Skip to content

Commit

Permalink
Bump gateway to 0.6.0-rc2 (istio#42498)
Browse files Browse the repository at this point in the history
  • Loading branch information
@howardjohn
howardjohn authored Jan 3, 2023
1 parent bce82ec commit 6ca98d7
Show file tree
Hide file tree
Showing 8 changed files with 384 additions and 254 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ require (
k8s.io/kubectl v0.26.0
k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
sigs.k8s.io/controller-runtime v0.13.1-0.20221209200815-1e773340c783
sigs.k8s.io/gateway-api v0.6.0-rc1
sigs.k8s.io/gateway-api v0.6.0
sigs.k8s.io/mcs-api v0.1.0
sigs.k8s.io/yaml v1.3.0
)
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1598,8 +1598,8 @@ sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gE
sigs.k8s.io/controller-runtime v0.13.1-0.20221209200815-1e773340c783 h1:Mo28uPEEC97S45ZipPmqOyFApiclxgETj27AQHX/smU=
sigs.k8s.io/controller-runtime v0.13.1-0.20221209200815-1e773340c783/go.mod h1:ZDGqVk8a5YPjtQTge43rgxBRG622R2W5K7B5gFRfyDU=
sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI=
sigs.k8s.io/gateway-api v0.6.0-rc1 h1:ierhK6SIK8pSibB+gkr+aG8cWLez/M7iD9dQIqLALxU=
sigs.k8s.io/gateway-api v0.6.0-rc1/go.mod h1:+3QMzP775JFKArHqiwk/kzItMRXW9CKPXcO8QcuXvvk=
sigs.k8s.io/gateway-api v0.6.0 h1:v2FqrN2ROWZLrSnI2o91taHR8Sj3s+Eh3QU7gLNWIqA=
sigs.k8s.io/gateway-api v0.6.0/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kind v0.8.1/go.mod h1:oNKTxUVPYkV9lWzY6CVMNluVq8cBsyq+UgPJdvA3uu4=
Expand Down
2 changes: 1 addition & 1 deletion istioctl/cmd/wait.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ func poll(cmd *cobra.Command,
if err != nil {
return 0, 0, 0, err
}
path := fmt.Sprintf("/debug/config_distribution?resource=%s", targetResource)
path := fmt.Sprintf("debug/config_distribution?resource=%s", targetResource)
pilotResponses, err := kubeClient.AllDiscoveryDo(context.TODO(), istioNamespace, path)
if err != nil {
return 0, 0, 0, fmt.Errorf("unable to query pilot for distribution "+
Expand Down
17 changes: 9 additions & 8 deletions pilot/pkg/config/kube/gateway/conditions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8s "sigs.k8s.io/gateway-api/apis/v1alpha2"
k8sbeta "sigs.k8s.io/gateway-api/apis/v1beta1"

"istio.io/istio/pilot/pkg/model/kstatus"
"istio.io/istio/pkg/config"
Expand Down Expand Up @@ -146,9 +147,9 @@ const (
// InvalidFilter indicates an issue with the filters
InvalidFilter ConfigErrorReason = "InvalidFilter"
// InvalidTLS indicates an issue with TLS settings
InvalidTLS ConfigErrorReason = ConfigErrorReason(k8s.ListenerReasonInvalidCertificateRef)
InvalidTLS ConfigErrorReason = ConfigErrorReason(k8sbeta.ListenerReasonInvalidCertificateRef)
// InvalidListenerRefNotPermitted indicates a listener reference was not permitted
InvalidListenerRefNotPermitted ConfigErrorReason = ConfigErrorReason(k8s.ListenerReasonRefNotPermitted)
InvalidListenerRefNotPermitted ConfigErrorReason = ConfigErrorReason(k8sbeta.ListenerReasonRefNotPermitted)
// InvalidConfiguration indicates a generic error for all other invalid configurations
InvalidConfiguration ConfigErrorReason = "InvalidConfiguration"
)
Expand Down Expand Up @@ -260,8 +261,8 @@ func reportListenerCondition(index int, l k8s.Listener, obj config.Config, condi
cond := gs.Listeners[index].Conditions
supported, valid := generateSupportedKinds(l)
if !valid {
conditions[string(k8s.ListenerConditionResolvedRefs)] = &condition{
reason: string(k8s.ListenerReasonInvalidRouteKinds),
conditions[string(k8sbeta.ListenerConditionResolvedRefs)] = &condition{
reason: string(k8sbeta.ListenerReasonInvalidRouteKinds),
status: metav1.ConditionFalse,
message: "Invalid route kinds",
}
Expand All @@ -279,13 +280,13 @@ func reportListenerCondition(index int, l k8s.Listener, obj config.Config, condi
func generateSupportedKinds(l k8s.Listener) ([]k8s.RouteGroupKind, bool) {
supported := []k8s.RouteGroupKind{}
switch l.Protocol {
case k8s.HTTPProtocolType, k8s.HTTPSProtocolType:
case k8sbeta.HTTPProtocolType, k8sbeta.HTTPSProtocolType:
// Only terminate allowed, so its always HTTP
supported = []k8s.RouteGroupKind{{Group: (*k8s.Group)(StrPointer(gvk.HTTPRoute.Group)), Kind: k8s.Kind(gvk.HTTPRoute.Kind)}}
case k8s.TCPProtocolType:
case k8sbeta.TCPProtocolType:
supported = []k8s.RouteGroupKind{{Group: (*k8s.Group)(StrPointer(gvk.TCPRoute.Group)), Kind: k8s.Kind(gvk.TCPRoute.Kind)}}
case k8s.TLSProtocolType:
if l.TLS != nil && l.TLS.Mode != nil && *l.TLS.Mode == k8s.TLSModePassthrough {
case k8sbeta.TLSProtocolType:
if l.TLS != nil && l.TLS.Mode != nil && *l.TLS.Mode == k8sbeta.TLSModePassthrough {
supported = []k8s.RouteGroupKind{{Group: (*k8s.Group)(StrPointer(gvk.TLSRoute.Group)), Kind: k8s.Kind(gvk.TLSRoute.Kind)}}
} else {
supported = []k8s.RouteGroupKind{{Group: (*k8s.Group)(StrPointer(gvk.TCPRoute.Group)), Kind: k8s.Kind(gvk.TCPRoute.Kind)}}
Expand Down
3 changes: 2 additions & 1 deletion pilot/pkg/config/kube/gateway/controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8s "sigs.k8s.io/gateway-api/apis/v1alpha2"
k8sbeta "sigs.k8s.io/gateway-api/apis/v1beta1"

networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/config/memory"
Expand All @@ -48,7 +49,7 @@ var (
Name: "default",
Port: 9009,
Protocol: "HTTP",
AllowedRoutes: &k8s.AllowedRoutes{Namespaces: &k8s.RouteNamespaces{From: func() *k8s.FromNamespaces { x := k8s.NamespacesFromAll; return &x }()}},
AllowedRoutes: &k8s.AllowedRoutes{Namespaces: &k8s.RouteNamespaces{From: func() *k8s.FromNamespaces { x := k8sbeta.NamespacesFromAll; return &x }()}},
},
},
}
Expand Down
106 changes: 53 additions & 53 deletions pilot/pkg/config/kube/gateway/conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ func buildHTTPVirtualServices(
}
for _, filter := range r.Filters {
switch filter.Type {
case k8s.HTTPRouteFilterRequestHeaderModifier:
case k8sbeta.HTTPRouteFilterRequestHeaderModifier:
h := createHeadersFilter(filter.RequestHeaderModifier)
if h == nil {
continue
Expand All @@ -344,15 +344,15 @@ func buildHTTPVirtualServices(
vs.Headers = &istio.Headers{}
}
vs.Headers.Response = h
case k8s.HTTPRouteFilterRequestRedirect:
case k8sbeta.HTTPRouteFilterRequestRedirect:
vs.Redirect = createRedirectFilter(filter.RequestRedirect)
case k8s.HTTPRouteFilterRequestMirror:
case k8sbeta.HTTPRouteFilterRequestMirror:
mirror, err := createMirrorFilter(ctx, filter.RequestMirror, ns)
if err != nil {
return err
}
vs.Mirror = mirror
case k8s.HTTPRouteFilterURLRewrite:
case k8sbeta.HTTPRouteFilterURLRewrite:
vs.Rewrite = createRewriteFilter(filter.URLRewrite)
default:
return &ConfigError{
Expand Down Expand Up @@ -897,7 +897,7 @@ func buildHTTPDestination(
}
for _, filter := range fwd.Filters {
switch filter.Type {
case k8s.HTTPRouteFilterRequestHeaderModifier:
case k8sbeta.HTTPRouteFilterRequestHeaderModifier:
h := createHeadersFilter(filter.RequestHeaderModifier)
if h == nil {
continue
Expand Down Expand Up @@ -1045,10 +1045,10 @@ func createRewriteFilter(filter *k8s.HTTPURLRewriteFilter) *istio.HTTPRewrite {
rewrite := &istio.HTTPRewrite{}
if filter.Path != nil {
switch filter.Path.Type {
case k8s.PrefixMatchHTTPPathModifier:
case k8sbeta.PrefixMatchHTTPPathModifier:
rewrite.Uri = *filter.Path.ReplacePrefixMatch
case k8s.FullPathHTTPPathModifier:
log.Warnf("%v is not supported", k8s.FullPathHTTPPathModifier)
case k8sbeta.FullPathHTTPPathModifier:
log.Warnf("%v is not supported", k8sbeta.FullPathHTTPPathModifier)
}
}
if filter.Hostname != nil {
Expand Down Expand Up @@ -1120,16 +1120,16 @@ func createMethodMatch(match k8s.HTTPRouteMatch) (*istio.StringMatch, *ConfigErr
func createQueryParamsMatch(match k8s.HTTPRouteMatch) (map[string]*istio.StringMatch, *ConfigError) {
res := map[string]*istio.StringMatch{}
for _, qp := range match.QueryParams {
tp := k8s.QueryParamMatchExact
tp := k8sbeta.QueryParamMatchExact
if qp.Type != nil {
tp = *qp.Type
}
switch tp {
case k8s.QueryParamMatchExact:
case k8sbeta.QueryParamMatchExact:
res[qp.Name] = &istio.StringMatch{
MatchType: &istio.StringMatch_Exact{Exact: qp.Value},
}
case k8s.QueryParamMatchRegularExpression:
case k8sbeta.QueryParamMatchRegularExpression:
res[qp.Name] = &istio.StringMatch{
MatchType: &istio.StringMatch_Regex{Regex: qp.Value},
}
Expand All @@ -1148,16 +1148,16 @@ func createQueryParamsMatch(match k8s.HTTPRouteMatch) (map[string]*istio.StringM
func createHeadersMatch(match k8s.HTTPRouteMatch) (map[string]*istio.StringMatch, *ConfigError) {
res := map[string]*istio.StringMatch{}
for _, header := range match.Headers {
tp := k8s.HeaderMatchExact
tp := k8sbeta.HeaderMatchExact
if header.Type != nil {
tp = *header.Type
}
switch tp {
case k8s.HeaderMatchExact:
case k8sbeta.HeaderMatchExact:
res[string(header.Name)] = &istio.StringMatch{
MatchType: &istio.StringMatch_Exact{Exact: header.Value},
}
case k8s.HeaderMatchRegularExpression:
case k8sbeta.HeaderMatchRegularExpression:
res[string(header.Name)] = &istio.StringMatch{
MatchType: &istio.StringMatch_Regex{Regex: header.Value},
}
Expand All @@ -1174,7 +1174,7 @@ func createHeadersMatch(match k8s.HTTPRouteMatch) (map[string]*istio.StringMatch
}

func createURIMatch(match k8s.HTTPRouteMatch) (*istio.StringMatch, *ConfigError) {
tp := k8s.PathMatchPathPrefix
tp := k8sbeta.PathMatchPathPrefix
if match.Path.Type != nil {
tp = *match.Path.Type
}
Expand All @@ -1183,15 +1183,15 @@ func createURIMatch(match k8s.HTTPRouteMatch) (*istio.StringMatch, *ConfigError)
dest = *match.Path.Value
}
switch tp {
case k8s.PathMatchPathPrefix:
case k8sbeta.PathMatchPathPrefix:
return &istio.StringMatch{
MatchType: &istio.StringMatch_Prefix{Prefix: dest},
}, nil
case k8s.PathMatchExact:
case k8sbeta.PathMatchExact:
return &istio.StringMatch{
MatchType: &istio.StringMatch_Exact{Exact: dest},
}, nil
case k8s.PathMatchRegularExpression:
case k8sbeta.PathMatchRegularExpression:
return &istio.StringMatch{
MatchType: &istio.StringMatch_Regex{Regex: dest},
}, nil
Expand All @@ -1218,11 +1218,11 @@ func getGatewayClasses(r KubernetesResources) map[string]struct{} {
obj.Status.(*kstatus.WrappedStatus).Mutate(func(s config.Status) config.Status {
gcs := s.(*k8s.GatewayClassStatus)
gcs.Conditions = kstatus.UpdateConditionIfChanged(gcs.Conditions, metav1.Condition{
Type: string(k8s.GatewayClassConditionStatusAccepted),
Type: string(k8sbeta.GatewayClassConditionStatusAccepted),
Status: kstatus.StatusTrue,
ObservedGeneration: obj.Generation,
LastTransitionTime: metav1.Now(),
Reason: string(k8s.GatewayClassConditionStatusAccepted),
Reason: string(k8sbeta.GatewayClassConditionStatusAccepted),
Message: "Handled by Istio controller",
})
return gcs
Expand Down Expand Up @@ -1341,34 +1341,34 @@ func convertGateways(r ConfigContext) ([]config.Config, map[parentKey]map[k8s.Se

// Setup initial conditions to the success state. If we encounter errors, we will update this.
gatewayConditions := map[string]*condition{
string(k8s.GatewayConditionReady): {
string(k8sbeta.GatewayConditionReady): {
reason: "ListenersValid",
message: "Listeners valid",
},
}
if IsManaged(kgw) {
gatewayConditions[string(k8s.GatewayConditionAccepted)] = &condition{
gatewayConditions[string(k8sbeta.GatewayConditionAccepted)] = &condition{
error: &ConfigError{
Reason: string(k8s.GatewayReasonAccepted),
Reason: string(k8sbeta.GatewayReasonAccepted),
Message: "Resources not yet deployed to the cluster",
},
setOnce: string(k8s.GatewayReasonPending), // Default reason
setOnce: string(k8sbeta.GatewayReasonPending), // Default reason
}
// nolint: staticcheck // Deprecated condition, set both until 1.17
gatewayConditions[string(k8s.GatewayConditionScheduled)] = &condition{
gatewayConditions[string(k8sbeta.GatewayConditionScheduled)] = &condition{
error: &ConfigError{
Reason: "ResourcesPending",
Message: "Resources not yet deployed to the cluster",
},
setOnce: string(k8s.GatewayReasonNotReconciled), // Default reason
setOnce: string(k8sbeta.GatewayReasonNotReconciled), // Default reason
}
} else {
gatewayConditions[string(k8s.GatewayConditionAccepted)] = &condition{
reason: string(k8s.GatewayReasonAccepted),
gatewayConditions[string(k8sbeta.GatewayConditionAccepted)] = &condition{
reason: string(k8sbeta.GatewayReasonAccepted),
message: "Resources available",
}
// nolint: staticcheck // Deprecated condition, set both until 1.17
gatewayConditions[string(k8s.GatewayConditionScheduled)] = &condition{
gatewayConditions[string(k8sbeta.GatewayConditionScheduled)] = &condition{
reason: "ResourcesAvailable",
message: "Resources available",
}
Expand Down Expand Up @@ -1458,17 +1458,17 @@ func convertGateways(r ConfigContext) ([]config.Config, map[parentKey]map[k8s.Se
} else {
msg = fmt.Sprintf("Failed to assign to any requested addresses: %s", strings.Join(warnings, "; "))
}
gatewayConditions[string(k8s.GatewayConditionReady)].error = &ConfigError{
Reason: string(k8s.GatewayReasonAddressNotAssigned),
gatewayConditions[string(k8sbeta.GatewayConditionReady)].error = &ConfigError{
Reason: string(k8sbeta.GatewayReasonAddressNotAssigned),
Message: msg,
}
} else if len(invalidListeners) > 0 {
gatewayConditions[string(k8s.GatewayConditionReady)].error = &ConfigError{
Reason: string(k8s.GatewayReasonListenersNotValid),
gatewayConditions[string(k8sbeta.GatewayConditionReady)].error = &ConfigError{
Reason: string(k8sbeta.GatewayReasonListenersNotValid),
Message: fmt.Sprintf("Invalid listeners: %v", invalidListeners),
}
} else {
gatewayConditions[string(k8s.GatewayConditionReady)].message = fmt.Sprintf("Gateway valid, assigned to service(s) %s", humanReadableJoin(internal))
gatewayConditions[string(k8sbeta.GatewayConditionReady)].message = fmt.Sprintf("Gateway valid, assigned to service(s) %s", humanReadableJoin(internal))
}
obj.Status.(*kstatus.WrappedStatus).Mutate(func(s config.Status) config.Status {
gs := s.(*k8s.GatewayStatus)
Expand Down Expand Up @@ -1600,40 +1600,40 @@ func getNamespaceLabelReferences(routes *k8s.AllowedRoutes) []string {

func buildListener(r ConfigContext, obj config.Config, l k8s.Listener, listenerIndex int) (*istio.Server, bool) {
listenerConditions := map[string]*condition{
string(k8s.ListenerConditionReady): {
reason: string(k8s.ListenerReasonReady),
string(k8sbeta.ListenerConditionReady): {
reason: string(k8sbeta.ListenerReasonReady),
message: "No errors found",
},
string(k8s.ListenerConditionAccepted): {
reason: string(k8s.ListenerReasonAccepted),
string(k8sbeta.ListenerConditionAccepted): {
reason: string(k8sbeta.ListenerReasonAccepted),
message: "No errors found",
},
string(k8s.ListenerConditionProgrammed): {
reason: string(k8s.ListenerReasonProgrammed),
string(k8sbeta.ListenerConditionProgrammed): {
reason: string(k8sbeta.ListenerReasonProgrammed),
message: "No errors found",
},
// nolint: staticcheck // Deprecated condition, set both until 1.17
string(k8s.ListenerConditionDetached): {
reason: string(k8s.ListenerReasonAttached),
string(k8sbeta.ListenerConditionDetached): {
reason: string(k8sbeta.ListenerReasonAttached),
message: "No errors found",
status: kstatus.StatusFalse,
},
string(k8s.ListenerConditionConflicted): {
reason: string(k8s.ListenerReasonNoConflicts),
string(k8sbeta.ListenerConditionConflicted): {
reason: string(k8sbeta.ListenerReasonNoConflicts),
message: "No errors found",
status: kstatus.StatusFalse,
},
string(k8s.ListenerConditionResolvedRefs): {
reason: string(k8s.ListenerReasonResolvedRefs),
string(k8sbeta.ListenerConditionResolvedRefs): {
reason: string(k8sbeta.ListenerReasonResolvedRefs),
message: "No errors found",
},
}

defer reportListenerCondition(listenerIndex, l, obj, listenerConditions)
tls, err := buildTLS(r, l.TLS, obj, isAutoPassthrough(obj, l))
if err != nil {
listenerConditions[string(k8s.ListenerConditionReady)].error = err
listenerConditions[string(k8s.ListenerConditionResolvedRefs)].error = err
listenerConditions[string(k8sbeta.ListenerConditionReady)].error = err
listenerConditions[string(k8sbeta.ListenerConditionResolvedRefs)].error = err
return nil, false
}
hostnames := buildHostnameMatch(obj.Namespace, r.KubernetesResources, l)
Expand Down Expand Up @@ -1684,13 +1684,13 @@ func buildTLS(ctx ConfigContext, tls *k8s.GatewayTLSConfig, gw config.Config, is
out := &istio.ServerTLSSettings{
HttpsRedirect: false,
}
mode := k8s.TLSModeTerminate
mode := k8sbeta.TLSModeTerminate
if tls.Mode != nil {
mode = *tls.Mode
}
namespace := gw.Namespace
switch mode {
case k8s.TLSModeTerminate:
case k8sbeta.TLSModeTerminate:
out.Mode = istio.ServerTLSSettings_SIMPLE
if tls.Options != nil && tls.Options[gatewayTLSTerminateModeKey] == "MUTUAL" {
out.Mode = istio.ServerTLSSettings_MUTUAL
Expand All @@ -1715,7 +1715,7 @@ func buildTLS(ctx ConfigContext, tls *k8s.GatewayTLSConfig, gw config.Config, is
}
}
out.CredentialName = cred
case k8s.TLSModePassthrough:
case k8sbeta.TLSModePassthrough:
out.Mode = istio.ServerTLSSettings_PASSTHROUGH
if isAutoPassthrough {
out.Mode = istio.ServerTLSSettings_AUTO_PASSTHROUGH
Expand Down Expand Up @@ -1800,10 +1800,10 @@ func buildHostnameMatch(localNamespace string, r KubernetesResources, l k8s.List
// namespacesFromSelector determines a list of allowed namespaces for a given AllowedRoutes
func namespacesFromSelector(localNamespace string, r KubernetesResources, lr *k8s.AllowedRoutes) []string {
// Default is to allow only the same namespace
if lr == nil || lr.Namespaces == nil || lr.Namespaces.From == nil || *lr.Namespaces.From == k8s.NamespacesFromSame {
if lr == nil || lr.Namespaces == nil || lr.Namespaces.From == nil || *lr.Namespaces.From == k8sbeta.NamespacesFromSame {
return []string{localNamespace}
}
if *lr.Namespaces.From == k8s.NamespacesFromAll {
if *lr.Namespaces.From == k8sbeta.NamespacesFromAll {
return []string{"*"}
}

Expand Down
Loading

0 comments on commit 6ca98d7

Please sign in to comment.