Add Gateway API provider configuration and validation

Signed-off-by: Mateusz Paluszkiewicz <theaifam5@gmail.com>

Author: TheAifam5

cilium.tf

@@ -1,4 +1,6 @@
 locals {
+  cilium_gateway_enabled = var.cilium_enabled && var.gateway_api_provider == "cilium"
+
   # Cilium IPSec Configuration
   cilium_ipsec_enabled = var.cilium_encryption_enabled && var.cilium_encryption_type == "ipsec"
 
@@ -31,7 +33,7 @@ locals {
   } : null
 
   # Cilium integration with Gateway API
-  cilium_gateway_api_manifest = var.gateway_api_enabled ? {
+  cilium_gateway_api_manifest = local.cilium_gateway_enabled ? {
     apiVersion = "gateway.networking.k8s.io/v1"
     kind       = "GatewayClass"
     metadata = {
@@ -111,7 +113,7 @@ data "helm_template" "cilium" {
         acceleration = "native"
       }
       gatewayAPI = {
-        enabled = var.gateway_api_enabled
+        enabled = local.cilium_gateway_enabled
         enableProxyProtocol = true
         externalTrafficPolicy = var.ingress_service_external_traffic_policy
       }

variables.tf

@@ -1669,14 +1669,50 @@ variable "gateway_api_enabled" {
   description = "Enables the Gateway API Custom Resource Definitions (CRDs) deployment."
 }
 
+variable "gateway_api_provider" {
+  type        = string
+  default     = "cilium"
+  description = "Specifies the Gateway API provider. Options are 'cilium' (Cilium Controller), or 'ingate' (InGate Ingress & Gateway API Controller)."
+
+  validation {
+    condition     = contains(["cilium", "ingate"], var.gateway_api_provider)
+    error_message = "Invalid Gateway API provider. Allowed values are 'cilium', or 'ingate'."
+  }
+
+  validation {
+    condition     = var.gateway_api_provider != "cilium" || var.cilium_enabled
+    error_message = "Gateway API provider cannot be set to 'cilium' unless Cilium is also enabled."
+  }
+
+  validation {
+    condition     = var.gateway_api_provider != "ingate"
+    error_message = "Gateway API provider 'ingate' is not yet supported."
+  }
+}
+
 variable "gateway_api_version" {
   type        = string
   default     = "v1.3.0" # https://github.com/kubernetes-sigs/gateway-api
   description = "Specifies the version of the Gateway API Custom Resource Definitions (CRDs) to deploy."
 
+  # Cilium provider constraints
+  validation {
+    condition = (
+      var.gateway_api_provider != "cilium" ||
+      (var.gateway_api_provider == "cilium" &&
+        var.cilium_helm_version == "v1.18.2" &&
+        var.gateway_api_version == "v1.3.0")
+    )
+    error_message = "When gateway_api_provider is 'cilium', cilium_helm_version must be 'v1.18.2' and gateway_api_version must be 'v1.3.0'."
+  }
+
+  # InGate provider constraints (will also fail due to provider-level validation)
   validation {
-    condition     = var.ingress_controller_type != "cilium" || (var.cilium_helm_version == "v1.18.2" && var.gateway_api_version == "v1.3.0")
-    error_message = "When ingress_controller_type is 'cilium', cilium_helm_version must be 'v1.18.2' and gateway_api_version must be 'v1.3.0'."
+    condition = (
+      var.gateway_api_provider != "ingate" ||
+      (var.gateway_api_provider == "ingate" && var.gateway_api_version == "v1.2.0")
+    )
+    error_message = "When gateway_api_provider is 'ingate', gateway_api_version must be 'v1.2.0'."
   }
 }