MINOR: install or accommodate yaml files for TLSRoute

Author: ivanmatmati

example/deploy/hug/rbac.yaml

@@ -11,14 +11,14 @@ metadata:
   name: haproxy-unified-gateway
 rules:
   - apiGroups:
-    - "apiextensions.k8s.io"
+      - "apiextensions.k8s.io"
     resources:
-    - customresourcedefinitions
+      - customresourcedefinitions
     verbs:
-    - get
-    - list
-    - watch
-    - update
+      - get
+      - list
+      - watch
+      - update
   - apiGroups:
       - ""
     resources:
@@ -102,7 +102,7 @@ rules:
       - list
       - watch
   - apiGroups:
-    - "apps"
+      - "apps"
     resources:
       - replicasets
       - deployments
@@ -111,38 +111,40 @@ rules:
       - get
       - list
   - apiGroups:
-    - gateway.networking.k8s.io
+      - gateway.networking.k8s.io
     resources:
       - gatewayclasses
       - gateways
       - httproutes
       - referencegrants
       - grpcroutes
+      - tlsroutes
     verbs:
       - list
       - watch
   - apiGroups:
-    - gateway.networking.k8s.io
+      - gateway.networking.k8s.io
     resources:
       - gatewayclasses/status
       - gateways/status
       - httproutes/status
       - referencegrants/status
       - grpcroutes/status
+      - tlsroutes/status
     verbs:
       - get
       - update
       - patch
   - apiGroups:
-    - coordination.k8s.io
+      - coordination.k8s.io
     resources:
       - leases
     verbs:
       - create
       - get
       - update
   - apiGroups:
-    - gate.v3.haproxy.org
+      - gate.v3.haproxy.org
     resources:
       - huggates
       - hugconfs
@@ -151,7 +153,6 @@ rules:
       - get
       - list
       - watch
-
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

k8s/gate/haproxy/backends.go

@@ -483,8 +483,10 @@ func (b *HaproxyConfMgrImpl) cleanupUnreferencedBackendsForHTTPRoutes(ownerType
 	return nil
 }
 
+//revive:disable:flag-parameter
 func (b *HaproxyConfMgrImpl) newBackend(backendName string, md metadata.MetaData,
-	backendRef gatewayv1.HTTPBackendRef, namespace string, isHTTPBackend bool) (*models.Backend, error) {
+	backendRef gatewayv1.HTTPBackendRef, namespace string, isHTTPBackend bool,
+) (*models.Backend, error) {
 	// First, we merge the Backend CRDs from filters, if there are some
 	// Backend CRDs are defined in the Filters of type: ExtensionRef
 	// We gather all those filters, merge them and apply them

k8s/gate/haproxy/routes.go

@@ -71,8 +71,8 @@ func (b *RouteMgrImpl) onUpsertedTLSRoute(routeKey k8stypes.NamespacedName, rout
 }
 
 func (b *RouteMgrImpl) onValidTLSRouteUpserted(_ k8stypes.NamespacedName,
-	tlsRoute *tree.TLSRoute, mapSNI *maps.MapData, acceptedHostnamesForRoute []string) error {
-
+	tlsRoute *tree.TLSRoute, mapSNI *maps.MapData, acceptedHostnamesForRoute []string,
+) error {
 	for _, tlsRouteRule := range tlsRoute.Rules {
 		// if !rule.Valid {
 		// find the old rule in route.TreeStatus.OldTreeResource.Rules, name is optional

k8s/gate/tree/HTTPRoute.go

@@ -222,7 +222,7 @@ func (r *HTTPRoute) checkParentRef(parentRef gatewayv1.ParentReference, controll
 		}
 	}
 
-	// Récupère le Gateway correspondant
+	// Get the Gateway
 	gwKey := GetParentRefNamespacedName(parentRef, r.K8sResource)
 	treeGw, ok := controllerStore.GateTree.Gateways[gwKey]
 	if ok && treeGw.TreeStatus.Status == store.StatusDeleted {
@@ -240,7 +240,7 @@ func (r *HTTPRoute) checkParentRef(parentRef gatewayv1.ParentReference, controll
 		}
 	}
 
-	// Collecte les listeners attachables
+	// Compute the list of attachable Listeners
 	attachableListeners := make([]*Listener, 0)
 	if parentRef.SectionName != nil {
 		listener, ok := treeGw.Listeners[string(*parentRef.SectionName)]
@@ -262,35 +262,35 @@ func (r *HTTPRoute) checkParentRef(parentRef gatewayv1.ParentReference, controll
 	conds := generic.Conditions{}
 
 	for _, listener := range attachableListeners {
-		// Vérifie la validité du listener
+		// Check if the listener is valid
 		if !listener.Valid {
 			conds.MergeOverrideConditions(rc.ConditionNotAcceptedNoMatchingParent())
 			continue
 		}
 
-		// Vérifie le hostname
+		// Check hostname
 		if !matchHostname(r.K8sResource.Spec.Hostnames, listener.K8sResource.Hostname) {
 			conds.MergeOverrideConditions(rc.ConditionNotAcceptedNoMatchingHostname())
 			continue
 		}
 
-		// Vérifie le type de route autorisé
+		// Check if the route kind is allowed
 		if !r.isAllowedRouteKind(listener, controllerStore.ExtractGVK) {
 			conds.MergeOverrideConditions(rc.ConditionNotAcceptedRouteReasonNotAllowedByListeners())
 			continue
 		}
 
-		// Listener valide, attache la route
+		// Add the route to the listener
 		listener.addAttachedRoute(client.ObjectKeyFromObject(r.K8sResource), controllerStore)
 		validListeners = append(validListeners, listener)
 
-		// Met à jour la KeyMap r.Listeners
+		// Add the listener to the parentRef
 		existing, _ := r.Listeners.Get(parentRef)
 		existing = append(existing, listener)
 		r.Listeners.Set(parentRef, existing)
 	}
 
-	// Si aucun listener valide, retourne les conditions cumulées
+	// If no listener is valid
 	if len(validListeners) == 0 {
 		return checkParentRefResult{
 			Managed:    true,
@@ -299,7 +299,7 @@ func (r *HTTPRoute) checkParentRef(parentRef gatewayv1.ParentReference, controll
 		}
 	}
 
-	// Au moins un listener valide
+	// At least one listener is valid
 	return checkParentRefResult{
 		Managed:    true,
 		Valid:      true,

k8s/gate/utils/utils.go

@@ -212,7 +212,6 @@ func GetNamespacedName(name, namespace, defaultNamespace string) types.Namespace
 func MatchTLSHostnames(listenerHostname *string, routeHostnames []string) []string {
 	// If the listener hostname is not set, it matches any route hostname.
 	if listenerHostname == nil {
-
 		return routeHostnames
 	}
 

taskfile/.vars.yml

@@ -1,14 +1,15 @@
 #https://taskfile.dev/
-version: '3'
+version: "3"
 
 env:
   KUBECTL_VERSION: v1.34.1
   K8S_VERSION: v1.34.0
   ENVTEST_VERSION: v1.34.0 # https://raw.githubusercontent.com/kubernetes-sigs/controller-tools/master/envtest-releases.yaml
-  CLUSTER_NAME: "{{ default \"dev-controller\" .CLUSTER_NAME}}"
-  DOCKER_FILE: "{{ default \"-build/Dockerfile\" .DOCKER_FILE}}"
+  CLUSTER_NAME: '{{ default "dev-controller" .CLUSTER_NAME}}'
+  DOCKER_FILE: '{{ default "-build/Dockerfile" .DOCKER_FILE}}'
   TMP: tmp
-  GATEWAYAPI_CRDS_DOWNLOAD_URL: https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
+  GATEWAYAPI_STANDARD_CRDS_DOWNLOAD_URL: https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
+  GATEWAYAPI_EXPERIMENTAL_CRDS_DOWNLOAD_URL: https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml
 
 vars:
   CONFIG_DIR: "example/deploy"

taskfile/envtest.yml

@@ -1,15 +1,15 @@
 #https://taskfile.dev/
-version: '3'
+version: "3"
 
 tasks:
   download-gateway-crds:
-      silent: true
-      desc: Download Gateway API CRDs and split into individual files
-      vars:
-        OUTDIR: test/integration/api
-      cmds:
-        - mkdir -p /{{.TMP}}
-        - curl -L -o /{{.TMP}}/standard-install.yaml {{.GATEWAYAPI_CRDS_DOWNLOAD_URL}}
-        - cd /{{.TMP}} && csplit --elide-empty-files -f gatewayapicrd- -z --suffix-format='%02d.yaml' standard-install.yaml "/^---$/" "{*}"
-        - mkdir -p crds
-        - mv /{{.TMP}}/gatewayapicrd-* {{.OUTDIR}}
+    silent: true
+    desc: Download Gateway API CRDs and split into individual files
+    vars:
+      OUTDIR: test/integration/api
+    cmds:
+      - mkdir -p /{{.TMP}}
+      - curl -L -o /{{.TMP}}/standard-install.yaml {{.GATEWAYAPI_STANDARD_CRDS_DOWNLOAD_URL}}
+      - cd /{{.TMP}} && csplit --elide-empty-files -f gatewayapicrd- -z --suffix-format='%02d.yaml' standard-install.yaml "/^---$/" "{*}"
+      - mkdir -p crds
+      - mv /{{.TMP}}/gatewayapicrd-* {{.OUTDIR}}

taskfile/k0s.yml

@@ -1,21 +1,20 @@
 #https://taskfile.dev/
-version: '3'
+version: "3"
 
 tasks:
-
   k0s-create-cluster:
     #internal: true
     # deps:
     #   - task: check-go-tool
     #     vars:
     #       TOOL: KIND
     silent: true
-    desc: 'create a k0s cluster with controller'
+    desc: "create a k0s cluster with controller"
     status:
       - task check-if-ci-env # check if we are in CI_ENV, if we are, skip this task
     vars:
-      kind: '{{.TMP}}/kind/{{.KIND_VERSION}}/kind'
-    dir: 'ci/k0s' # this file is imported so its fine
+      kind: "{{.TMP}}/kind/{{.KIND_VERSION}}/kind"
+    dir: "ci/k0s" # this file is imported so its fine
     cmds:
       # - docker-compose down --volumes --remove-orphans || true
       # - docker compose up -d
@@ -29,12 +28,12 @@ tasks:
     #     vars:
     #       TOOL: KIND
     silent: true
-    desc: 'create a k0s cluster with controller'
+    desc: "create a k0s cluster with controller"
     status:
       - task check-if-ci-env # check if we are in CI_ENV, if we are, skip this task
     vars:
-      kind: '{{.TMP}}/kind/{{.KIND_VERSION}}/kind'
-    dir: 'ci/k0s' # this file is imported so its fine
+      kind: "{{.TMP}}/kind/{{.KIND_VERSION}}/kind"
+    dir: "ci/k0s" # this file is imported so its fine
     cmds:
       - echo -n "Waiting for k0s to be ready "
       - |
@@ -63,15 +62,15 @@ tasks:
       - kubectl get pods -A
 
   k0s-controller-build:
-    desc: ''
+    desc: ""
     internal: true
     dir: cmd/controller
     cmds:
       - CGO_ENABLED=0 go build -buildvcs=true -o ../../build/kubernetes-controller .
 
   k0s-build-controller-image-dev:
     #internal: true
-    desc: 'build docker image of controller'
+    desc: "build docker image of controller"
     deps:
       - task: k0s-controller-build
     status:
@@ -82,7 +81,7 @@ tasks:
 
   k0s-build-controller-image-build-in-docker:
     #internal: true
-    desc: 'build docker image of controller'
+    desc: "build docker image of controller"
     deps:
       - task: k0s-controller-build
     status:
@@ -93,17 +92,17 @@ tasks:
 
   k0s-build-echo-image:
     internal: true
-    desc: 'build docker image of echo service'
+    desc: "build docker image of echo service"
     dir: ci/http-echo
     status:
-      - '[ -f ../../.local/tar/echo.tar ]'
+      - "[ -f ../../.local/tar/echo.tar ]"
     cmds:
       - pwd
       - docker build --build-arg TARGETPLATFORM={{.TARGETPLATFORM}} -t haproxytech/http-echo .
 
   k0s-delete:
-    desc: 'delete a k0s cluster'
-    dir: 'ci/k0s' # this file is imported so its fine
+    desc: "delete a k0s cluster"
+    dir: "ci/k0s" # this file is imported so its fine
     silent: true
     cmds:
       - sh stop-k0s.sh
@@ -113,29 +112,29 @@ tasks:
     internal: true
     deps:
       - task: k0s-build-echo-image
-    desc: 'create tar of echo image'
+    desc: "create tar of echo image"
     status:
-      - '[ -f .local/tar/echo.tar ]'
+      - "[ -f .local/tar/echo.tar ]"
     cmds:
       - mkdir -p .local/tar
       - docker save haproxytech/http-echo:latest -o .local/tar/echo.tar
 
   k0s-echo-upload:
-    desc: 'upload echo image to k0s cluster'
+    desc: "upload echo image to k0s cluster"
     silent: true
     internal: true
     cmds:
       - docker cp .local/tar/echo.tar k0s-hug-controller:/tmp/
       - docker exec k0s-hug-controller k0s ctr images import /tmp/echo.tar
 
   k0s-create:
-    desc: 'create a k0s cluster with HUG and one example app'
+    desc: "create a k0s cluster with HUG and one example app"
     silent: true
     vars:
       # can be set to 'k0s-build-controller-image-build-in-docker' if you want to build in the docker image
-      CONTROLLER_BUILD_TASK: 'k0s-build-controller-image-dev'
-      kubectl: '{{.TMP}}/kubectl/{{.KUBECTL_VERSION}}/kubectl'
-      kind: '{{.TMP}}/kind/{{.KIND_VERSION}}/kind'
+      CONTROLLER_BUILD_TASK: "k0s-build-controller-image-dev"
+      kubectl: "{{.TMP}}/kubectl/{{.KUBECTL_VERSION}}/kubectl"
+      kind: "{{.TMP}}/kind/{{.KIND_VERSION}}/kind"
     deps:
       - task: check-go-tool
         vars:
@@ -145,7 +144,7 @@ tasks:
       - task: delimiter
       - task: k0s-create-cluster
       - task: delimiter
-      - task: '{{ .CONTROLLER_BUILD_TASK }}'
+      - task: "{{ .CONTROLLER_BUILD_TASK }}"
       - docker save haproxytech/haproxy-unified-gateway:latest -o hug.tar
       - task: k0s-echo-create-tar
       # - task: delimiter
@@ -164,7 +163,8 @@ tasks:
       - task: delimiter
       - echo "Install custom resource definitions ..."
       - echo "Install Gateway API CRDs"
-      - /{{.kubectl}} apply -f {{.GATEWAYAPI_CRDS_DOWNLOAD_URL}}
+      - /{{.kubectl}} apply -f {{.GATEWAYAPI_STANDARD_CRDS_DOWNLOAD_URL}}
+      - /{{.kubectl}} apply -f {{.GATEWAYAPI_EXPERIMENTAL_CRDS_DOWNLOAD_URL}}
       - echo "Install Gateway API Controller CRDs"
       - /{{.kubectl}} apply -f {{.CONFIG_DIR}}/crd-update/rbac.yaml
       - /{{.kubectl}} apply -f {{.CONFIG_DIR}}/crd-update/job-crd.yaml
@@ -187,11 +187,11 @@ tasks:
         vars:
           TOOL: KIND
       - task: check-kubectl
-    desc: 'redeploy a KinD cluster with IC'
+    desc: "redeploy a KinD cluster with IC"
     silent: true
     vars:
-      kubectl: '{{.TMP}}/kubectl/{{.KUBECTL_VERSION}}/kubectl'
-      kind: '{{.TMP}}/kind/{{.KIND_VERSION}}/kind'
+      kubectl: "{{.TMP}}/kubectl/{{.KUBECTL_VERSION}}/kubectl"
+      kind: "{{.TMP}}/kind/{{.KIND_VERSION}}/kind"
     cmds:
       - task: k0s-build-controller-image-dev
       - task: delimiter