Skip to content

Commit

Permalink
Merge branch 'main' into feat/http-admin-api
Browse files Browse the repository at this point in the history
  • Loading branch information
Jonah Back authored Dec 6, 2023
2 parents 0ec1904 + d38057d commit 64b4ecb
Show file tree
Hide file tree
Showing 88 changed files with 3,771 additions and 994 deletions.
2 changes: 1 addition & 1 deletion .github/test_dependencies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ e2e:
- 'v1.24.15'
gke:
# renovate: datasource=custom.gke-rapid depName=gke versioning=semver
- '1.28.2'
- '1.28.3'


# For Istio, we define combinations of Kind and Istio versions that will be
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/_docker_build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5.1.0
uses: docker/metadata-action@v5.3.0
with:
images: kong/kubernetes-ingress-controller
flavor: |
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/_e2e_tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: split image and tag
id: split
Expand Down Expand Up @@ -220,6 +221,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: check availability of KIC image
id: check_kic_image
Expand Down Expand Up @@ -324,6 +326,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: split image and tag
id: split
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/_integration_tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: Set image of Kong
id: set_kong_image
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
password: ${{ secrets.DOCKER_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5.1.0
uses: docker/metadata-action@v5.3.0
with:
images: kong/nightly-ingress-controller
tags: ${{ steps.tags-standard.outputs.TAGS_STANDARD }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ jobs:
password: ${{ secrets.DOCKER_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5.1.0
uses: docker/metadata-action@v5.3.0
with:
images: kong/kubernetes-ingress-controller
flavor: |
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test_nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: checkout repository
uses: actions/checkout@v4
Expand Down Expand Up @@ -97,6 +98,7 @@ jobs:
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: checkout repository
uses: actions/checkout@v4
Expand Down
2 changes: 2 additions & 0 deletions .golangci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@ linters-settings:
alias: gateway${1}
- pkg: github.com/kong/kubernetes-ingress-controller/v[\w\d]+/pkg/apis/configuration/(v[\w\d]+)
alias: kong${1}
- pkg: github.com/kong/kubernetes-ingress-controller/v[\w\d]+/pkg/apis/incubator/(v[\w\d]+)
alias: incubator${1}
- pkg: github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/config
alias: dpconf
forbidigo:
Expand Down
16 changes: 15 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,19 @@ Adding a new version? You'll need three changes:
It can be installed with `kubectl kustomize "github.com/Kong/kubernetes-ingress-controller/config/crd/incubator/?ref=v3.1.0"`
When installed, it has to be enabled with `ServiceFacade` feature gate.
[#5220](https://github.com/Kong/kubernetes-ingress-controller/pull/5220)
[#5234](https://github.com/Kong/kubernetes-ingress-controller/pull/5234)
[#5290](https://github.com/Kong/kubernetes-ingress-controller/pull/5290)
[#5282](https://github.com/Kong/kubernetes-ingress-controller/pull/5282)
- Added support for GRPC over HTTP (without TLS) in Gateway API.
[#5128](https://github.com/Kong/kubernetes-ingress-controller/pull/5128)
- Added `-init-cache-sync-duration` CLI flag. This flag configures how long the controller waits for Kubernetes resources to populate at startup before generating the initial Kong configuration. It also fixes a bug that removed the default 5 second wait period.
[#5238](https://github.com/Kong/kubernetes-ingress-controller/pull/5238)
- Added `--emit-kubernetes-events` CLI flag to disable the creation of events
in translating and applying configurations to Kong.
[#5296](https://github.com/Kong/kubernetes-ingress-controller/pull/5296)
[#5299](https://github.com/Kong/kubernetes-ingress-controller/pull/5299)
- Added support in Gateway Discovery for specifying that the Admin API should use HTTP via the appProtocol field on the admin port.
- [#5251](https://github.com/Kong/kubernetes-ingress-controller/pull/5251)
[#5251](https://github.com/Kong/kubernetes-ingress-controller/pull/5251)

### Fixed

Expand All @@ -111,6 +118,13 @@ Adding a new version? You'll need three changes:
configuration. Instead, it will return `400` with message to tell the
validation failures.
[#5208](https://github.com/Kong/kubernetes-ingress-controller/pull/5208)
- Fixed an issue that prevented the controller from associating admin API
errors with a GRPCRoute.
[#5267](https://github.com/Kong/kubernetes-ingress-controller/pull/5267)
[#5275](https://github.com/Kong/kubernetes-ingress-controller/pull/5275)
[#5283](https://github.com/Kong/kubernetes-ingress-controller/pull/5283)
- Restore the diagnostics server functionality, which was accidentally disabled.
[#5270](https://github.com/Kong/kubernetes-ingress-controller/pull/5270)

### Changed

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Standard binary
# Build the manager binary
FROM golang:1.21.4 as builder
FROM golang:1.21.5 as builder

ARG TARGETPLATFORM
ARG TARGETOS
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.debug
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build a manager binary with debug symbols and download Delve
FROM golang:1.21.4 as builder
FROM golang:1.21.5 as builder

ARG TARGETPLATFORM
ARG TARGETOS
Expand Down Expand Up @@ -32,7 +32,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH="${TARGETARCH}" GO111MODULE=on make _build.d

### Debug
# Create an image that runs a debug build with Delve installed
FROM golang:1.21.4 AS debug
FROM golang:1.21.5 AS debug
RUN go install github.com/go-delve/delve/cmd/dlv@latest
# We want all source so Delve file location operations work
COPY --from=builder /workspace/bin/manager-debug /
Expand Down
14 changes: 7 additions & 7 deletions FEATURE_GATES.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,13 @@ Features that reach GA and over time become stable will be removed from this tab

### Feature gates for Alpha or Beta features

| Feature | Default | Stage | Since | Until |
|---------------|---------|-------|--------|-------|
| GatewayAlpha | `false` | Alpha | 2.6.0 | TBD |
| FillIDs | `false` | Alpha | 2.10.0 | 3.0.0 |
| FillIDs | `true` | Beta | 3.0.0 | TBD |
| RewriteURIs | `false` | Alpha | 2.12.0 | TBD |
| ServiceFacade | `false` | Alpha | 3.1.0 | TBD |
| Feature | Default | Stage | Since | Until |
|-------------------|---------|-------|--------|-------|
| GatewayAlpha | `false` | Alpha | 2.6.0 | TBD |
| FillIDs | `false` | Alpha | 2.10.0 | 3.0.0 |
| FillIDs | `true` | Beta | 3.0.0 | TBD |
| RewriteURIs | `false` | Alpha | 2.12.0 | TBD |
| KongServiceFacade | `false` | Alpha | 3.1.0 | TBD |

**NOTE**: The `Gateway` feature gate refers to [Gateway
API](https://github.com/kubernetes-sigs/gateway-api) APIs which are in
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -248,8 +248,8 @@ generate.clientsets: client-gen
--logtostderr \
--clientset-name clientset \
--input-base $(REPO_URL)/$(GO_MOD_MAJOR_VERSION)/pkg/apis/ \
--input configuration/v1,configuration/v1beta1,configuration/v1alpha1 \
--input-dirs $(REPO_URL)/pkg/apis/configuration/v1alpha1/,$(REPO_URL)/pkg/apis/configuration/v1beta1/,$(REPO_URL)/pkg/apis/configuration/v1/ \
--input configuration/v1,configuration/v1beta1,configuration/v1alpha1,incubator/v1alpha1 \
--input-dirs $(REPO_URL)/pkg/apis/configuration/v1alpha1/,$(REPO_URL)/pkg/apis/configuration/v1beta1/,$(REPO_URL)/pkg/apis/configuration/v1/,$(REPO_URL)/pkg/apis/incubator/v1alpha1 \
--output-base pkg/ \
--output-package $(REPO_URL)/$(GO_MOD_MAJOR_VERSION)/pkg/ \
--trim-path-prefix pkg/$(REPO_URL)/$(GO_MOD_MAJOR_VERSION)/
Expand Down
10 changes: 9 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Custom Resource Definitions (CRDs) and Kubernetes-native tooling.
- request/response transformations
- rate-limiting

## Get started
## Get started (using Helm)

You can use [Minikube or Kind][k8s-io-tools] on your local machine or use
a hosted Kubernetes service like [GKE](https://cloud.google.com/kubernetes-engine/).
Expand Down Expand Up @@ -69,6 +69,12 @@ to start using Kong in your Kubernetes cluster.
> Note: Kong Enterprise users, please follow along with our
[enterprise guide][docs-konghq-k4k8s-enterprise-setup] to setup the enterprise version.

## Get started (using Operator _tech preview_)

As an alternative to Helm, you can also install Kong Ingress Controller using the **Kong Gateway Operator** by following this [quick start guide][kgo-guide].

**Tech Preview warning**: Please note that this capability is a Tech Preview (alpha-quality) and should not be depended upon in a production environment.

## Container images

### Release images
Expand Down Expand Up @@ -162,3 +168,5 @@ preview features can be found in [FEATURE_PREVIEW_DOCUMENTATION.md][fpreview].
[docs-konghq-getting-started-guide]: https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/getting-started/
[docs-konghq-k4k8s-enterprise-setup]: https://docs.konghq.com/kubernetes-ingress-controller/latest/deployment/k4k8s-enterprise/
[docs-konghq-kic-guides]: https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/overview/

[kgo-guide]: https://docs.konghq.com/gateway-operator/1.0.x/get-started/kic/install/
2 changes: 1 addition & 1 deletion config/dev/manager_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
containers:
- name: ingress-controller
args:
- --feature-gates=GatewayAlpha=true
- --feature-gates=GatewayAlpha=true,KongServiceFacade=true
- --anonymous-reports=false
env:
- name: CONTROLLER_LOG_LEVEL
Expand Down
2 changes: 1 addition & 1 deletion config/variants/multi-gw/dev/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
containers:
- name: ingress-controller
args:
- --feature-gates=GatewayAlpha=true
- --feature-gates=GatewayAlpha=true,KongServiceFacade=true
- --anonymous-reports=false
env:
- name: CONTROLLER_LOG_LEVEL
Expand Down
1 change: 1 addition & 0 deletions docs/cli-arguments.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
| `--dump-sensitive-config` | `bool` | Include credentials and TLS secrets in configs exposed with --dump-config flag. | `false` |
| `--election-id` | `string` | Election id to use for status update. | `5b374a9e.konghq.com` |
| `--election-namespace` | `string` | Leader election namespace to use when running outside a cluster. | |
| `--emit-kubernetes-events` | `bool` | Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. | `true` |
| `--enable-controller-gwapi-gateway` | `bool` | Enable the Gateway API Gateway controller. | `true` |
| `--enable-controller-gwapi-httproute` | `bool` | Enable the Gateway API HTTPRoute controller. | `true` |
| `--enable-controller-gwapi-reference-grant` | `bool` | Enable the Gateway API ReferenceGrant controller. | `true` |
Expand Down
4 changes: 3 additions & 1 deletion examples/gateway-grpcroute-via-http.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ metadata:
name: grpcbin-via-http
labels:
app: grpcbin-via-http
annotations:
konghq.com/protocol: grpc
spec:
ports:
- name: grpc
Expand Down Expand Up @@ -64,7 +66,7 @@ spec:
parentRefs:
- name: kong
hostnames:
- "example.com"
- example-grpc-via-http.com
rules:
- backendRefs:
- name: grpcbin-via-http
Expand Down
2 changes: 2 additions & 0 deletions examples/gateway-grpcroute-via-https.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ metadata:
name: grpcbin-via-https
labels:
app: grpcbin-via-https
annotations:
konghq.com/protocol: grpcs
spec:
ports:
- name: grpc
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ require (
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
github.com/prometheus/client_golang v1.17.0
github.com/prometheus/common v0.45.0
github.com/samber/lo v1.38.1
github.com/samber/lo v1.39.0
github.com/samber/mo v1.11.0
github.com/sethvargo/go-password v0.2.0
github.com/spf13/cobra v1.8.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -366,8 +366,8 @@ github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjR
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=
github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
github.com/samber/mo v1.11.0 h1:ZOiSkrGGpNhVv/1dxP02risztdMTIwE8KSW9OG4k5bY=
github.com/samber/mo v1.11.0/go.mod h1:BfkrCPuYzVG3ZljnZB783WIJIGk1mcZr9c9CPf8tAxs=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
Expand Down
33 changes: 27 additions & 6 deletions internal/admission/validation/ingress/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,14 @@ import (
"fmt"
"strings"

"github.com/go-logr/logr"
"github.com/kong/go-kong/kong"
netv1 "k8s.io/api/networking/v1"

"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/failures"
"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/translator"
"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/translator/subtranslator"
"github.com/kong/kubernetes-ingress-controller/v3/internal/store"
kongv1alpha1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1alpha1"
)

Expand All @@ -21,11 +25,16 @@ func ValidateIngress(
routesValidator routeValidator,
translatorFeatures translator.FeatureFlags,
ingress *netv1.Ingress,
logger logr.Logger,
storer store.Storer,
) (bool, string, error) {
// Validate by using feature of Kong Gateway.
var errMsgs []string
for _, kg := range ingressToKongRoutesForValidation(translatorFeatures, ingress) {
var (
errMsgs []string
failuresCollector = failures.NewResourceFailuresCollector(logger)
)
for _, kg := range ingressToKongRoutesForValidation(translatorFeatures, ingress, failuresCollector, storer) {
kg := kg
// Validate by using feature of Kong Gateway.
ok, msg, err := routesValidator.Validate(ctx, &kg)
if err != nil {
return false, fmt.Sprintf("Unable to validate Ingress schema: %s", err.Error()), nil
Expand All @@ -34,6 +43,10 @@ func ValidateIngress(
errMsgs = append(errMsgs, msg)
}
}
// Collect failures from the translation.
for _, failure := range failuresCollector.PopResourceFailures() {
errMsgs = append(errMsgs, failure.Message())
}
if len(errMsgs) > 0 {
return false, fmt.Sprintf("Ingress failed schema validation: %s", strings.Join(errMsgs, ", ")), nil
}
Expand All @@ -43,13 +56,21 @@ func ValidateIngress(
// ingressToKongRoutesForValidation converts Ingress to Kong Routes that can be validated by Kong Gateway,
// discards everything else that is not needed for validation.
func ingressToKongRoutesForValidation(
translatorFeatures translator.FeatureFlags, ingress *netv1.Ingress,
translatorFeatures translator.FeatureFlags,
ingress *netv1.Ingress,
failuresCollector subtranslator.FailuresCollector,
storer store.Storer,
) []kong.Route {
kongServices := translator.IngressesV1ToKongServices(
translatorFeatures,
kongServices := subtranslator.TranslateIngresses(
[]*netv1.Ingress{ingress},
kongv1alpha1.IngressClassParametersSpec{EnableLegacyRegexDetection: true},
subtranslator.TranslateIngressFeatureFlags{
ExpressionRoutes: translatorFeatures.ExpressionRoutes,
KongServiceFacade: translatorFeatures.KongServiceFacade,
},
&translator.ObjectsCollector{}, // It's irrelevant for validation.
failuresCollector,
storer,
)

var kongRoutes []kong.Route
Expand Down
6 changes: 5 additions & 1 deletion internal/admission/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/kongstate"
"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/translator"
"github.com/kong/kubernetes-ingress-controller/v3/internal/gatewayapi"
"github.com/kong/kubernetes-ingress-controller/v3/internal/store"
"github.com/kong/kubernetes-ingress-controller/v3/internal/util"
kongv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1"
kongv1beta1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1beta1"
Expand Down Expand Up @@ -59,6 +60,7 @@ type KongHTTPValidator struct {
Logger logr.Logger
SecretGetter kongstate.SecretGetter
ConsumerGetter ConsumerGetter
Storer store.Storer
ManagerClient client.Client
AdminAPIServicesProvider AdminAPIServicesProvider
TranslatorFeatures translator.FeatureFlags
Expand All @@ -77,11 +79,13 @@ func NewKongHTTPValidator(
ingressClass string,
servicesProvider AdminAPIServicesProvider,
translatorFeatures translator.FeatureFlags,
storer store.Storer,
) KongHTTPValidator {
return KongHTTPValidator{
Logger: logger,
SecretGetter: &managerClientSecretGetter{managerClient: managerClient},
ConsumerGetter: &managerClientConsumerGetter{managerClient: managerClient},
Storer: storer,
ManagerClient: managerClient,
AdminAPIServicesProvider: servicesProvider,
TranslatorFeatures: translatorFeatures,
Expand Down Expand Up @@ -456,7 +460,7 @@ func (validator KongHTTPValidator) ValidateIngress(
if routesSvc, ok := validator.AdminAPIServicesProvider.GetRoutesService(); ok {
routeValidator = routesSvc
}
return ingressvalidation.ValidateIngress(ctx, routeValidator, validator.TranslatorFeatures, &ingress)
return ingressvalidation.ValidateIngress(ctx, routeValidator, validator.TranslatorFeatures, &ingress, validator.Logger, validator.Storer)
}

type routeValidator interface {
Expand Down
Loading

0 comments on commit 64b4ecb

Please sign in to comment.