Skip to content

refactor(policy): Use gateway API bindings from the official gateway-api crate #13643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adleong merged 44 commits into from
Feb 26, 2025
Merged

refactor(policy): Use gateway API bindings from the official gateway-api crate #13643

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
8a98113
build(deps): bump linkerd/dev from v44 to v45
olix0r Jan 5, 2025
5229b3c
wip: update kube and hyper
olix0r Jan 5, 2025
347be22
build(deps): bump hyper from 0.3 to 1.0
olix0r Jan 6, 2025
b059d62
chore: bump kubert v0.23.0-alpha6
olix0r Jan 13, 2025
69f3406
Merge branch 'main' into ver/kube-alpha
olix0r Jan 13, 2025
9982985
Merge branch 'main' into ver/kube-alpha
olix0r Jan 25, 2025
668a0e2
WIP
adleong Feb 10, 2025
1099bde
policy-controller compiles
adleong Feb 11, 2025
e3d2641
Merge branch 'main' into ver/kube-alpha
olix0r Feb 12, 2025
36e4eab
Prep for gateway api binding upgrade
adleong Feb 13, 2025
276c48a
Revert unintended http version bump
adleong Feb 13, 2025
2a1c7b2
Revert unintended http version bump
adleong Feb 13, 2025
abf2245
update policy-test
adleong Feb 13, 2025
198790d
Merge branch 'main' into ver/kube-alpha
olix0r Feb 17, 2025
989ac54
build(deps): bump kubert to v0.23.0-alpha8
olix0r Feb 17, 2025
2267a80
feat(policy): instrument runtime metrics
olix0r Feb 17, 2025
c3914ba
build(deps): bump kubert to v0.23.0-alpha9
olix0r Feb 17, 2025
f86886a
build(deps): bump kubert to v0.23.0-alpha10
olix0r Feb 17, 2025
47f8b85
Merge branch 'main' into ver/kube-alpha
olix0r Feb 17, 2025
983ce06
build(deps): address dependency auditing lints
olix0r Feb 17, 2025
b542e14
chore(policy): fix lint
olix0r Feb 17, 2025
a3dbbf6
lessen diff
olix0r Feb 17, 2025
eb9c78a
Merge branch 'main' into ver/kube-alpha
olix0r Feb 17, 2025
c389c0b
refactor(policy): extract lease init into a separate module
olix0r Feb 17, 2025
24146ce
Merge branch 'ver/lease-prep' into ver/kube-alpha
olix0r Feb 17, 2025
013f1e3
Merge branch 'main' into ver/kube-alpha
olix0r Feb 18, 2025
f3e09a9
chore(policy): disable runtime-diagnostics initially
olix0r Feb 18, 2025
11586a7
chore(policy): lessen diff
olix0r Feb 18, 2025
6a880fc
chore(cargo): make tower a workspace dep
olix0r Feb 18, 2025
b812771
build(deps): bump kubert to v0.23.0
olix0r Feb 18, 2025
e9d2983
build(deps): bump kubert to v0.23.0
olix0r Feb 18, 2025
992e2c0
Merge branch 'main' into ver/kube-alpha
olix0r Feb 18, 2025
9903a91
updated
adleong Feb 18, 2025
8ea93c3
Resolve merge conflicts
adleong Feb 19, 2025
6fbc076
fix merge issue
adleong Feb 19, 2025
f705d62
merge
adleong Feb 19, 2025
2a0741d
Resolve merge conflicts
adleong Feb 25, 2025
0b2b97a
fix merge
adleong Feb 25, 2025
8180f87
Merge branch 'main' into alex/kube-alpha
adleong Feb 25, 2025
f1b161c
Resolve merge conflict
adleong Feb 25, 2025
baf5b80
Fix filter type field in tests
adleong Feb 26, 2025
22bcbc2
Fix test
adleong Feb 26, 2025
66d8613
fix tests
adleong Feb 26, 2025
3cdff9d
cargo and dependabot
adleong Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ updates:
- k8s-openapi
- kube
- kube-*
- gateway-api
update-types: [patch]
grpc:
patterns:
Expand Down
36 changes: 35 additions & 1 deletion Cargo.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,17 @@ version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "575f75dfd25738df5b91b8e43e14d44bda14637a58fae779fd2b064f8bf3e010"

[[package]]
name = "delegate"
version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "297806318ef30ad066b15792a8372858020ae3ca2e414ee6c2133b1eb9e9e945"
dependencies = [
"proc-macro2",
"quote",
"syn",
]

[[package]]
name = "digest"
version = "0.10.7"
Expand Down Expand Up @@ -636,6 +647,23 @@ dependencies = [
"slab",
]

[[package]]
name = "gateway-api"
version = "0.14.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdca285b86710063162382f6d688fb67918fa8a231cb9248c817f53ddcb53491"
dependencies = [
"delegate",
"k8s-openapi",
"kube",
"once_cell",
"regex-lite",
"schemars",
"serde",
"serde_json",
"serde_yaml",
]

[[package]]
name = "generic-array"
version = "0.14.7"
Expand Down Expand Up @@ -1356,8 +1384,8 @@ dependencies = [
name = "linkerd-policy-controller-k8s-api"
version = "0.1.0"
dependencies = [
"gateway-api",
"ipnet",
"k8s-gateway-api",
"k8s-openapi",
"kube",
"schemars",
Expand Down Expand Up @@ -2005,6 +2033,12 @@ dependencies = [
"regex-syntax 0.8.5",
]

[[package]]
name = "regex-lite"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a"

[[package]]
name = "regex-syntax"
version = "0.6.29"
Expand Down
5 changes: 1 addition & 4 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,4 @@ features = ["experimental"]
[workspace.dependencies.linkerd2-proxy-api]
git = "https://github.com/linkerd/linkerd2-proxy-api"
branch = "main"
features = [
"inbound",
"outbound",
]
features = ["inbound", "outbound"]
2 changes: 1 addition & 1 deletion policy-controller/k8s/api/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ publish = false

[dependencies]
k8s-openapi = { workspace = true }
k8s-gateway-api = { workspace = true, features = ["experimental"] }
gateway-api = "0.14"
kube = { workspace = true, default-features = false, features = [
"client",
"derive",
Expand Down
103 changes: 21 additions & 82 deletions policy-controller/k8s/api/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,92 +33,31 @@ pub use kube::{
};

pub mod gateway {
pub use k8s_gateway_api::*;

pub type HTTPRoute = HttpRoute;
pub type HTTPRouteSpec = HttpRouteSpec;
pub type HTTPRouteParentRefs = ParentReference;
pub type HTTPRouteRules = HttpRouteRule;
pub type HTTPRouteRulesMatches = HttpRouteMatch;
pub type HTTPRouteRulesFilters = HttpRouteFilter;
pub type HTTPRouteRulesBackendRefs = HttpBackendRef;
pub type HTTPRouteRulesBackendRefsFilters = HttpRouteFilter;
pub type HTTPRouteStatus = HttpRouteStatus;
pub type HTTPRouteStatusParents = RouteParentStatus;
pub type HTTPRouteStatusParentsParentRef = ParentReference;
pub type HTTPRouteRulesFiltersRequestHeaderModifier = HttpRequestHeaderFilter;
pub type HTTPRouteRulesFiltersResponseHeaderModifier = HttpRequestHeaderFilter;
pub type HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier = HttpRequestHeaderFilter;
pub type HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier = HttpRequestHeaderFilter;
pub type HTTPRouteRulesFiltersRequestHeaderModifierAdd = HttpHeader;
pub type HTTPRouteRulesFiltersRequestHeaderModifierSet = HttpHeader;
pub type HTTPRouteRulesFiltersResponseHeaderModifierAdd = HttpHeader;
pub type HTTPRouteRulesFiltersResponseHeaderModifierSet = HttpHeader;
pub type HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierAdd = HttpHeader;
pub type HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet = HttpHeader;
pub type HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierAdd = HttpHeader;
pub type HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierSet = HttpHeader;
pub type HTTPRouteRulesFiltersRequestRedirect = HttpRequestRedirectFilter;
pub type HTTPRouteRulesBackendRefsFiltersRequestRedirect = HttpRequestRedirectFilter;
pub type HTTPRouteRulesFiltersRequestRedirectPath = HttpPathModifier;
pub type HTTPRouteRulesBackendRefsFiltersRequestRedirectPath = HttpPathModifier;
pub use gateway_api::apis::experimental::grpcroutes::*;
pub use gateway_api::apis::experimental::httproutes::*;
pub use gateway_api::apis::experimental::tcproutes::*;
pub use gateway_api::apis::experimental::tlsroutes::*;

pub mod http_method {
pub const GET: &str = "GET";
pub const POST: &str = "POST";
pub const PUT: &str = "PUT";
pub const DELETE: &str = "DELETE";
pub const PATCH: &str = "PATCH";
pub const HEAD: &str = "HEAD";
pub const OPTIONS: &str = "OPTIONS";
pub const CONNECT: &str = "CONNECT";
pub const TRACE: &str = "TRACE";
use gateway_api::apis::experimental::httproutes::HTTPRouteRulesMatchesMethod;

pub const GET: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Get;
pub const POST: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Post;
pub const PUT: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Put;
pub const DELETE: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Delete;
pub const PATCH: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Patch;
pub const HEAD: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Head;
pub const OPTIONS: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Options;
pub const CONNECT: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Connect;
pub const TRACE: HTTPRouteRulesMatchesMethod = HTTPRouteRulesMatchesMethod::Trace;
}

pub mod http_scheme {
pub const HTTP: &str = "http";
pub const HTTPS: &str = "https";
}

pub type GRPCRoute = GrpcRoute;
pub type GRPCRouteSpec = GrpcRouteSpec;
pub type GRPCRouteParentRefs = ParentReference;
pub type GRPCRouteRules = GrpcRouteRule;
pub type GRPCRouteRulesMatches = GrpcRouteMatch;
pub type GRPCRouteRulesFilters = GrpcRouteFilter;
pub type GRPCRouteRulesBackendRefs = GrpcRouteBackendRef;
pub type GRPCRouteRulesBackendRefsFilters = GrpcRouteFilter;
pub type GRPCRouteStatus = GrpcRouteStatus;
pub type GRPCRouteStatusParents = RouteParentStatus;
pub type GRPCRouteStatusParentsParentRef = ParentReference;
pub type GRPCRouteRulesFiltersRequestHeaderModifier = HttpRequestHeaderFilter;
pub type GRPCRouteRulesFiltersResponseHeaderModifier = HttpRequestHeaderFilter;
pub type GRPCRouteRulesBackendRefsFiltersRequestHeaderModifier = HttpRequestHeaderFilter;
pub type GRPCRouteRulesBackendRefsFiltersResponseHeaderModifier = HttpRequestHeaderFilter;
pub type GRPCRouteRulesFiltersRequestHeaderModifierAdd = HttpHeader;
pub type GRPCRouteRulesFiltersRequestHeaderModifierSet = HttpHeader;
pub type GRPCRouteRulesFiltersResponseHeaderModifierAdd = HttpHeader;
pub type GRPCRouteRulesFiltersResponseHeaderModifierSet = HttpHeader;
pub type GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierAdd = HttpHeader;
pub type GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierSet = HttpHeader;
pub type GRPCRouteRulesBackendRefsFiltersResponseHeaderModifierAdd = HttpHeader;
pub type GRPCRouteRulesBackendRefsFiltersResponseHeaderModifierSet = HttpHeader;
use gateway_api::apis::experimental::httproutes::HTTPRouteRulesFiltersRequestRedirectScheme;

pub type TLSRoute = TlsRoute;
pub type TLSRouteSpec = TlsRouteSpec;
pub type TLSRouteParentRefs = ParentReference;
pub type TLSRouteRules = TlsRouteRule;
pub type TLSRouteRulesBackendRefs = BackendRef;
pub type TLSRouteStatus = TlsRouteStatus;
pub type TLSRouteStatusParents = RouteParentStatus;
pub type TLSRouteStatusParentsParentRef = ParentReference;

pub type TCPRoute = TcpRoute;
pub type TCPRouteSpec = TcpRouteSpec;
pub type TCPRouteParentRefs = ParentReference;
pub type TCPRouteRules = TcpRouteRule;
pub type TCPRouteRulesBackendRefs = BackendRef;
pub type TCPRouteStatus = TcpRouteStatus;
pub type TCPRouteStatusParents = RouteParentStatus;
pub type TCPRouteStatusParentsParentRef = ParentReference;
pub const HTTP: HTTPRouteRulesFiltersRequestRedirectScheme =
HTTPRouteRulesFiltersRequestRedirectScheme::Http;
pub const HTTPS: HTTPRouteRulesFiltersRequestRedirectScheme =
HTTPRouteRulesFiltersRequestRedirectScheme::Https;
}
}
4 changes: 2 additions & 2 deletions policy-controller/k8s/api/src/policy/grpcroute.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ where
{
// Default kind is assumed to be service for backend ref objects
super::targets_kind::<T>(
backend_ref.inner.group.as_deref(),
backend_ref.inner.kind.as_deref().unwrap_or("Service"),
backend_ref.group.as_deref(),
backend_ref.kind.as_deref().unwrap_or("Service"),
)
}
11 changes: 2 additions & 9 deletions policy-controller/k8s/api/src/policy/httproute.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,14 +245,7 @@ where
{
// Default kind is assumed to be service for backend ref objects
super::targets_kind::<T>(
backend_ref
.backend_ref
.as_ref()
.and_then(|br| br.inner.group.as_deref()),
backend_ref
.backend_ref
.as_ref()
.and_then(|br| br.inner.kind.as_deref())
.unwrap_or("Service"),
backend_ref.group.as_deref(),
backend_ref.kind.as_deref().unwrap_or("Service"),
)
}
4 changes: 2 additions & 2 deletions policy-controller/k8s/api/src/policy/tcproute.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ where
{
// Default kind is assumed to be service for backend ref objects
super::targets_kind::<T>(
backend_ref.inner.group.as_deref(),
backend_ref.inner.kind.as_deref().unwrap_or("Service"),
backend_ref.group.as_deref(),
backend_ref.kind.as_deref().unwrap_or("Service"),
)
}
4 changes: 2 additions & 2 deletions policy-controller/k8s/api/src/policy/tlsroute.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ where
{
// Default kind is assumed to be service for backend ref objects
super::targets_kind::<T>(
backend_ref.inner.group.as_deref(),
backend_ref.inner.kind.as_deref().unwrap_or("Service"),
backend_ref.group.as_deref(),
backend_ref.kind.as_deref().unwrap_or("Service"),
)
}
41 changes: 19 additions & 22 deletions policy-controller/k8s/index/src/inbound/index/grpc.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ impl TryFrom<gateway::GRPCRoute> for RouteBinding<GrpcRoute> {
fn try_from(route: gateway::GRPCRoute) -> Result<Self, Self::Error> {
let route_ns = route.metadata.namespace.as_deref();
let creation_timestamp = route.metadata.creation_timestamp.map(|k8s::Time(t)| t);
let parents = ParentRef::collect_from_grpc(route_ns, route.spec.inner.parent_refs)?;
let parents = ParentRef::collect_from_grpc(route_ns, route.spec.parent_refs)?;
let hostnames = route
.spec
.hostnames
Expand Down Expand Up @@ -73,26 +73,23 @@ fn try_grpc_rule<F>(
}

fn try_grpc_filter(filter: gateway::GRPCRouteRulesFilters) -> Result<Filter> {
let filter = match filter {
gateway::GRPCRouteRulesFilters::RequestHeaderModifier {
request_header_modifier,
} => {
let filter = crate::routes::grpc::request_header_modifier(request_header_modifier)?;
Filter::RequestHeaderModifier(filter)
}
if let Some(request_header_modifier) = filter.request_header_modifier {
let filter = crate::routes::grpc::request_header_modifier(request_header_modifier)?;
return Ok(Filter::RequestHeaderModifier(filter));
}

if let Some(response_header_modifier) = filter.response_header_modifier {
let filter = crate::routes::grpc::response_header_modifier(response_header_modifier)?;
return Ok(Filter::ResponseHeaderModifier(filter));
}

if let Some(_request_mirror) = filter.request_mirror {
bail!("RequestMirror filter is not supported")
}

if let Some(_extension_ref) = filter.extension_ref {
bail!("ExtensionRef filter is not supported")
}

gateway::GRPCRouteRulesFilters::ResponseHeaderModifier {
response_header_modifier,
} => {
let filter = crate::routes::grpc::request_header_modifier(response_header_modifier)?;
Filter::ResponseHeaderModifier(filter)
}
gateway::GRPCRouteRulesFilters::RequestMirror { .. } => {
bail!("RequestMirror filter is not supported")
}
gateway::GRPCRouteRulesFilters::ExtensionRef { .. } => {
bail!("ExtensionRef filter is not supported")
}
};
Ok(filter)
bail!("No filter specified");
}
55 changes: 23 additions & 32 deletions policy-controller/k8s/index/src/inbound/index/http.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ impl TryFrom<gateway::HTTPRoute> for RouteBinding<HttpRoute> {
fn try_from(route: gateway::HTTPRoute) -> Result<Self, Self::Error> {
let route_ns = route.metadata.namespace.as_deref();
let creation_timestamp = route.metadata.creation_timestamp.map(|k8s::Time(t)| t);
let parents = ParentRef::collect_from_http(route_ns, route.spec.inner.parent_refs)?;
let parents = ParentRef::collect_from_http(route_ns, route.spec.parent_refs)?;
let hostnames = route
.spec
.hostnames
Expand Down Expand Up @@ -117,37 +117,28 @@ fn try_http_rule<F>(
}

fn try_gateway_filter(filter: gateway::HTTPRouteRulesFilters) -> Result<Filter> {
let filter = match filter {
gateway::HTTPRouteRulesFilters::RequestHeaderModifier {
request_header_modifier,
} => {
let filter = crate::routes::http::request_header_modifier(request_header_modifier)?;
Filter::RequestHeaderModifier(filter)
}

gateway::HTTPRouteRulesFilters::ResponseHeaderModifier {
response_header_modifier,
} => {
let filter = crate::routes::http::response_header_modifier(response_header_modifier)?;
Filter::ResponseHeaderModifier(filter)
}

gateway::HTTPRouteRulesFilters::RequestRedirect { request_redirect } => {
let filter = crate::routes::http::req_redirect(request_redirect)?;
Filter::RequestRedirect(filter)
}

gateway::HTTPRouteRulesFilters::RequestMirror { .. } => {
bail!("RequestMirror filter is not supported")
}
gateway::HTTPRouteRulesFilters::URLRewrite { .. } => {
bail!("URLRewrite filter is not supported")
}
gateway::HTTPRouteRulesFilters::ExtensionRef { .. } => {
bail!("ExtensionRef filter is not supported")
}
};
Ok(filter)
if let Some(request_header_modifier) = filter.request_header_modifier {
let filter = crate::routes::http::request_header_modifier(request_header_modifier)?;
return Ok(Filter::RequestHeaderModifier(filter));
}
if let Some(response_header_modifier) = filter.response_header_modifier {
let filter = crate::routes::http::response_header_modifier(response_header_modifier)?;
return Ok(Filter::ResponseHeaderModifier(filter));
}
if let Some(request_redirect) = filter.request_redirect {
let filter = crate::routes::http::req_redirect(request_redirect)?;
return Ok(Filter::RequestRedirect(filter));
}
if let Some(_request_mirror) = filter.request_mirror {
bail!("RequestMirror filter is not supported")
}
if let Some(_url_rewrite) = filter.url_rewrite {
bail!("URLRewrite filter is not supported")
}
if let Some(_extension_ref) = filter.extension_ref {
bail!("ExtensionRef filter is not supported")
}
bail!("No filter specified");
}

fn try_policy_filter(filter: policy::httproute::HttpRouteFilter) -> Result<Filter> {
Expand Down
Loading
Loading