diff --git a/artifacts/flagger/crd.yaml b/artifacts/flagger/crd.yaml index 145eda608..0ae48455e 100644 --- a/artifacts/flagger/crd.yaml +++ b/artifacts/flagger/crd.yaml @@ -883,7 +883,7 @@ spec: type: object additionalProperties: type: string - primary: + primary: &customBackend description: Metadata to add to the primary service type: object properties: @@ -895,18 +895,435 @@ spec: type: object additionalProperties: type: string + filters: + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. + + Support: Implementation-specific (For broader support of filters, use the + Filters field in HTTPRouteRule.) + items: + properties: + extensionRef: + properties: + group: + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + requestHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: + "(size(self.group) == 0 && self.kind + == 'Service') ? has(self.port) : true" + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + enum: + - 301 + - 302 + type: integer + type: object + responseHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestMirror + - RequestRedirect + - URLRewrite + - ExtensionRef + type: string + urlRewrite: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: + filter.requestHeaderModifier must be nil + if the filter.type is not RequestHeaderModifier + rule: + "!(has(self.requestHeaderModifier) && self.type + != 'RequestHeaderModifier')" + - message: + filter.requestHeaderModifier must be specified + for RequestHeaderModifier filter.type + rule: + "!(!has(self.requestHeaderModifier) && self.type + == 'RequestHeaderModifier')" + - message: + filter.responseHeaderModifier must be nil + if the filter.type is not ResponseHeaderModifier + rule: + "!(has(self.responseHeaderModifier) && self.type + != 'ResponseHeaderModifier')" + - message: + filter.responseHeaderModifier must be specified + for ResponseHeaderModifier filter.type + rule: + "!(!has(self.responseHeaderModifier) && self.type + == 'ResponseHeaderModifier')" + - message: + filter.requestMirror must be nil if the filter.type + is not RequestMirror + rule: "!(has(self.requestMirror) && self.type != 'RequestMirror')" + - message: + filter.requestMirror must be specified for + RequestMirror filter.type + rule: + "!(!has(self.requestMirror) && self.type == + 'RequestMirror')" + - message: + filter.requestRedirect must be nil if the + filter.type is not RequestRedirect + rule: + "!(has(self.requestRedirect) && self.type != + 'RequestRedirect')" + - message: + filter.requestRedirect must be specified + for RequestRedirect filter.type + rule: + "!(!has(self.requestRedirect) && self.type == + 'RequestRedirect')" + - message: + filter.urlRewrite must be nil if the filter.type + is not URLRewrite + rule: "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + - message: + filter.urlRewrite must be specified for URLRewrite + filter.type + rule: "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + - message: + filter.extensionRef must be nil if the filter.type + is not ExtensionRef + rule: "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + - message: + filter.extensionRef must be specified for + ExtensionRef filter.type + rule: "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + maxItems: 16 + type: array + x-kubernetes-validations: + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: RequestHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestHeaderModifier').size() + <= 1 + - message: ResponseHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'ResponseHeaderModifier').size() + <= 1 + - message: RequestRedirect filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestRedirect').size() + <= 1 + - message: URLRewrite filter cannot be repeated + rule: + self.filter(f, f.type == 'URLRewrite').size() + <= 1 + backendRef: + type: object + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') + ? has(self.port) : true' canary: + <<: *customBackend description: Metadata to add to the canary service - type: object - properties: - labels: - type: object - additionalProperties: - type: string - annotations: - type: object - additionalProperties: - type: string skipAnalysis: description: Skip analysis and promote canary type: boolean diff --git a/charts/flagger/crds/crd.yaml b/charts/flagger/crds/crd.yaml index 145eda608..0ae48455e 100644 --- a/charts/flagger/crds/crd.yaml +++ b/charts/flagger/crds/crd.yaml @@ -883,7 +883,7 @@ spec: type: object additionalProperties: type: string - primary: + primary: &customBackend description: Metadata to add to the primary service type: object properties: @@ -895,18 +895,435 @@ spec: type: object additionalProperties: type: string + filters: + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. + + Support: Implementation-specific (For broader support of filters, use the + Filters field in HTTPRouteRule.) + items: + properties: + extensionRef: + properties: + group: + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + requestHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: + "(size(self.group) == 0 && self.kind + == 'Service') ? has(self.port) : true" + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + enum: + - 301 + - 302 + type: integer + type: object + responseHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestMirror + - RequestRedirect + - URLRewrite + - ExtensionRef + type: string + urlRewrite: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: + filter.requestHeaderModifier must be nil + if the filter.type is not RequestHeaderModifier + rule: + "!(has(self.requestHeaderModifier) && self.type + != 'RequestHeaderModifier')" + - message: + filter.requestHeaderModifier must be specified + for RequestHeaderModifier filter.type + rule: + "!(!has(self.requestHeaderModifier) && self.type + == 'RequestHeaderModifier')" + - message: + filter.responseHeaderModifier must be nil + if the filter.type is not ResponseHeaderModifier + rule: + "!(has(self.responseHeaderModifier) && self.type + != 'ResponseHeaderModifier')" + - message: + filter.responseHeaderModifier must be specified + for ResponseHeaderModifier filter.type + rule: + "!(!has(self.responseHeaderModifier) && self.type + == 'ResponseHeaderModifier')" + - message: + filter.requestMirror must be nil if the filter.type + is not RequestMirror + rule: "!(has(self.requestMirror) && self.type != 'RequestMirror')" + - message: + filter.requestMirror must be specified for + RequestMirror filter.type + rule: + "!(!has(self.requestMirror) && self.type == + 'RequestMirror')" + - message: + filter.requestRedirect must be nil if the + filter.type is not RequestRedirect + rule: + "!(has(self.requestRedirect) && self.type != + 'RequestRedirect')" + - message: + filter.requestRedirect must be specified + for RequestRedirect filter.type + rule: + "!(!has(self.requestRedirect) && self.type == + 'RequestRedirect')" + - message: + filter.urlRewrite must be nil if the filter.type + is not URLRewrite + rule: "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + - message: + filter.urlRewrite must be specified for URLRewrite + filter.type + rule: "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + - message: + filter.extensionRef must be nil if the filter.type + is not ExtensionRef + rule: "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + - message: + filter.extensionRef must be specified for + ExtensionRef filter.type + rule: "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + maxItems: 16 + type: array + x-kubernetes-validations: + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: RequestHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestHeaderModifier').size() + <= 1 + - message: ResponseHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'ResponseHeaderModifier').size() + <= 1 + - message: RequestRedirect filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestRedirect').size() + <= 1 + - message: URLRewrite filter cannot be repeated + rule: + self.filter(f, f.type == 'URLRewrite').size() + <= 1 + backendRef: + type: object + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') + ? has(self.port) : true' canary: + <<: *customBackend description: Metadata to add to the canary service - type: object - properties: - labels: - type: object - additionalProperties: - type: string - annotations: - type: object - additionalProperties: - type: string skipAnalysis: description: Skip analysis and promote canary type: boolean diff --git a/charts/flagger/templates/rbac.yaml b/charts/flagger/templates/rbac.yaml index ae9c70155..964daed0b 100644 --- a/charts/flagger/templates/rbac.yaml +++ b/charts/flagger/templates/rbac.yaml @@ -226,6 +226,8 @@ rules: resources: - httproutes - httproutes/finalizers + - referencegrants + - referencegrants/finalizers verbs: - get - list diff --git a/kustomize/base/flagger/crd.yaml b/kustomize/base/flagger/crd.yaml index 145eda608..0ae48455e 100644 --- a/kustomize/base/flagger/crd.yaml +++ b/kustomize/base/flagger/crd.yaml @@ -883,7 +883,7 @@ spec: type: object additionalProperties: type: string - primary: + primary: &customBackend description: Metadata to add to the primary service type: object properties: @@ -895,18 +895,435 @@ spec: type: object additionalProperties: type: string + filters: + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. + + Support: Implementation-specific (For broader support of filters, use the + Filters field in HTTPRouteRule.) + items: + properties: + extensionRef: + properties: + group: + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + requestHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: + "(size(self.group) == 0 && self.kind + == 'Service') ? has(self.port) : true" + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + enum: + - 301 + - 302 + type: integer + type: object + responseHeaderModifier: + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + x-kubernetes-list-type: set + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + maxLength: 4096 + minLength: 1 + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestMirror + - RequestRedirect + - URLRewrite + - ExtensionRef + type: string + urlRewrite: + properties: + hostname: + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + maxLength: 1024 + type: string + replacePrefixMatch: + maxLength: 1024 + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: + replaceFullPath must be specified + when type is set to 'ReplaceFullPath' + rule: + "self.type == 'ReplaceFullPath' ? + has(self.replaceFullPath) : true" + - message: + type must be 'ReplaceFullPath' when + replaceFullPath is set + rule: + "has(self.replaceFullPath) ? self.type + == 'ReplaceFullPath' : true" + - message: + replacePrefixMatch must be specified + when type is set to 'ReplacePrefixMatch' + rule: + "self.type == 'ReplacePrefixMatch' + ? has(self.replacePrefixMatch) : true" + - message: + type must be 'ReplacePrefixMatch' + when replacePrefixMatch is set + rule: + "has(self.replacePrefixMatch) ? self.type + == 'ReplacePrefixMatch' : true" + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: + filter.requestHeaderModifier must be nil + if the filter.type is not RequestHeaderModifier + rule: + "!(has(self.requestHeaderModifier) && self.type + != 'RequestHeaderModifier')" + - message: + filter.requestHeaderModifier must be specified + for RequestHeaderModifier filter.type + rule: + "!(!has(self.requestHeaderModifier) && self.type + == 'RequestHeaderModifier')" + - message: + filter.responseHeaderModifier must be nil + if the filter.type is not ResponseHeaderModifier + rule: + "!(has(self.responseHeaderModifier) && self.type + != 'ResponseHeaderModifier')" + - message: + filter.responseHeaderModifier must be specified + for ResponseHeaderModifier filter.type + rule: + "!(!has(self.responseHeaderModifier) && self.type + == 'ResponseHeaderModifier')" + - message: + filter.requestMirror must be nil if the filter.type + is not RequestMirror + rule: "!(has(self.requestMirror) && self.type != 'RequestMirror')" + - message: + filter.requestMirror must be specified for + RequestMirror filter.type + rule: + "!(!has(self.requestMirror) && self.type == + 'RequestMirror')" + - message: + filter.requestRedirect must be nil if the + filter.type is not RequestRedirect + rule: + "!(has(self.requestRedirect) && self.type != + 'RequestRedirect')" + - message: + filter.requestRedirect must be specified + for RequestRedirect filter.type + rule: + "!(!has(self.requestRedirect) && self.type == + 'RequestRedirect')" + - message: + filter.urlRewrite must be nil if the filter.type + is not URLRewrite + rule: "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + - message: + filter.urlRewrite must be specified for URLRewrite + filter.type + rule: "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + - message: + filter.extensionRef must be nil if the filter.type + is not ExtensionRef + rule: "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + - message: + filter.extensionRef must be specified for + ExtensionRef filter.type + rule: "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + maxItems: 16 + type: array + x-kubernetes-validations: + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: + May specify either httpRouteFilterRequestRedirect + or httpRouteFilterRequestRewrite, but not both + rule: + "!(self.exists(f, f.type == 'RequestRedirect') + && self.exists(f, f.type == 'URLRewrite'))" + - message: RequestHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestHeaderModifier').size() + <= 1 + - message: ResponseHeaderModifier filter cannot be repeated + rule: + self.filter(f, f.type == 'ResponseHeaderModifier').size() + <= 1 + - message: RequestRedirect filter cannot be repeated + rule: + self.filter(f, f.type == 'RequestRedirect').size() + <= 1 + - message: URLRewrite filter cannot be repeated + rule: + self.filter(f, f.type == 'URLRewrite').size() + <= 1 + backendRef: + type: object + properties: + group: + default: "" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') + ? has(self.port) : true' canary: + <<: *customBackend description: Metadata to add to the canary service - type: object - properties: - labels: - type: object - additionalProperties: - type: string - annotations: - type: object - additionalProperties: - type: string skipAnalysis: description: Skip analysis and promote canary type: boolean diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index f5797e876..39a5221dc 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -20,6 +20,7 @@ import ( "fmt" "time" + v1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1" "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" istiov1beta1 "github.com/fluxcd/flagger/pkg/apis/istio/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -213,11 +214,11 @@ type CanaryService struct { // Primary is the metadata to add to the primary service // +optional - Primary *CustomMetadata `json:"primary,omitempty"` + Primary *CustomBackend `json:"primary,omitempty"` // Canary is the metadata to add to the canary service // +optional - Canary *CustomMetadata `json:"canary,omitempty"` + Canary *CustomBackend `json:"canary,omitempty"` } // CanaryAnalysis is used to describe how the analysis should be done @@ -496,6 +497,30 @@ type CustomMetadata struct { Annotations map[string]string `json:"annotations,omitempty"` } +// CustomBackend holds labels, annotations, and proxyRef to set on generated objects. +type CustomBackend struct { + CustomMetadata + + // Ref references a Kubernetes object. + BackendObjectReference *v1.BackendObjectReference `json:"backendRef,omitempty"` + + // Filters defined at this level should be executed if and only if the + // request is being forwarded to the backend defined here. + // + // Support: Implementation-specific (For broader support of filters, use the + // Filters field in HTTPRouteRule.) + // + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both",rule="!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + // +kubebuilder:validation:XValidation:message="RequestRedirect filter cannot be repeated",rule="self.filter(f, f.type == 'RequestRedirect').size() <= 1" + // +kubebuilder:validation:XValidation:message="URLRewrite filter cannot be repeated",rule="self.filter(f, f.type == 'URLRewrite').size() <= 1" + Filters []v1.HTTPRouteFilter `json:"filters,omitempty"` +} + // HTTPRewrite holds information about how to modify a request URI during // forwarding. type HTTPRewrite struct { diff --git a/pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go b/pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go index 340fc0439..1ac22b7ad 100644 --- a/pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go @@ -22,6 +22,7 @@ limitations under the License. package v1beta1 import ( + gatewayapiv1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1" gatewayapiv1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" istiov1beta1 "github.com/fluxcd/flagger/pkg/apis/istio/v1beta1" v1 "k8s.io/api/core/v1" @@ -442,12 +443,12 @@ func (in *CanaryService) DeepCopyInto(out *CanaryService) { } if in.Primary != nil { in, out := &in.Primary, &out.Primary - *out = new(CustomMetadata) + *out = new(CustomBackend) (*in).DeepCopyInto(*out) } if in.Canary != nil { in, out := &in.Canary, &out.Canary - *out = new(CustomMetadata) + *out = new(CustomBackend) (*in).DeepCopyInto(*out) } return @@ -643,6 +644,35 @@ func (in *CrossNamespaceObjectReference) DeepCopy() *CrossNamespaceObjectReferen return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomBackend) DeepCopyInto(out *CustomBackend) { + *out = *in + in.CustomMetadata.DeepCopyInto(&out.CustomMetadata) + if in.BackendObjectReference != nil { + in, out := &in.BackendObjectReference, &out.BackendObjectReference + *out = new(gatewayapiv1.BackendObjectReference) + (*in).DeepCopyInto(*out) + } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]gatewayapiv1.HTTPRouteFilter, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomBackend. +func (in *CustomBackend) DeepCopy() *CustomBackend { + if in == nil { + return nil + } + out := new(CustomBackend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomMetadata) DeepCopyInto(out *CustomMetadata) { *out = *in diff --git a/pkg/apis/gatewayapi/v1beta1/referencegrant_types.go b/pkg/apis/gatewayapi/v1beta1/referencegrant_types.go new file mode 100644 index 000000000..443bc77cf --- /dev/null +++ b/pkg/apis/gatewayapi/v1beta1/referencegrant_types.go @@ -0,0 +1,145 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=gateway-api,shortName=refgrant +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:storageversion + +// ReferenceGrant identifies kinds of resources in other namespaces that are +// trusted to reference the specified kinds of resources in the same namespace +// as the policy. +// +// Each ReferenceGrant can be used to represent a unique trust relationship. +// Additional Reference Grants can be used to add to the set of trusted +// sources of inbound references for the namespace they are defined within. +// +// All cross-namespace references in Gateway API (with the exception of cross-namespace +// Gateway-route attachment) require a ReferenceGrant. +// +// ReferenceGrant is a form of runtime verification allowing users to assert +// which cross-namespace object references are permitted. Implementations that +// support ReferenceGrant MUST NOT permit cross-namespace references which have +// no grant, and MUST respond to the removal of a grant by revoking the access +// that the grant allowed. +type ReferenceGrant struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of ReferenceGrant. + Spec ReferenceGrantSpec `json:"spec,omitempty"` + + // Note that `Status` sub-resource has been excluded at the + // moment as it was difficult to work out the design. + // `Status` sub-resource may be added in future. +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// ReferenceGrantList contains a list of ReferenceGrant. +type ReferenceGrantList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ReferenceGrant `json:"items"` +} + +// ReferenceGrantSpec identifies a cross namespace relationship that is trusted +// for Gateway API. +type ReferenceGrantSpec struct { + // From describes the trusted namespaces and kinds that can reference the + // resources described in "To". Each entry in this list MUST be considered + // to be an additional place that references can be valid from, or to put + // this another way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + From []ReferenceGrantFrom `json:"from"` + + // To describes the resources that may be referenced by the resources + // described in "From". Each entry in this list MUST be considered to be an + // additional place that references can be valid to, or to put this another + // way, entries MUST be combined using OR. + // + // Support: Core + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + To []ReferenceGrantTo `json:"to"` +} + +// ReferenceGrantFrom describes trusted namespaces and kinds. +type ReferenceGrantFrom struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field. + // + // When used to permit a SecretObjectReference: + // + // * Gateway + // + // When used to permit a BackendObjectReference: + // + // * GRPCRoute + // * HTTPRoute + // * TCPRoute + // * TLSRoute + // * UDPRoute + Kind Kind `json:"kind"` + + // Namespace is the namespace of the referent. + // + // Support: Core + Namespace Namespace `json:"namespace"` +} + +// ReferenceGrantTo describes what Kinds are allowed as targets of the +// references. +type ReferenceGrantTo struct { + // Group is the group of the referent. + // When empty, the Kubernetes core API group is inferred. + // + // Support: Core + Group Group `json:"group"` + + // Kind is the kind of the referent. Although implementations may support + // additional resources, the following types are part of the "Core" + // support level for this field: + // + // * Secret when used to permit a SecretObjectReference + // * Service when used to permit a BackendObjectReference + Kind Kind `json:"kind"` + + // Name is the name of the referent. When unspecified, this policy + // refers to all resources of the specified Group and Kind in the local + // namespace. + // + // +optional + Name *ObjectName `json:"name,omitempty"` +} diff --git a/pkg/apis/gatewayapi/v1beta1/register.go b/pkg/apis/gatewayapi/v1beta1/register.go index 930a1d8cf..231d8f792 100644 --- a/pkg/apis/gatewayapi/v1beta1/register.go +++ b/pkg/apis/gatewayapi/v1beta1/register.go @@ -33,6 +33,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &HTTPRoute{}, &HTTPRouteList{}, + &ReferenceGrant{}, + &ReferenceGrantList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/pkg/apis/gatewayapi/v1beta1/zz_generated.deepcopy.go b/pkg/apis/gatewayapi/v1beta1/zz_generated.deepcopy.go index 7938a9141..6825cb294 100644 --- a/pkg/apis/gatewayapi/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/gatewayapi/v1beta1/zz_generated.deepcopy.go @@ -643,6 +643,131 @@ func (in *ParentReference) DeepCopy() *ParentReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrant) DeepCopyInto(out *ReferenceGrant) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrant. +func (in *ReferenceGrant) DeepCopy() *ReferenceGrant { + if in == nil { + return nil + } + out := new(ReferenceGrant) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrant) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantFrom) DeepCopyInto(out *ReferenceGrantFrom) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantFrom. +func (in *ReferenceGrantFrom) DeepCopy() *ReferenceGrantFrom { + if in == nil { + return nil + } + out := new(ReferenceGrantFrom) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantList) DeepCopyInto(out *ReferenceGrantList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ReferenceGrant, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantList. +func (in *ReferenceGrantList) DeepCopy() *ReferenceGrantList { + if in == nil { + return nil + } + out := new(ReferenceGrantList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ReferenceGrantList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantSpec) DeepCopyInto(out *ReferenceGrantSpec) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = make([]ReferenceGrantFrom, len(*in)) + copy(*out, *in) + } + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]ReferenceGrantTo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantSpec. +func (in *ReferenceGrantSpec) DeepCopy() *ReferenceGrantSpec { + if in == nil { + return nil + } + out := new(ReferenceGrantSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReferenceGrantTo) DeepCopyInto(out *ReferenceGrantTo) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(ObjectName) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantTo. +func (in *ReferenceGrantTo) DeepCopy() *ReferenceGrantTo { + if in == nil { + return nil + } + out := new(ReferenceGrantTo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteParentStatus) DeepCopyInto(out *RouteParentStatus) { *out = *in diff --git a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_gatewayapi_client.go b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_gatewayapi_client.go index 18d99e74a..7447c9048 100644 --- a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_gatewayapi_client.go +++ b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_gatewayapi_client.go @@ -32,6 +32,10 @@ func (c *FakeGatewayapiV1beta1) HTTPRoutes(namespace string) v1beta1.HTTPRouteIn return &FakeHTTPRoutes{c, namespace} } +func (c *FakeGatewayapiV1beta1) ReferenceGrants(namespace string) v1beta1.ReferenceGrantInterface { + return &FakeReferenceGrants{c, namespace} +} + // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeGatewayapiV1beta1) RESTClient() rest.Interface { diff --git a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_referencegrant.go b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_referencegrant.go new file mode 100644 index 000000000..bf6ef0b86 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/fake/fake_referencegrant.go @@ -0,0 +1,134 @@ +/* +Copyright 2020 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeReferenceGrants implements ReferenceGrantInterface +type FakeReferenceGrants struct { + Fake *FakeGatewayapiV1beta1 + ns string +} + +var referencegrantsResource = v1beta1.SchemeGroupVersion.WithResource("referencegrants") + +var referencegrantsKind = v1beta1.SchemeGroupVersion.WithKind("ReferenceGrant") + +// Get takes name of the referenceGrant, and returns the corresponding referenceGrant object, and an error if there is any. +func (c *FakeReferenceGrants) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ReferenceGrant, err error) { + emptyResult := &v1beta1.ReferenceGrant{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(referencegrantsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1beta1.ReferenceGrant), err +} + +// List takes label and field selectors, and returns the list of ReferenceGrants that match those selectors. +func (c *FakeReferenceGrants) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ReferenceGrantList, err error) { + emptyResult := &v1beta1.ReferenceGrantList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(referencegrantsResource, referencegrantsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta1.ReferenceGrantList{ListMeta: obj.(*v1beta1.ReferenceGrantList).ListMeta} + for _, item := range obj.(*v1beta1.ReferenceGrantList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested referenceGrants. +func (c *FakeReferenceGrants) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(referencegrantsResource, c.ns, opts)) + +} + +// Create takes the representation of a referenceGrant and creates it. Returns the server's representation of the referenceGrant, and an error, if there is any. +func (c *FakeReferenceGrants) Create(ctx context.Context, referenceGrant *v1beta1.ReferenceGrant, opts v1.CreateOptions) (result *v1beta1.ReferenceGrant, err error) { + emptyResult := &v1beta1.ReferenceGrant{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(referencegrantsResource, c.ns, referenceGrant, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1beta1.ReferenceGrant), err +} + +// Update takes the representation of a referenceGrant and updates it. Returns the server's representation of the referenceGrant, and an error, if there is any. +func (c *FakeReferenceGrants) Update(ctx context.Context, referenceGrant *v1beta1.ReferenceGrant, opts v1.UpdateOptions) (result *v1beta1.ReferenceGrant, err error) { + emptyResult := &v1beta1.ReferenceGrant{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(referencegrantsResource, c.ns, referenceGrant, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1beta1.ReferenceGrant), err +} + +// Delete takes name of the referenceGrant and deletes it. Returns an error if one occurs. +func (c *FakeReferenceGrants) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(referencegrantsResource, c.ns, name, opts), &v1beta1.ReferenceGrant{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeReferenceGrants) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(referencegrantsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1beta1.ReferenceGrantList{}) + return err +} + +// Patch applies the patch and returns the patched referenceGrant. +func (c *FakeReferenceGrants) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ReferenceGrant, err error) { + emptyResult := &v1beta1.ReferenceGrant{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(referencegrantsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1beta1.ReferenceGrant), err +} diff --git a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/gatewayapi_client.go b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/gatewayapi_client.go index 33f1724af..5743ad66a 100644 --- a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/gatewayapi_client.go +++ b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/gatewayapi_client.go @@ -29,6 +29,7 @@ import ( type GatewayapiV1beta1Interface interface { RESTClient() rest.Interface HTTPRoutesGetter + ReferenceGrantsGetter } // GatewayapiV1beta1Client is used to interact with features provided by the gatewayapi group. @@ -40,6 +41,10 @@ func (c *GatewayapiV1beta1Client) HTTPRoutes(namespace string) HTTPRouteInterfac return newHTTPRoutes(c, namespace) } +func (c *GatewayapiV1beta1Client) ReferenceGrants(namespace string) ReferenceGrantInterface { + return newReferenceGrants(c, namespace) +} + // NewForConfig creates a new GatewayapiV1beta1Client for the given config. // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), // where httpClient was generated with rest.HTTPClientFor(c). diff --git a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/generated_expansion.go b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/generated_expansion.go index 7cd07e728..b43e0c844 100644 --- a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/generated_expansion.go @@ -19,3 +19,5 @@ limitations under the License. package v1beta1 type HTTPRouteExpansion interface{} + +type ReferenceGrantExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/referencegrant.go b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/referencegrant.go new file mode 100644 index 000000000..76a62e58c --- /dev/null +++ b/pkg/client/clientset/versioned/typed/gatewayapi/v1beta1/referencegrant.go @@ -0,0 +1,67 @@ +/* +Copyright 2020 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + + v1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" + scheme "github.com/fluxcd/flagger/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// ReferenceGrantsGetter has a method to return a ReferenceGrantInterface. +// A group's client should implement this interface. +type ReferenceGrantsGetter interface { + ReferenceGrants(namespace string) ReferenceGrantInterface +} + +// ReferenceGrantInterface has methods to work with ReferenceGrant resources. +type ReferenceGrantInterface interface { + Create(ctx context.Context, referenceGrant *v1beta1.ReferenceGrant, opts v1.CreateOptions) (*v1beta1.ReferenceGrant, error) + Update(ctx context.Context, referenceGrant *v1beta1.ReferenceGrant, opts v1.UpdateOptions) (*v1beta1.ReferenceGrant, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ReferenceGrant, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ReferenceGrantList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ReferenceGrant, err error) + ReferenceGrantExpansion +} + +// referenceGrants implements ReferenceGrantInterface +type referenceGrants struct { + *gentype.ClientWithList[*v1beta1.ReferenceGrant, *v1beta1.ReferenceGrantList] +} + +// newReferenceGrants returns a ReferenceGrants +func newReferenceGrants(c *GatewayapiV1beta1Client, namespace string) *referenceGrants { + return &referenceGrants{ + gentype.NewClientWithList[*v1beta1.ReferenceGrant, *v1beta1.ReferenceGrantList]( + "referencegrants", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1beta1.ReferenceGrant { return &v1beta1.ReferenceGrant{} }, + func() *v1beta1.ReferenceGrantList { return &v1beta1.ReferenceGrantList{} }), + } +} diff --git a/pkg/client/informers/externalversions/gatewayapi/v1beta1/interface.go b/pkg/client/informers/externalversions/gatewayapi/v1beta1/interface.go index 8b782c6ea..f858a4b0a 100644 --- a/pkg/client/informers/externalversions/gatewayapi/v1beta1/interface.go +++ b/pkg/client/informers/externalversions/gatewayapi/v1beta1/interface.go @@ -26,6 +26,8 @@ import ( type Interface interface { // HTTPRoutes returns a HTTPRouteInformer. HTTPRoutes() HTTPRouteInformer + // ReferenceGrants returns a ReferenceGrantInformer. + ReferenceGrants() ReferenceGrantInformer } type version struct { @@ -43,3 +45,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList func (v *version) HTTPRoutes() HTTPRouteInformer { return &hTTPRouteInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } + +// ReferenceGrants returns a ReferenceGrantInformer. +func (v *version) ReferenceGrants() ReferenceGrantInformer { + return &referenceGrantInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/informers/externalversions/gatewayapi/v1beta1/referencegrant.go b/pkg/client/informers/externalversions/gatewayapi/v1beta1/referencegrant.go new file mode 100644 index 000000000..464e5af79 --- /dev/null +++ b/pkg/client/informers/externalversions/gatewayapi/v1beta1/referencegrant.go @@ -0,0 +1,90 @@ +/* +Copyright 2020 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + time "time" + + gatewayapiv1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" + versioned "github.com/fluxcd/flagger/pkg/client/clientset/versioned" + internalinterfaces "github.com/fluxcd/flagger/pkg/client/informers/externalversions/internalinterfaces" + v1beta1 "github.com/fluxcd/flagger/pkg/client/listers/gatewayapi/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ReferenceGrantInformer provides access to a shared informer and lister for +// ReferenceGrants. +type ReferenceGrantInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1beta1.ReferenceGrantLister +} + +type referenceGrantInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewReferenceGrantInformer constructs a new informer for ReferenceGrant type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewReferenceGrantInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredReferenceGrantInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredReferenceGrantInformer constructs a new informer for ReferenceGrant type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredReferenceGrantInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.GatewayapiV1beta1().ReferenceGrants(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.GatewayapiV1beta1().ReferenceGrants(namespace).Watch(context.TODO(), options) + }, + }, + &gatewayapiv1beta1.ReferenceGrant{}, + resyncPeriod, + indexers, + ) +} + +func (f *referenceGrantInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredReferenceGrantInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *referenceGrantInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&gatewayapiv1beta1.ReferenceGrant{}, f.defaultInformer) +} + +func (f *referenceGrantInformer) Lister() v1beta1.ReferenceGrantLister { + return v1beta1.NewReferenceGrantLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 78431793a..dd2c062e1 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -106,6 +106,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource // Group=gatewayapi, Version=v1beta1 case gatewayapiv1beta1.SchemeGroupVersion.WithResource("httproutes"): return &genericInformer{resource: resource.GroupResource(), informer: f.Gatewayapi().V1beta1().HTTPRoutes().Informer()}, nil + case gatewayapiv1beta1.SchemeGroupVersion.WithResource("referencegrants"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Gatewayapi().V1beta1().ReferenceGrants().Informer()}, nil // Group=gloo.solo.io, Version=v1 case gloov1.SchemeGroupVersion.WithResource("upstreams"): diff --git a/pkg/client/listers/gatewayapi/v1beta1/expansion_generated.go b/pkg/client/listers/gatewayapi/v1beta1/expansion_generated.go index 2d673fb05..44376cc74 100644 --- a/pkg/client/listers/gatewayapi/v1beta1/expansion_generated.go +++ b/pkg/client/listers/gatewayapi/v1beta1/expansion_generated.go @@ -25,3 +25,11 @@ type HTTPRouteListerExpansion interface{} // HTTPRouteNamespaceListerExpansion allows custom methods to be added to // HTTPRouteNamespaceLister. type HTTPRouteNamespaceListerExpansion interface{} + +// ReferenceGrantListerExpansion allows custom methods to be added to +// ReferenceGrantLister. +type ReferenceGrantListerExpansion interface{} + +// ReferenceGrantNamespaceListerExpansion allows custom methods to be added to +// ReferenceGrantNamespaceLister. +type ReferenceGrantNamespaceListerExpansion interface{} diff --git a/pkg/client/listers/gatewayapi/v1beta1/referencegrant.go b/pkg/client/listers/gatewayapi/v1beta1/referencegrant.go new file mode 100644 index 000000000..891df708a --- /dev/null +++ b/pkg/client/listers/gatewayapi/v1beta1/referencegrant.go @@ -0,0 +1,70 @@ +/* +Copyright 2020 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" + "k8s.io/client-go/tools/cache" +) + +// ReferenceGrantLister helps list ReferenceGrants. +// All objects returned here must be treated as read-only. +type ReferenceGrantLister interface { + // List lists all ReferenceGrants in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.ReferenceGrant, err error) + // ReferenceGrants returns an object that can list and get ReferenceGrants. + ReferenceGrants(namespace string) ReferenceGrantNamespaceLister + ReferenceGrantListerExpansion +} + +// referenceGrantLister implements the ReferenceGrantLister interface. +type referenceGrantLister struct { + listers.ResourceIndexer[*v1beta1.ReferenceGrant] +} + +// NewReferenceGrantLister returns a new ReferenceGrantLister. +func NewReferenceGrantLister(indexer cache.Indexer) ReferenceGrantLister { + return &referenceGrantLister{listers.New[*v1beta1.ReferenceGrant](indexer, v1beta1.Resource("referencegrant"))} +} + +// ReferenceGrants returns an object that can list and get ReferenceGrants. +func (s *referenceGrantLister) ReferenceGrants(namespace string) ReferenceGrantNamespaceLister { + return referenceGrantNamespaceLister{listers.NewNamespaced[*v1beta1.ReferenceGrant](s.ResourceIndexer, namespace)} +} + +// ReferenceGrantNamespaceLister helps list and get ReferenceGrants. +// All objects returned here must be treated as read-only. +type ReferenceGrantNamespaceLister interface { + // List lists all ReferenceGrants in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1beta1.ReferenceGrant, err error) + // Get retrieves the ReferenceGrant from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1beta1.ReferenceGrant, error) + ReferenceGrantNamespaceListerExpansion +} + +// referenceGrantNamespaceLister implements the ReferenceGrantNamespaceLister +// interface. +type referenceGrantNamespaceLister struct { + listers.ResourceIndexer[*v1beta1.ReferenceGrant] +} diff --git a/pkg/router/gateway_api.go b/pkg/router/gateway_api.go index bc398afda..823f978f6 100644 --- a/pkg/router/gateway_api.go +++ b/pkg/router/gateway_api.go @@ -25,7 +25,7 @@ import ( flaggerv1 "github.com/fluxcd/flagger/pkg/apis/flagger/v1beta1" v1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1" - "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" + v1beta1 "github.com/fluxcd/flagger/pkg/apis/gatewayapi/v1beta1" istiov1beta1 "github.com/fluxcd/flagger/pkg/apis/istio/v1beta1" clientset "github.com/fluxcd/flagger/pkg/client/clientset/versioned" "github.com/google/go-cmp/cmp" @@ -96,12 +96,8 @@ func (gwr *GatewayAPIRouter) Reconcile(canary *flaggerv1.Canary) error { Matches: matches, Filters: gwr.makeFilters(canary), BackendRefs: []v1.HTTPBackendRef{ - { - BackendRef: gwr.makeBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port), - }, - { - BackendRef: gwr.makeBackendRef(canarySvcName, initialCanaryWeight, canary.Spec.Service.Port), - }, + gwr.makeHTTPBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Primary), + gwr.makeHTTPBackendRef(canarySvcName, initialCanaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Canary), }, }, }, @@ -122,9 +118,7 @@ func (gwr *GatewayAPIRouter) Reconcile(canary *flaggerv1.Canary) error { Matches: matches, Filters: gwr.makeFilters(canary), BackendRefs: []v1.HTTPBackendRef{ - { - BackendRef: gwr.makeBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port), - }, + gwr.makeHTTPBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Primary), }, }) if canary.Spec.Service.Timeout != "" { @@ -152,6 +146,7 @@ func (gwr *GatewayAPIRouter) Reconcile(canary *flaggerv1.Canary) error { newMetadata.Annotations = filterMetadata(newMetadata.Annotations) if errors.IsNotFound(err) { + // create http route route := &v1.HTTPRoute{ ObjectMeta: metav1.ObjectMeta{ Name: apexSvcName, @@ -180,62 +175,120 @@ func (gwr *GatewayAPIRouter) Reconcile(canary *flaggerv1.Canary) error { } gwr.logger.With("canary", fmt.Sprintf("%s.%s", canary.Name, canary.Namespace)). Infof("HTTPRoute %s.%s created", route.GetName(), hrNamespace) - return nil } else if err != nil { return fmt.Errorf("HTTPRoute %s.%s get error: %w", apexSvcName, hrNamespace, err) - } - - ignoreCmpOptions := []cmp.Option{ - cmpopts.IgnoreFields(v1.BackendRef{}, "Weight"), - cmpopts.EquateEmpty(), - } - if canary.Spec.Analysis.SessionAffinity != nil { - ignoreRoute := cmpopts.IgnoreSliceElements(func(r v1.HTTPRouteRule) bool { - // Ignore the rule that does sticky routing, i.e. matches against the `Cookie` header. - for _, match := range r.Matches { - for _, headerMatch := range match.Headers { - if *headerMatch.Type == headerMatchRegex && headerMatch.Name == cookieHeader && - strings.Contains(headerMatch.Value, canary.Spec.Analysis.SessionAffinity.CookieName) { - return true + } else { + // update http route + ignoreCmpOptions := []cmp.Option{ + cmpopts.IgnoreFields(v1.BackendRef{}, "Weight"), + cmpopts.EquateEmpty(), + } + if canary.Spec.Analysis.SessionAffinity != nil { + ignoreRoute := cmpopts.IgnoreSliceElements(func(r v1.HTTPRouteRule) bool { + // Ignore the rule that does sticky routing, i.e. matches against the `Cookie` header. + for _, match := range r.Matches { + for _, headerMatch := range match.Headers { + if *headerMatch.Type == headerMatchRegex && headerMatch.Name == cookieHeader && + strings.Contains(headerMatch.Value, canary.Spec.Analysis.SessionAffinity.CookieName) { + return true + } } } + return false + }) + ignoreCmpOptions = append(ignoreCmpOptions, ignoreRoute) + // Ignore backend specific filters, since we use that to insert the `Set-Cookie` header in responses. + ignoreCmpOptions = append(ignoreCmpOptions, cmpopts.IgnoreFields(v1.HTTPBackendRef{}, "Filters")) + } + + if canary.GetAnalysis().Mirror { + // If a Canary run is in progress, the HTTPRoute rule will have an extra filter of type RequestMirror + // which needs to be ignored so that the requests are mirrored to the canary deployment. + inProgress := canary.Status.Phase == flaggerv1.CanaryPhaseWaiting || canary.Status.Phase == flaggerv1.CanaryPhaseProgressing || + canary.Status.Phase == flaggerv1.CanaryPhaseWaitingPromotion + if inProgress { + ignoreCmpOptions = append(ignoreCmpOptions, cmpopts.IgnoreFields(v1.HTTPRouteRule{}, "Filters")) } - return false - }) - ignoreCmpOptions = append(ignoreCmpOptions, ignoreRoute) - // Ignore backend specific filters, since we use that to insert the `Set-Cookie` header in responses. - ignoreCmpOptions = append(ignoreCmpOptions, cmpopts.IgnoreFields(v1.HTTPBackendRef{}, "Filters")) + } + + if httpRoute != nil { + specDiff := cmp.Diff( + httpRoute.Spec, httpRouteSpec, + ignoreCmpOptions..., + ) + labelsDiff := cmp.Diff(newMetadata.Labels, httpRoute.Labels, cmpopts.EquateEmpty()) + annotationsDiff := cmp.Diff(newMetadata.Annotations, httpRoute.Annotations, cmpopts.EquateEmpty()) + if (specDiff != "" && httpRoute.Name != "") || labelsDiff != "" || annotationsDiff != "" { + hrClone := httpRoute.DeepCopy() + hrClone.Spec = httpRouteSpec + hrClone.ObjectMeta.Annotations = newMetadata.Annotations + hrClone.ObjectMeta.Labels = newMetadata.Labels + _, err := gwr.gatewayAPIClient.GatewayapiV1().HTTPRoutes(hrNamespace). + Update(context.TODO(), hrClone, metav1.UpdateOptions{}) + if err != nil { + return fmt.Errorf("HTTPRoute %s.%s update error: %w while reconciling", hrClone.GetName(), hrNamespace, err) + } + gwr.logger.With("canary", fmt.Sprintf("%s.%s", canary.Name, canary.Namespace)). + Infof("HTTPRoute %s.%s updated", hrClone.GetName(), hrNamespace) + } + } } - if canary.GetAnalysis().Mirror { - // If a Canary run is in progress, the HTTPRoute rule will have an extra filter of type RequestMirror - // which needs to be ignored so that the requests are mirrored to the canary deployment. - inProgress := canary.Status.Phase == flaggerv1.CanaryPhaseWaiting || canary.Status.Phase == flaggerv1.CanaryPhaseProgressing || - canary.Status.Phase == flaggerv1.CanaryPhaseWaitingPromotion - if inProgress { - ignoreCmpOptions = append(ignoreCmpOptions, cmpopts.IgnoreFields(v1.HTTPRouteRule{}, "Filters")) + // create reference grants + referenceGrants := []*v1beta1.ReferenceGrant{} + + for _, rule := range httpRouteSpec.Rules { + for _, backendRef := range rule.BackendRefs { + if backendRef.Namespace != nil { + svcNamespace := string(*backendRef.Namespace) + if svcNamespace != hrNamespace { + group := v1beta1.Group("") + kind := v1beta1.Kind("Service") + if backendRef.Group != nil { + group = v1beta1.Group(*backendRef.Group) + } + if backendRef.Kind != nil { + kind = v1beta1.Kind(*backendRef.Kind) + } + name := (*v1beta1.ObjectName)(&backendRef.Name) + + rg := &v1beta1.ReferenceGrant{ + ObjectMeta: metav1.ObjectMeta{ + Name: canary.Name, + Namespace: svcNamespace, + }, + Spec: v1beta1.ReferenceGrantSpec{ + From: []v1beta1.ReferenceGrantFrom{ + { + Group: "gateway.networking.k8s.io", + Kind: "HTTPRoute", + Namespace: v1beta1.Namespace(hrNamespace), + }, + }, + To: []v1beta1.ReferenceGrantTo{ + { + Group: group, + Kind: kind, + Name: name, + }, + }, + }, + } + referenceGrants = append(referenceGrants, rg) + } + } } } - if httpRoute != nil { - specDiff := cmp.Diff( - httpRoute.Spec, httpRouteSpec, - ignoreCmpOptions..., - ) - labelsDiff := cmp.Diff(newMetadata.Labels, httpRoute.Labels, cmpopts.EquateEmpty()) - annotationsDiff := cmp.Diff(newMetadata.Annotations, httpRoute.Annotations, cmpopts.EquateEmpty()) - if (specDiff != "" && httpRoute.Name != "") || labelsDiff != "" || annotationsDiff != "" { - hrClone := httpRoute.DeepCopy() - hrClone.Spec = httpRouteSpec - hrClone.ObjectMeta.Annotations = newMetadata.Annotations - hrClone.ObjectMeta.Labels = newMetadata.Labels - _, err := gwr.gatewayAPIClient.GatewayapiV1().HTTPRoutes(hrNamespace). - Update(context.TODO(), hrClone, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("HTTPRoute %s.%s update error: %w while reconciling", hrClone.GetName(), hrNamespace, err) + for _, rg := range referenceGrants { + _, err := gwr.gatewayAPIClient.GatewayapiV1beta1().ReferenceGrants(rg.Namespace).Get(context.TODO(), rg.Name, metav1.GetOptions{}) + if errors.IsNotFound(err) { + _, err = gwr.gatewayAPIClient.GatewayapiV1beta1().ReferenceGrants(rg.Namespace).Create(context.TODO(), rg, metav1.CreateOptions{}) + if err == nil { + gwr.logger.Infof("ReferenceGrant %s.%s has been created", rg.Name, rg.Namespace) + } else if !errors.IsAlreadyExists(err) { + return fmt.Errorf("ReferenceGrant %s.%s creation error: %w", rg.Name, rg.Namespace, err) } - gwr.logger.With("canary", fmt.Sprintf("%s.%s", canary.Name, canary.Namespace)). - Infof("HTTPRoute %s.%s updated", hrClone.GetName(), hrNamespace) } } @@ -340,12 +393,8 @@ func (gwr *GatewayAPIRouter) SetRoutes( Matches: matches, Filters: gwr.makeFilters(canary), BackendRefs: []v1.HTTPBackendRef{ - { - BackendRef: gwr.makeBackendRef(primarySvcName, pWeight, canary.Spec.Service.Port), - }, - { - BackendRef: gwr.makeBackendRef(canarySvcName, cWeight, canary.Spec.Service.Port), - }, + gwr.makeHTTPBackendRef(primarySvcName, pWeight, canary.Spec.Service.Port, canary.Spec.Service.Primary), + gwr.makeHTTPBackendRef(canarySvcName, cWeight, canary.Spec.Service.Port, canary.Spec.Service.Canary), }, } if canary.Spec.Service.Timeout != "" { @@ -399,9 +448,7 @@ func (gwr *GatewayAPIRouter) SetRoutes( Matches: matches, Filters: gwr.makeFilters(canary), BackendRefs: []v1.HTTPBackendRef{ - { - BackendRef: gwr.makeBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port), - }, + gwr.makeHTTPBackendRef(primarySvcName, initialPrimaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Primary), }, Timeouts: &v1.HTTPRouteTimeouts{ Request: &timeout, @@ -484,12 +531,8 @@ func (gwr *GatewayAPIRouter) getSessionAffinityRouteRules(canary *flaggerv1.Cana mergedMatches := gwr.mergeMatchConditions([]v1.HTTPRouteMatch{cookieMatch}, svcMatches) stickyRouteRule.Matches = mergedMatches stickyRouteRule.BackendRefs = []v1.HTTPBackendRef{ - { - BackendRef: gwr.makeBackendRef(primarySvcName, 0, canary.Spec.Service.Port), - }, - { - BackendRef: gwr.makeBackendRef(canarySvcName, 100, canary.Spec.Service.Port), - }, + gwr.makeHTTPBackendRef(primarySvcName, 0, canary.Spec.Service.Port, canary.Spec.Service.Primary), + gwr.makeHTTPBackendRef(canarySvcName, 100, canary.Spec.Service.Port, canary.Spec.Service.Canary), } } else { // If canary weight is 0 and SessionAffinityCookie is non-blank, then it belongs to a previous canary run. @@ -612,16 +655,28 @@ func (gwr *GatewayAPIRouter) mapRouteMatches(requestMatches []istiov1beta1.HTTPM return matches, nil } -func (gwr *GatewayAPIRouter) makeBackendRef(svcName string, weight, port int32) v1.BackendRef { - return v1.BackendRef{ - BackendObjectReference: v1.BackendObjectReference{ - Group: (*v1.Group)(&backendRefGroup), - Kind: (*v1.Kind)(&backendRefKind), - Name: v1.ObjectName(svcName), - Port: (*v1.PortNumber)(&port), +func (gwr *GatewayAPIRouter) makeHTTPBackendRef(svcName string, weight, port int32, customBackend *flaggerv1.CustomBackend) v1.HTTPBackendRef { + httpBackendRef := v1.HTTPBackendRef{ + BackendRef: v1.BackendRef{ + BackendObjectReference: v1.BackendObjectReference{ + Group: (*v1.Group)(&backendRefGroup), + Kind: (*v1.Kind)(&backendRefKind), + Name: v1.ObjectName(svcName), + Port: (*v1.PortNumber)(&port), + }, + Weight: &weight, }, - Weight: &weight, } + if customBackend != nil { + if customBackend.BackendObjectReference != nil { + httpBackendRef.BackendObjectReference = *customBackend.BackendObjectReference + } + if customBackend.Filters != nil { + httpBackendRef.Filters = customBackend.Filters + } + } + + return httpBackendRef } func (gwr *GatewayAPIRouter) mergeMatchConditions(analysis, service []v1.HTTPRouteMatch) []v1.HTTPRouteMatch { diff --git a/pkg/router/gateway_api_test.go b/pkg/router/gateway_api_test.go index a7d6b6d89..cf69b952f 100644 --- a/pkg/router/gateway_api_test.go +++ b/pkg/router/gateway_api_test.go @@ -276,6 +276,63 @@ func TestGatewayAPIRouter_Routes(t *testing.T) { assert.Len(t, hr.Spec.Rules, 1) assert.Len(t, hr.Spec.Rules[0].Filters, 0) }) + + t.Run("custom backend filters", func(t *testing.T) { + canary := mocks.canary.DeepCopy() + primaryHostName := v1.PreciseHostname("primary.example.com") + canary.Spec.Service.Primary = &flaggerv1.CustomBackend{ + Filters: []v1.HTTPRouteFilter{ + { + Type: v1.HTTPRouteFilterURLRewrite, + URLRewrite: &v1.HTTPURLRewriteFilter{ + Hostname: &primaryHostName, + }, + }, + }, + } + + name := v1.ObjectName("canary") + unmanagedSvcNamespace := "kube-system" + namespace := v1.Namespace(unmanagedSvcNamespace) + port := v1.PortNumber(30080) + objRef := v1.BackendObjectReference{ + Name: name, + Namespace: &namespace, + Port: &port, + } + + canary.Spec.Service.Canary = &flaggerv1.CustomBackend{ + BackendObjectReference: &objRef, + } + err = router.SetRoutes(canary, 50, 50, false) + require.NoError(t, err) + + httpRoute, err := router.gatewayAPIClient.GatewayapiV1().HTTPRoutes("default").Get(context.TODO(), "podinfo", metav1.GetOptions{}) + require.NoError(t, err) + + primary := httpRoute.Spec.Rules[0].BackendRefs[0] + assert.Equal(t, int32(50), *primary.Weight) + + canaryBackend := httpRoute.Spec.Rules[0].BackendRefs[1] + assert.Equal(t, canaryBackend.Name, name) + assert.Equal(t, canaryBackend.Namespace, &namespace) + assert.Equal(t, canaryBackend.Port, &port) + + primaryBackend := httpRoute.Spec.Rules[0].BackendRefs[0].Filters[0].URLRewrite + assert.Equal(t, primaryBackend.Hostname, &primaryHostName) + + err = router.Reconcile(canary) + require.NoError(t, err) + + referenceGrant, err := router.gatewayAPIClient.GatewayapiV1beta1().ReferenceGrants(unmanagedSvcNamespace).Get(context.TODO(), canary.Name, metav1.GetOptions{}) + require.NoError(t, err) + assert.Equal(t, unmanagedSvcNamespace, string(referenceGrant.Namespace)) + assert.Equal(t, "HTTPRoute", string(referenceGrant.Spec.From[0].Kind)) + assert.Equal(t, canary.Namespace, string(referenceGrant.Spec.From[0].Namespace)) + assert.Equal(t, "Service", string(referenceGrant.Spec.To[0].Kind)) + assert.Equal(t, "", string(referenceGrant.Spec.To[0].Group)) + assert.Equal(t, string(name), string(*referenceGrant.Spec.To[0].Name)) + }) } func TestGatewayAPIRouter_getSessionAffinityRouteRules(t *testing.T) { @@ -295,12 +352,8 @@ func TestGatewayAPIRouter_getSessionAffinityRouteRules(t *testing.T) { _, pSvcName, cSvcName := canary.GetServiceNames() weightedRouteRule := &v1.HTTPRouteRule{ BackendRefs: []v1.HTTPBackendRef{ - { - BackendRef: router.makeBackendRef(pSvcName, initialPrimaryWeight, canary.Spec.Service.Port), - }, - { - BackendRef: router.makeBackendRef(cSvcName, initialCanaryWeight, canary.Spec.Service.Port), - }, + router.makeHTTPBackendRef(pSvcName, initialPrimaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Primary), + router.makeHTTPBackendRef(cSvcName, initialCanaryWeight, canary.Spec.Service.Port, canary.Spec.Service.Canary), }, } rules, err := router.getSessionAffinityRouteRules(canary, 10, weightedRouteRule) diff --git a/pkg/router/kubernetes_default.go b/pkg/router/kubernetes_default.go index 840005672..f5623f15f 100644 --- a/pkg/router/kubernetes_default.go +++ b/pkg/router/kubernetes_default.go @@ -50,13 +50,21 @@ func (c *KubernetesDefaultRouter) Initialize(canary *flaggerv1.Canary) error { _, primaryName, canaryName := canary.GetServiceNames() // canary svc - err := c.reconcileService(canary, canaryName, c.labelValue, canary.Spec.Service.Canary) + canaryCustomMetadata := &flaggerv1.CustomMetadata{} + if canary.Spec.Service.Canary != nil { + canaryCustomMetadata = &canary.Spec.Service.Canary.CustomMetadata + } + err := c.reconcileService(canary, canaryName, c.labelValue, canaryCustomMetadata) if err != nil { return fmt.Errorf("reconcileService failed: %w", err) } // primary svc - err = c.reconcileService(canary, primaryName, fmt.Sprintf("%s-primary", c.labelValue), canary.Spec.Service.Primary) + primaryCustomMetadata := &flaggerv1.CustomMetadata{} + if canary.Spec.Service.Primary != nil { + primaryCustomMetadata = &canary.Spec.Service.Primary.CustomMetadata + } + err = c.reconcileService(canary, primaryName, fmt.Sprintf("%s-primary", c.labelValue), primaryCustomMetadata) if err != nil { return fmt.Errorf("reconcileService failed: %w", err) } diff --git a/pkg/router/kubernetes_default_test.go b/pkg/router/kubernetes_default_test.go index c0f969958..4d7ed4122 100644 --- a/pkg/router/kubernetes_default_test.go +++ b/pkg/router/kubernetes_default_test.go @@ -375,13 +375,13 @@ func TestServiceRouter_InitializeMetadata(t *testing.T) { labelSelector: "app", } - metadata := &flaggerv1.CustomMetadata{ - Labels: map[string]string{"test": "test"}, - Annotations: map[string]string{"test": "test"}, + mocks.canary.Spec.Service.Canary = &flaggerv1.CustomBackend{ + CustomMetadata: flaggerv1.CustomMetadata{ + Labels: map[string]string{"test": "test"}, + Annotations: map[string]string{"test": "test"}, + }, } - mocks.canary.Spec.Service.Canary = metadata - err := router.Initialize(mocks.canary) require.NoError(t, err)