Skip to content

Commit

Permalink
gateway: new command-line options (#1064)
Browse files Browse the repository at this point in the history
Introduce an --experimental-gateway-api command-line flag to guard the
new Gateway API code paths. Add a --gateway-class-controller-name flag
to allow customizing the ControllerName used with GatewayClass objects.

When Gateway API support is enabled, initialize the Gateway controllers
alongside the existing IngressController and SettingsController.
  • Loading branch information
kenjenkins authored Nov 11, 2024
1 parent cb28452 commit 4ae8dd9
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 3 deletions.
19 changes: 17 additions & 2 deletions cmd/all_in_one.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"github.com/pomerium/pomerium/pkg/netutil"

"github.com/pomerium/ingress-controller/controllers"
"github.com/pomerium/ingress-controller/controllers/gateway"
"github.com/pomerium/ingress-controller/controllers/ingress"
"github.com/pomerium/ingress-controller/controllers/settings"
"github.com/pomerium/ingress-controller/pomerium"
Expand All @@ -50,6 +51,7 @@ type allCmdOptions struct {
type allCmdParam struct {
settings types.NamespacedName
ingressOpts []ingress.Option
gatewayConfig *gateway.ControllerConfig
updateStatusFromService string
dumpConfigDiff bool

Expand Down Expand Up @@ -161,9 +163,15 @@ func (s *allCmdOptions) getParam() (*allCmdParam, error) {
return nil, fmt.Errorf("options: %w", err)
}

gatewayConfig, err := s.getGatewayControllerConfig()
if err != nil {
return nil, fmt.Errorf("options: %w", err)
}

p := &allCmdParam{
settings: *settings,
ingressOpts: opts,
gatewayConfig: gatewayConfig,
updateStatusFromService: s.UpdateStatusFromService,
dumpConfigDiff: s.debugDumpConfigDiff,
configControllerShutdownTimeout: s.configControllerShutdownTimeout,
Expand Down Expand Up @@ -312,6 +320,12 @@ func (s *allCmdParam) buildController(ctx context.Context, cfg *config.Config) (
DebugDumpConfigDiff: s.dumpConfigDiff,
RemoveUnreferencedCerts: false,
},
GatewayReconciler: &pomerium.DataBrokerReconciler{
ConfigID: pomerium.GatewayControllerConfigID,
DataBrokerServiceClient: client,
DebugDumpConfigDiff: s.dumpConfigDiff,
RemoveUnreferencedCerts: false,
},
DataBrokerServiceClient: client,
MgrOpts: runtime_ctrl.Options{
Scheme: scheme,
Expand All @@ -320,8 +334,9 @@ func (s *allCmdParam) buildController(ctx context.Context, cfg *config.Config) (
},
LeaderElection: false,
},
IngressCtrlOpts: s.ingressOpts,
GlobalSettings: &s.settings,
IngressCtrlOpts: s.ingressOpts,
GlobalSettings: &s.settings,
GatewayControllerConfig: s.gatewayConfig,
}

return c, nil
Expand Down
4 changes: 4 additions & 0 deletions cmd/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import (
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
gateway_v1 "sigs.k8s.io/gateway-api/apis/v1"
gateway_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"

icsv1 "github.com/pomerium/ingress-controller/apis/ingress/v1"
)
Expand Down Expand Up @@ -55,6 +57,8 @@ func getScheme() (*runtime.Scheme, error) {
}{
{"core", clientgoscheme.AddToScheme},
{"settings", icsv1.AddToScheme},
{"gateway_v1", gateway_v1.Install},
{"gateway_v1beta1", gateway_v1beta1.Install},
} {
if err := apply.fn(scheme); err != nil {
return nil, fmt.Errorf("%s: %w", apply.name, err)
Expand Down
14 changes: 13 additions & 1 deletion cmd/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@ func (s *controllerCmd) buildController(ctx context.Context) (*controllers.Contr
return nil, fmt.Errorf("ingress controller opts: %w", err)
}

gatewayConfig, err := s.getGatewayControllerConfig()
if err != nil {
return nil, fmt.Errorf("gateway controller opts: %w", err)
}

scheme, err := getScheme()
if err != nil {
return nil, fmt.Errorf("get scheme: %w", err)
Expand All @@ -153,13 +158,20 @@ func (s *controllerCmd) buildController(ctx context.Context) (*controllers.Contr
DebugDumpConfigDiff: s.debug,
RemoveUnreferencedCerts: false,
},
GatewayReconciler: &pomerium.DataBrokerReconciler{
ConfigID: pomerium.GatewayControllerConfigID,
DataBrokerServiceClient: client,
DebugDumpConfigDiff: s.debug,
RemoveUnreferencedCerts: false,
},
DataBrokerServiceClient: client,
MgrOpts: ctrl.Options{
Scheme: scheme,
Metrics: metricsserver.Options{BindAddress: s.metricsAddr},
LeaderElection: false,
},
IngressCtrlOpts: opts,
IngressCtrlOpts: opts,
GatewayControllerConfig: gatewayConfig,
}

c.GlobalSettings, err = s.getGlobalSettings()
Expand Down
25 changes: 25 additions & 0 deletions cmd/ingress_opts.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,15 @@ import (
"k8s.io/apimachinery/pkg/types"

icsv1 "github.com/pomerium/ingress-controller/apis/ingress/v1"
"github.com/pomerium/ingress-controller/controllers/gateway"
"github.com/pomerium/ingress-controller/controllers/ingress"
"github.com/pomerium/ingress-controller/util"
)

type ingressControllerOpts struct {
ClassName string `validate:"required"`
GatewayAPIEnabled bool
GatewayClassName string `validate:"required"`
AnnotationPrefix string `validate:"required"`
Namespaces []string
UpdateStatusFromService string ``
Expand All @@ -22,6 +25,8 @@ type ingressControllerOpts struct {

const (
ingressClassControllerName = "name"
experimentalGatewayAPI = "experimental-gateway-api"
gatewayClassControllerName = "gateway-class-controller-name"
annotationPrefix = "prefix"
namespaces = "namespaces"
sharedSecret = "shared-secret"
Expand All @@ -31,6 +36,8 @@ const (

func (s *ingressControllerOpts) setupFlags(flags *pflag.FlagSet) {
flags.StringVar(&s.ClassName, ingressClassControllerName, ingress.DefaultClassControllerName, "IngressClass controller name")
flags.BoolVar(&s.GatewayAPIEnabled, experimentalGatewayAPI, false, "experimental support for the Kubernetes Gateway API")
flags.StringVar(&s.GatewayClassName, gatewayClassControllerName, gateway.DefaultClassControllerName, "GatewayClass controller name")
flags.StringVar(&s.AnnotationPrefix, annotationPrefix, ingress.DefaultAnnotationPrefix, "Ingress annotation prefix")
flags.StringSliceVar(&s.Namespaces, namespaces, nil, "namespaces to watch, or none to watch all namespaces")
flags.StringVar(&s.UpdateStatusFromService, updateStatusFromService, "", "update ingress status from given service status (pomerium-proxy)")
Expand Down Expand Up @@ -74,3 +81,21 @@ func (s *ingressControllerOpts) getIngressControllerOptions() ([]ingress.Option,
}
return opts, nil
}

func (s *ingressControllerOpts) getGatewayControllerConfig() (*gateway.ControllerConfig, error) {
if !s.GatewayAPIEnabled {
return nil, nil
}

cfg := &gateway.ControllerConfig{
ControllerName: s.GatewayClassName,
}
if s.UpdateStatusFromService != "" {
name, err := util.ParseNamespacedName(s.UpdateStatusFromService)
if err != nil {
return cfg, fmt.Errorf("update status from service: %q: %w", s.UpdateStatusFromService, err)
}
cfg.ServiceName = *name
}
return cfg, nil
}
11 changes: 11 additions & 0 deletions controllers/config_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (

"github.com/pomerium/pomerium/pkg/grpc/databroker"

"github.com/pomerium/ingress-controller/controllers/gateway"
"github.com/pomerium/ingress-controller/controllers/ingress"
"github.com/pomerium/ingress-controller/controllers/reporter"
"github.com/pomerium/ingress-controller/controllers/settings"
Expand All @@ -35,11 +36,14 @@ var (
// for Ingress and Pomerium Settings CRD objects, if specified
type Controller struct {
pomerium.IngressReconciler
pomerium.GatewayReconciler
pomerium.ConfigReconciler
databroker.DataBrokerServiceClient
MgrOpts runtime_ctrl.Options
// IngressCtrlOpts are the ingress controller options
IngressCtrlOpts []ingress.Option
// GatewayControllerConfig is the Gateway controller config
GatewayControllerConfig *gateway.ControllerConfig
// GlobalSettings if provided, will also reconcile configuration options
GlobalSettings *types.NamespacedName

Expand Down Expand Up @@ -81,6 +85,13 @@ func (c *Controller) RunLeased(ctx context.Context) (err error) {
log.FromContext(ctx).V(1).Info("no Pomerium CRD")
}

if c.GatewayControllerConfig != nil {
err := gateway.NewControllers(ctx, mgr, c.GatewayReconciler, *c.GatewayControllerConfig)
if err != nil {
return err
}
}

c.setRunning(true)
if err = mgr.Start(ctx); err != nil {
return fmt.Errorf("running controller: %w", err)
Expand Down
16 changes: 16 additions & 0 deletions controllers/gateway/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,22 @@ type ControllerConfig struct {
ServiceName types.NamespacedName
}

// NewControllers sets up GatewayClass and Gateway controllers.
func NewControllers(
ctx context.Context,
mgr ctrl.Manager,
pgr pomerium.GatewayReconciler,
config ControllerConfig,
) error {
if err := NewGatewayClassController(mgr, config.ControllerName); err != nil {
return fmt.Errorf("couldn't create GatewayClass controller: %w", err)
}
if err := NewGatewayController(ctx, mgr, pgr, config); err != nil {
return fmt.Errorf("couldn't create Gateway controller: %w", err)
}
return nil
}

type gatewayController struct {
client.Client
pomerium.GatewayReconciler
Expand Down

0 comments on commit 4ae8dd9

Please sign in to comment.