Skip to content

Commit 1ea8d96

Browse files
zirainrudrakhp
zirain
and
rudrakhp
authored
feat: bump Gateway API to v1.4.0 (#7090)
* chore: bump Gateway API to v1.4.0-rc.1 Signed-off-by: zirain <[email protected]> * bump to rc.2 Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> * skip BackendTLSPolicyInvalidCACertificateRef Signed-off-by: zirain <[email protected]> * skip BackendTLSPolicyInvalidKind Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * skip Signed-off-by: zirain <[email protected]> * fix test and skip more Signed-off-by: zirain <[email protected]> * fix cmp.Equal Signed-off-by: zirain <[email protected]> * skip TLSRoute tests Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> * golint integration Signed-off-by: zirain <[email protected]> * skip UDPRoute Signed-off-by: zirain <[email protected]> * use gwapiv1a3.TLSRoute Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * use gwapiv1.BackendTLSPolicy and fix lint Signed-off-by: zirain <[email protected]> * fix e2e Signed-off-by: zirain <[email protected]> * enable UDPRoute Signed-off-by: zirain <[email protected]> * fix e2e Signed-off-by: zirain <[email protected]> * revert Signed-off-by: zirain <[email protected]> * skip on dual Signed-off-by: zirain <[email protected]> * fix merge Signed-off-by: zirain <[email protected]> * bump v1.4.0 Signed-off-by: zirain <[email protected]> * revert to v1alpha3 Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> * fix after merge Signed-off-by: zirain <[email protected]> * use v1 Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> Co-authored-by: Rudrakh Panigrahi <[email protected]>
1 parent 583f4f0 commit 1ea8d96

File tree

196 files changed

+61903
-41673
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

196 files changed

+61903
-41673
lines changed

api/v1alpha1/backend_types.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ package v1alpha1
88
import (
99
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1010
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
11-
gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
1211
)
1312

1413
const (
@@ -196,7 +195,7 @@ type BackendTLSSettings struct {
196195
// CACertificateRefs or WellKnownCACertificates may be specified, not both.
197196
//
198197
// +optional
199-
WellKnownCACertificates *gwapiv1a3.WellKnownCACertificatesType `json:"wellKnownCACertificates,omitempty"`
198+
WellKnownCACertificates *gwapiv1.WellKnownCACertificatesType `json:"wellKnownCACertificates,omitempty"`
200199

201200
// InsecureSkipVerify indicates whether the upstream's certificate verification
202201
// should be skipped. Defaults to "false".

api/v1alpha1/backendtrafficpolicy_types.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ package v1alpha1
88
import (
99
"k8s.io/apimachinery/pkg/api/resource"
1010
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
11-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
11+
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
1212
)
1313

1414
const (
@@ -31,7 +31,7 @@ type BackendTrafficPolicy struct {
3131
Spec BackendTrafficPolicySpec `json:"spec"`
3232

3333
// status defines the current status of BackendTrafficPolicy.
34-
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
34+
Status gwapiv1.PolicyStatus `json:"status,omitempty"`
3535
}
3636

3737
// BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.

api/v1alpha1/clienttrafficpolicy_types.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ package v1alpha1
77

88
import (
99
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
10+
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
1111
)
1212

1313
const (
@@ -30,17 +30,16 @@ type ClientTrafficPolicy struct {
3030
Spec ClientTrafficPolicySpec `json:"spec"`
3131

3232
// Status defines the current status of ClientTrafficPolicy.
33-
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
33+
Status gwapiv1.PolicyStatus `json:"status,omitempty"`
3434
}
3535

36-
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
36+
// ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
3737
//
38+
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
3839
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
3940
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway"
4041
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
4142
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind == 'Gateway') : true", message="this policy can only have a targetRefs[*].kind of Gateway"
42-
//
43-
// ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
4443
type ClientTrafficPolicySpec struct {
4544
PolicyTargetReferences `json:",inline"`
4645

api/v1alpha1/envoyextensionypolicy_types.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ package v1alpha1
77

88
import (
99
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
10+
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
1111
)
1212

1313
const (
@@ -29,7 +29,7 @@ type EnvoyExtensionPolicy struct {
2929
Spec EnvoyExtensionPolicySpec `json:"spec"`
3030

3131
// Status defines the current status of EnvoyExtensionPolicy.
32-
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
32+
Status gwapiv1.PolicyStatus `json:"status,omitempty"`
3333
}
3434

3535
// EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.

api/v1alpha1/envoypatchpolicy_types.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ package v1alpha1
88
import (
99
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
1010
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
11-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
11+
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
1212
)
1313

1414
const (
@@ -32,7 +32,7 @@ type EnvoyPatchPolicy struct {
3232
Spec EnvoyPatchPolicySpec `json:"spec"`
3333

3434
// Status defines the current status of EnvoyPatchPolicy.
35-
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
35+
Status gwapiv1.PolicyStatus `json:"status,omitempty"`
3636
}
3737

3838
// EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy.
@@ -54,7 +54,7 @@ type EnvoyPatchPolicySpec struct {
5454
// This Policy and the TargetRef MUST be in the same namespace
5555
// for this Policy to have effect and be applied to the Gateway
5656
// TargetRef
57-
TargetRef gwapiv1a2.LocalPolicyTargetReference `json:"targetRef"`
57+
TargetRef gwapiv1.LocalPolicyTargetReference `json:"targetRef"`
5858
// Priority of the EnvoyPatchPolicy.
5959
// If multiple EnvoyPatchPolicies are applied to the same
6060
// TargetRef, they will be applied in the ascending order of
@@ -147,23 +147,23 @@ const (
147147
// * "Invalid"
148148
// * "ResourceNotFound"
149149
//
150-
PolicyConditionProgrammed gwapiv1a2.PolicyConditionType = "Programmed"
150+
PolicyConditionProgrammed gwapiv1.PolicyConditionType = "Programmed"
151151

152152
// PolicyReasonProgrammed is used with the "Programmed" condition when the policy
153153
// is ready to be programmed into the data plane.
154-
PolicyReasonProgrammed gwapiv1a2.PolicyConditionReason = "Programmed"
154+
PolicyReasonProgrammed gwapiv1.PolicyConditionReason = "Programmed"
155155

156156
// PolicyReasonInvalid is used with the "Programmed" condition when the patch
157157
// is syntactically or semantically invalid.
158-
PolicyReasonInvalid gwapiv1a2.PolicyConditionReason = "Invalid"
158+
PolicyReasonInvalid gwapiv1.PolicyConditionReason = "Invalid"
159159

160160
// PolicyReasonResourceNotFound is used with the "Programmed" condition when the
161161
// policy cannot find the resource type to patch to.
162-
PolicyReasonResourceNotFound gwapiv1a2.PolicyConditionReason = "ResourceNotFound"
162+
PolicyReasonResourceNotFound gwapiv1.PolicyConditionReason = "ResourceNotFound"
163163

164164
// PolicyReasonDisabled is used with the "Accepted" condition when the policy
165165
// feature is disabled by the configuration.
166-
PolicyReasonDisabled gwapiv1a2.PolicyConditionReason = "Disabled"
166+
PolicyReasonDisabled gwapiv1.PolicyConditionReason = "Disabled"
167167
)
168168

169169
//+kubebuilder:object:root=true

api/v1alpha1/policy_helpers.go

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ package v1alpha1
88
import (
99
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1010
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
11-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
1211
)
1312

1413
const (
@@ -19,11 +18,11 @@ const (
1918
//
2019
// * "Aggregated"
2120
//
22-
PolicyConditionAggregated gwapiv1a2.PolicyConditionType = "Aggregated"
21+
PolicyConditionAggregated gwapiv1.PolicyConditionType = "Aggregated"
2322

2423
// PolicyReasonAggregated is used with the "Aggregated" condition when the policy
2524
// is aggregated to satisfy CEL constraints in PolicyAncestorStatus (not exceeding 16).
26-
PolicyReasonAggregated gwapiv1a2.PolicyConditionReason = "Aggregated"
25+
PolicyReasonAggregated gwapiv1.PolicyConditionReason = "Aggregated"
2726
)
2827

2928
type PolicyTargetReferences struct {
@@ -32,11 +31,11 @@ type PolicyTargetReferences struct {
3231
// Policy to have effect
3332
//
3433
// Deprecated: use targetRefs/targetSelectors instead
35-
TargetRef *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"`
34+
TargetRef *gwapiv1.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"`
3635

3736
// TargetRefs are the names of the Gateway resources this policy
3837
// is being attached to.
39-
TargetRefs []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"`
38+
TargetRefs []gwapiv1.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"`
4039

4140
// TargetSelectors allow targeting resources for this policy based on labels
4241
TargetSelectors []TargetSelector `json:"targetSelectors,omitempty"`
@@ -63,9 +62,9 @@ type TargetSelector struct {
6362
MatchExpressions []metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty"`
6463
}
6564

66-
func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
65+
func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1.LocalPolicyTargetReferenceWithSectionName {
6766
if p.TargetRef != nil {
68-
return []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{*p.TargetRef}
67+
return []gwapiv1.LocalPolicyTargetReferenceWithSectionName{*p.TargetRef}
6968
}
7069
return p.TargetRefs
7170
}

api/v1alpha1/securitypolicy_types.go

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ package v1alpha1
77

88
import (
99
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
10+
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
1111
)
1212

1313
const (
@@ -30,24 +30,23 @@ type SecurityPolicy struct {
3030
Spec SecurityPolicySpec `json:"spec"`
3131

3232
// Status defines the current status of SecurityPolicy.
33-
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
33+
Status gwapiv1.PolicyStatus `json:"status,omitempty"`
3434
}
3535

36-
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
37-
//
38-
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
39-
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
40-
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
41-
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
42-
// +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"
43-
//
4436
// SecurityPolicySpec defines the desired state of SecurityPolicy.
4537
//
4638
// NOTE: SecurityPolicy can target Gateway, HTTPRoute, GRPCRoute, and TCPRoute.
4739
// When a SecurityPolicy targets a TCPRoute, only client-IP based authorization
4840
// (Authorization rules that use Principal.ClientCIDRs) is applied. Other
4941
// authentication/authorization features such as JWT, API Key, Basic Auth,
5042
// OIDC, or External Authorization are not applicable to TCPRoute targets.
43+
//
44+
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
45+
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
46+
// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
47+
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
48+
// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
49+
// +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"
5150
type SecurityPolicySpec struct {
5251
PolicyTargetReferences `json:",inline"`
5352

api/v1alpha1/shared_types.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ import (
1313
"k8s.io/apimachinery/pkg/api/resource"
1414
"k8s.io/apimachinery/pkg/util/intstr"
1515
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
16-
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
1716
)
1817

1918
const (
@@ -47,18 +46,18 @@ const (
4746
//
4847
// * "Overridden"
4948
//
50-
PolicyConditionOverridden gwapiv1a2.PolicyConditionType = "Overridden"
49+
PolicyConditionOverridden gwapiv1.PolicyConditionType = "Overridden"
5150

5251
// PolicyReasonOverridden is used with the "Overridden" condition when the policy
5352
// has been overridden by another policy targeting a section within the same target.
54-
PolicyReasonOverridden gwapiv1a2.PolicyConditionReason = "Overridden"
53+
PolicyReasonOverridden gwapiv1.PolicyConditionReason = "Overridden"
5554

5655
// PolicyConditionMerged indicates whether the policy has
5756
// been merged with another policy targeting the parent(e.g. Gateway).
58-
PolicyConditionMerged gwapiv1a2.PolicyConditionType = "Merged"
57+
PolicyConditionMerged gwapiv1.PolicyConditionType = "Merged"
5958
// PolicyReasonMerged is used with the "Merged" condition when the policy
6059
// has been merged with another policy targeting the parent(e.g. Gateway).
61-
PolicyReasonMerged gwapiv1a2.PolicyConditionReason = "Merged"
60+
PolicyReasonMerged gwapiv1.PolicyConditionReason = "Merged"
6261
)
6362

6463
// GroupVersionKind unambiguously identifies a Kind.

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 4 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)