{ - Type: string(gatewayv1alpha2.ConditionRouteAccepted), + Type: string(gatewayv1alpha2.RouteConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: udproute.Generation, LastTransitionTime: metav1.Now(), diff --git a/internal/dataplane/parser/parser.go b/internal/dataplane/parser/parser.go index 20c7827de1..04090a255a 100644 --- a/internal/dataplane/parser/parser.go +++ b/internal/dataplane/parser/parser.go @@ -462,7 +462,7 @@ func getGatewayCerts(log logrus.FieldLogger, s store.Storer) []certWrapper { namespace = string(*ref.Namespace) } if namespace != gateway.Namespace { - allowed := getPermittedForReferencePolicyFrom(gatewayv1alpha2.ReferencePolicyFrom{ + allowed := getPermittedForReferenceGrantFrom(gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group(gateway.GetObjectKind().GroupVersionKind().Group), Kind: gatewayv1alpha2.Kind(gateway.GetObjectKind().GroupVersionKind().Kind), Namespace: gatewayv1alpha2.Namespace(gateway.GetNamespace()), diff --git a/internal/dataplane/parser/translate_tcproute.go b/internal/dataplane/parser/translate_tcproute.go index 432fbabd6e..246c68e037 100644 --- a/internal/dataplane/parser/translate_tcproute.go +++ b/internal/dataplane/parser/translate_tcproute.go @@ -103,12 +103,6 @@ func generateKongRoutesFromTCPRouteRule( objectInfo := util.FromK8sObject(tcproute) var routes []kongstate.Route - if len(rule.Matches) > 0 { - // As of 2022-03-04, matches are supported only in experimental CRDs. if you apply a TCPRoute with matches against - // the stable CRDs, the matches disappear into the ether (only if doing it via client-go, kubectl rejects them) - // We do not intend to implement these until they are stable per https://github.com/Kong/kubernetes-ingress-controller/issues/2087#issuecomment-1079053290 - return routes, fmt.Errorf("TCPRoute Matches are not yet supported") - } if len(rule.BackendRefs) == 0 { return routes, fmt.Errorf("TCPRoute rules must include at least one backendRef") diff --git a/internal/dataplane/parser/translate_udproute.go b/internal/dataplane/parser/translate_udproute.go index bf852c69ff..c341297e80 100644 --- a/internal/dataplane/parser/translate_udproute.go +++ b/internal/dataplane/parser/translate_udproute.go @@ -101,12 +101,6 @@ func generateKongRoutesFromUDPRouteRule(udproute *gatewayv1alpha2.UDPRoute, rule objectInfo := util.FromK8sObject(udproute) var routes []kongstate.Route - if len(rule.Matches) > 0 { - // As of 2022-03-04, matches are supported only in experimental CRDs. if you apply a UDPRoute with matches against - // the stable CRDs, the matches disappear into the ether (only if doing it via client-go, kubectl rejects them) - // We do not intend to implement these until they are stable per https://github.com/Kong/kubernetes-ingress-controller/issues/2087#issuecomment-1079053290 - return routes, fmt.Errorf("UDPRoute Matches are not yet supported") - } if len(rule.BackendRefs) == 0 { return routes, fmt.Errorf("UDPRoute rules must include at least one backendRef") diff --git a/internal/dataplane/parser/translate_utils.go b/internal/dataplane/parser/translate_utils.go index 52d7f155ae..fd9fa342f5 100644 --- a/internal/dataplane/parser/translate_utils.go +++ b/internal/dataplane/parser/translate_utils.go @@ -51,15 +51,15 @@ func convertGatewayMatchHeadersToKongRouteMatchHeaders(headers []gatewayv1alpha2 return convertedHeaders, nil } -// isRefAllowedByPolicy checks if backendRef is permitted by the provided namespace-indexed ReferencePolicyTo set, +// isRefAllowedByPolicy checks if backendRef is permitted by the provided namespace-indexed ReferenceGrantTo set, // allowed. allowed is assumed to contain Tos that only match the backendRef's parent's From, as returned by -// getPermittedForReferencePolicyFrom. +// getPermittedForReferenceGrantFrom. func isRefAllowedByPolicy( namespace *gatewayv1alpha2.Namespace, name gatewayv1alpha2.ObjectName, group *gatewayv1alpha2.Group, kind *gatewayv1alpha2.Kind, - allowed map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo, + allowed map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo, ) bool { if namespace == nil { // local references are always fine @@ -81,13 +81,13 @@ func isRefAllowedByPolicy( return false } -// getPermittedForReferencePolicyFrom takes a ReferencePolicy From (a namespace, group, and kind) and returns a map -// from a namespace to a slice of ReferencePolicy Tos. When a To is included in the slice, the key namespace has a +// getPermittedForReferenceGrantFrom takes a ReferenceGrant From (a namespace, group, and kind) and returns a map +// from a namespace to a slice of ReferenceGrant Tos. When a To is included in the slice, the key namespace has a // ReferencePolicy with those Tos and the input From. -func getPermittedForReferencePolicyFrom(from gatewayv1alpha2.ReferencePolicyFrom, +func getPermittedForReferenceGrantFrom(from gatewayv1alpha2.ReferenceGrantFrom, policies []*gatewayv1alpha2.ReferencePolicy, -) map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo { - allowed := make(map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo) +) map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo { + allowed := make(map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo) // loop over all From values in all policies. if we find a match, add all Tos to the list of Tos allowed for the // policy namespace. this technically could add duplicate copies of the Tos if there are duplicate Froms (it makes // no sense to add them, but it's allowed), but duplicate Tos are harmless (we only care about having at least one @@ -124,7 +124,7 @@ func (p *Parser) generateKongServiceFromBackendRef( if err != nil { return kongstate.Service{}, fmt.Errorf("could not retrieve ReferencePolicies for %s: %w", objName, err) } - allowed := getPermittedForReferencePolicyFrom(gatewayv1alpha2.ReferencePolicyFrom{ + allowed := getPermittedForReferenceGrantFrom(gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group(route.GetObjectKind().GroupVersionKind().Group), Kind: gatewayv1alpha2.Kind(route.GetObjectKind().GroupVersionKind().Kind), Namespace: gatewayv1alpha2.Namespace(route.GetNamespace()), diff --git a/internal/dataplane/parser/translate_utils_test.go b/internal/dataplane/parser/translate_utils_test.go index e793da371c..67dfc25516 100644 --- a/internal/dataplane/parser/translate_utils_test.go +++ b/internal/dataplane/parser/translate_utils_test.go @@ -188,7 +188,7 @@ func Test_isRefAllowedByPolicy(t *testing.T) { badKind := gatewayv1alpha2.Kind("badFakeKind") cholponName := gatewayv1alpha2.ObjectName("cholpon") - fakeMap := map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{ + fakeMap := map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{ fitrat: {{Group: group, Kind: kind}, {Group: gatewayv1alpha2.Group("extra.example"), Kind: badKind}}, cholpon: {{Group: group, Kind: kind, Name: &cholponName}}, behbudiy: {}, @@ -281,7 +281,7 @@ func Test_isRefAllowedByPolicy(t *testing.T) { } } -func Test_getPermittedForReferencePolicyFrom(t *testing.T) { +func Test_getPermittedForReferenceGrantFrom(t *testing.T) { policies := []*gatewayv1alpha2.ReferencePolicy{ { ObjectMeta: metav1.ObjectMeta{ @@ -289,8 +289,8 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { Annotations: map[string]string{}, Namespace: "fitrat", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("TCPRoute"), @@ -307,7 +307,7 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { Namespace: gatewayv1alpha2.Namespace("qodiriy"), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ { Group: gatewayv1alpha2.Group(""), Kind: gatewayv1alpha2.Kind("PolicyOne"), @@ -321,8 +321,8 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { Annotations: map[string]string{}, Namespace: "cholpon", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("UDPRoute"), @@ -334,7 +334,7 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { Namespace: gatewayv1alpha2.Namespace("qodiriy"), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ { Group: gatewayv1alpha2.Group(""), Kind: gatewayv1alpha2.Kind("PolicyTwo"), @@ -345,53 +345,53 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { } tests := []struct { msg string - from gatewayv1alpha2.ReferencePolicyFrom - result map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo + from gatewayv1alpha2.ReferenceGrantFrom + result map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo }{ { msg: "no matches whatsoever", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("invalid.example"), Kind: gatewayv1alpha2.Kind("invalid"), Namespace: gatewayv1alpha2.Namespace("invalid"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{}, + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{}, }, { msg: "non-matching namespace", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("UDPRoute"), Namespace: gatewayv1alpha2.Namespace("niyazi"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{}, + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{}, }, { msg: "non-matching kind", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("TLSRoute"), Namespace: gatewayv1alpha2.Namespace("behbudiy"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{}, + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{}, }, { msg: "non-matching group", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("invalid.example"), Kind: gatewayv1alpha2.Kind("UDPRoute"), Namespace: gatewayv1alpha2.Namespace("behbudiy"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{}, + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{}, }, { msg: "single match", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("UDPRoute"), Namespace: gatewayv1alpha2.Namespace("behbudiy"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{ + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{ "cholpon": { { Group: gatewayv1alpha2.Group(""), @@ -402,12 +402,12 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { }, { msg: "multiple matches", - from: gatewayv1alpha2.ReferencePolicyFrom{ + from: gatewayv1alpha2.ReferenceGrantFrom{ Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("TCPRoute"), Namespace: gatewayv1alpha2.Namespace("qodiriy"), }, - result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferencePolicyTo{ + result: map[gatewayv1alpha2.Namespace][]gatewayv1alpha2.ReferenceGrantTo{ "cholpon": { { Group: gatewayv1alpha2.Group(""), @@ -425,7 +425,7 @@ func Test_getPermittedForReferencePolicyFrom(t *testing.T) { } for _, tt := range tests { t.Run(tt.msg, func(t *testing.T) { - result := getPermittedForReferencePolicyFrom(tt.from, policies) + result := getPermittedForReferenceGrantFrom(tt.from, policies) assert.Equal(t, tt.result, result) }) } @@ -439,8 +439,8 @@ func Test_generateKongServiceFromBackendRef(t *testing.T) { Annotations: map[string]string{}, Namespace: "fitrat", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("TCPRoute"), @@ -457,7 +457,7 @@ func Test_generateKongServiceFromBackendRef(t *testing.T) { Namespace: gatewayv1alpha2.Namespace("qodiriy"), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ { Group: gatewayv1alpha2.Group(""), Kind: gatewayv1alpha2.Kind("Service"), @@ -471,8 +471,8 @@ func Test_generateKongServiceFromBackendRef(t *testing.T) { Annotations: map[string]string{}, Namespace: "cholpon", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("UDPRoute"), @@ -484,7 +484,7 @@ func Test_generateKongServiceFromBackendRef(t *testing.T) { Namespace: gatewayv1alpha2.Namespace("qodiriy"), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ { Group: gatewayv1alpha2.Group(""), Kind: gatewayv1alpha2.Kind("Service"), diff --git a/internal/store/fake_store_test.go b/internal/store/fake_store_test.go index da2c190306..f61a113730 100644 --- a/internal/store/fake_store_test.go +++ b/internal/store/fake_store_test.go @@ -841,13 +841,13 @@ func TestFakeStoreReferencePolicy(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "foo", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{}, + Spec: gatewayv1alpha2.ReferenceGrantSpec{}, }, { ObjectMeta: metav1.ObjectMeta{ Name: "bar", }, - Spec: gatewayv1alpha2.ReferencePolicySpec{}, + Spec: gatewayv1alpha2.ReferenceGrantSpec{}, }, } store, err := NewFakeStore(FakeObjects{ReferencePolicies: policies}) diff --git a/test/conformance/gateway_conformance_test.go b/test/conformance/gateway_conformance_test.go index 3fd74f833f..b2e74d7665 100644 --- a/test/conformance/gateway_conformance_test.go +++ b/test/conformance/gateway_conformance_test.go @@ -5,6 +5,7 @@ package conformance import ( "fmt" + "os" "testing" "github.com/google/uuid" @@ -28,6 +29,9 @@ var ( ) func TestGatewayConformance(t *testing.T) { + if v := os.Getenv("KONG_TEST_GATEWAY_CONFORMANCE_ENABLED"); v != "true" { + t.Skip() // TODO: https://github.com/Kong/kubernetes-ingress-controller/issues/2692 + } t.Parallel() t.Log("configuring environment for gateway conformance tests") @@ -48,11 +52,11 @@ func TestGatewayConformance(t *testing.T) { t.Log("starting the gateway conformance test suite") cSuite := suite.New(suite.Options{ - Client: client, - GatewayClassName: gwc.Name, - Debug: showDebug, - Cleanup: shouldCleanup, - BaseManifests: conformanceTestsBaseManifests, + Client: client, + GatewayClassName: gwc.Name, + Debug: showDebug, + CleanupBaseResources: shouldCleanup, + BaseManifests: conformanceTestsBaseManifests, }) cSuite.Setup(t) diff --git a/test/consts/gateway.go b/test/consts/gateway.go index df1fd24599..b6ca2ed8e3 100644 --- a/test/consts/gateway.go +++ b/test/consts/gateway.go @@ -1,5 +1,5 @@ package consts const ( - GatewayCRDsKustomizeURL = "github.com/kubernetes-sigs/gateway-api/config/crd?ref=71fee1c2808fa19a5f19d952d155fc072cf9324c" + GatewayCRDsKustomizeURL = "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v0.5.0" ) diff --git a/test/e2e/kuma_test.go b/test/e2e/kuma_test.go index bd6a9be0ae..9396173c6f 100644 --- a/test/e2e/kuma_test.go +++ b/test/e2e/kuma_test.go @@ -52,8 +52,8 @@ func TestDeployAllInOneDBLESSKuma(t *testing.T) { deployment := deployKong(ctx, t, env, manifest) t.Log("adding Kuma mesh") - kuma.EnableMeshForNamespace(ctx, env.Cluster(), "kong") - kuma.EnableMeshForNamespace(ctx, env.Cluster(), "default") + require.NoError(t, kuma.EnableMeshForNamespace(ctx, env.Cluster(), "kong")) + require.NoError(t, kuma.EnableMeshForNamespace(ctx, env.Cluster(), "default")) // scale to force a restart of pods and trigger mesh injection (we can't annotate the Kong namespace in advance, // it gets clobbered by deployKong()). is there a "rollout restart" in client-go? who knows! @@ -118,8 +118,8 @@ func TestDeployAllInOnePostgresKuma(t *testing.T) { verifyPostgres(ctx, t, env) t.Log("adding Kuma mesh") - kuma.EnableMeshForNamespace(ctx, env.Cluster(), "kong") - kuma.EnableMeshForNamespace(ctx, env.Cluster(), "default") + require.NoError(t, kuma.EnableMeshForNamespace(ctx, env.Cluster(), "kong")) + require.NoError(t, kuma.EnableMeshForNamespace(ctx, env.Cluster(), "default")) // scale to force a restart of pods and trigger mesh injection (we can't annotate the Kong namespace in advance, // it gets clobbered by deployKong()). is there a "rollout restart" in client-go? who knows! diff --git a/test/integration/tcproute_test.go b/test/integration/tcproute_test.go index 6e815107f6..d459d259b3 100644 --- a/test/integration/tcproute_test.go +++ b/test/integration/tcproute_test.go @@ -544,8 +544,8 @@ func TestTCPRouteReferencePolicy(t *testing.T) { Name: uuid.NewString(), Annotations: map[string]string{}, }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { // this isn't actually used, it's just a dummy extra from to confirm we handle multiple fine Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), @@ -558,7 +558,7 @@ func TestTCPRouteReferencePolicy(t *testing.T) { Namespace: gatewayv1alpha2.Namespace(tcproute.Namespace), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ // also a dummy { Group: gatewayv1alpha2.Group(""), @@ -587,7 +587,7 @@ func TestTCPRouteReferencePolicy(t *testing.T) { t.Logf("testing specific name references") serviceName := gatewayv1alpha2.ObjectName(service2.ObjectMeta.Name) - policy.Spec.To[1] = gatewayv1alpha2.ReferencePolicyTo{ + policy.Spec.To[1] = gatewayv1alpha2.ReferenceGrantTo{ Kind: gatewayv1alpha2.Kind("Service"), Group: gatewayv1alpha2.Group(""), Name: &serviceName, diff --git a/test/integration/tlsroute_test.go b/test/integration/tlsroute_test.go index 0e268012f5..5608bd46cf 100644 --- a/test/integration/tlsroute_test.go +++ b/test/integration/tlsroute_test.go @@ -144,7 +144,7 @@ func TestTLSRouteEssentials(t *testing.T) { Port: gatewayv1alpha2.PortNumber(ktfkong.DefaultTLSServicePort), Hostname: &hostname, TLS: &gatewayv1alpha2.GatewayTLSConfig{ - CertificateRefs: []*gatewayv1alpha2.SecretObjectReference{ + CertificateRefs: []gatewayv1alpha2.SecretObjectReference{ { Name: gatewayv1alpha2.ObjectName(tlsSecretName), }, @@ -329,7 +329,7 @@ func TestTLSRouteEssentials(t *testing.T) { Port: gatewayv1alpha2.PortNumber(ktfkong.DefaultTLSServicePort), Hostname: &hostname, TLS: &gatewayv1alpha2.GatewayTLSConfig{ - CertificateRefs: []*gatewayv1alpha2.SecretObjectReference{ + CertificateRefs: []gatewayv1alpha2.SecretObjectReference{ { Name: gatewayv1alpha2.ObjectName(tlsSecretName), }, @@ -469,7 +469,7 @@ func TestTLSRouteReferencePolicy(t *testing.T) { Port: gatewayv1alpha2.PortNumber(ktfkong.DefaultTLSServicePort), Hostname: &hostname, TLS: &gatewayv1alpha2.GatewayTLSConfig{ - CertificateRefs: []*gatewayv1alpha2.SecretObjectReference{ + CertificateRefs: []gatewayv1alpha2.SecretObjectReference{ { Name: gatewayv1alpha2.ObjectName(secrets[0].Name), }, @@ -482,7 +482,7 @@ func TestTLSRouteReferencePolicy(t *testing.T) { Port: gatewayv1alpha2.PortNumber(ktfkong.DefaultTLSServicePort), Hostname: &otherHostname, TLS: &gatewayv1alpha2.GatewayTLSConfig{ - CertificateRefs: []*gatewayv1alpha2.SecretObjectReference{ + CertificateRefs: []gatewayv1alpha2.SecretObjectReference{ { Name: gatewayv1alpha2.ObjectName(secrets[1].Name), Namespace: &otherNamespace, @@ -503,15 +503,15 @@ func TestTLSRouteReferencePolicy(t *testing.T) { Name: uuid.NewString(), Annotations: map[string]string{}, }, - Spec: gatewayv1alpha2.ReferencePolicySpec{ - From: []gatewayv1alpha2.ReferencePolicyFrom{ + Spec: gatewayv1alpha2.ReferenceGrantSpec{ + From: []gatewayv1alpha2.ReferenceGrantFrom{ { Group: gatewayv1alpha2.Group("gateway.networking.k8s.io"), Kind: gatewayv1alpha2.Kind("Gateway"), Namespace: gatewayv1alpha2.Namespace(gateway.Namespace), }, }, - To: []gatewayv1alpha2.ReferencePolicyTo{ + To: []gatewayv1alpha2.ReferenceGrantTo{ { Group: gatewayv1alpha2.Group(""), Kind: gatewayv1alpha2.Kind("Secret"),