From f7fd87cd05e2f267055d1f8d6d45ffb9326b7a01 Mon Sep 17 00:00:00 2001 From: Shashank Ram <21697719+shashankram@users.noreply.github.com> Date: Thu, 30 Jan 2025 09:43:53 -0800 Subject: [PATCH] [backport] gateway2: skip non-Gloo Gateways (#10587) Signed-off-by: Shashank Ram --- changelog/v1.18.7/check-gw.yaml | 7 +++++ projects/gateway2/controller/start.go | 27 +++++++++++-------- .../gateway2/proxy_syncer/proxy_syncer.go | 13 ++++++--- 3 files changed, 33 insertions(+), 14 deletions(-) create mode 100644 changelog/v1.18.7/check-gw.yaml diff --git a/changelog/v1.18.7/check-gw.yaml b/changelog/v1.18.7/check-gw.yaml new file mode 100644 index 00000000000..4b0fc1f311e --- /dev/null +++ b/changelog/v1.18.7/check-gw.yaml @@ -0,0 +1,7 @@ +changelog: + - type: FIX + issueLink: https://github.com/solo-io/solo-projects/issues/7768 + resolvesIssue: false + description: | + Fixes a bug where we translate Gateways that do not belong to us. + diff --git a/projects/gateway2/controller/start.go b/projects/gateway2/controller/start.go index 0bdf3af05f2..068838e6e9b 100644 --- a/projects/gateway2/controller/start.go +++ b/projects/gateway2/controller/start.go @@ -84,11 +84,12 @@ type StartConfig struct { // It is intended to be run in a goroutine as the function will block until the supplied // context is cancelled type ControllerBuilder struct { - proxySyncer *proxy_syncer.ProxySyncer - inputChannels *proxy_syncer.GatewayInputChannels - cfg StartConfig - k8sGwExtensions ext.K8sGatewayExtensions - mgr ctrl.Manager + proxySyncer *proxy_syncer.ProxySyncer + inputChannels *proxy_syncer.GatewayInputChannels + cfg StartConfig + k8sGwExtensions ext.K8sGatewayExtensions + mgr ctrl.Manager + allowedGatewayClasses sets.Set[string] } func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuilder, error) { @@ -170,6 +171,8 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil return nil, err } + allowedGatewayClasses := sets.New(append(cfg.SetupOpts.ExtraGatewayClasses, wellknown.GatewayClassName)...) + // Create the proxy syncer for the Gateway API resources setupLog.Info("initializing proxy syncer") proxySyncer := proxy_syncer.NewProxySyncer( @@ -190,6 +193,7 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil cfg.SyncerExtensions, cfg.GlooStatusReporter, cfg.SetupOpts.ProxyReconcileQueue, + allowedGatewayClasses, ) proxySyncer.Init(ctx, cfg.Debugger) if err := mgr.Add(proxySyncer); err != nil { @@ -198,11 +202,12 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil } return &ControllerBuilder{ - proxySyncer: proxySyncer, - inputChannels: inputChannels, - cfg: cfg, - k8sGwExtensions: k8sGwExtensions, - mgr: mgr, + proxySyncer: proxySyncer, + inputChannels: inputChannels, + cfg: cfg, + k8sGwExtensions: k8sGwExtensions, + mgr: mgr, + allowedGatewayClasses: allowedGatewayClasses, }, nil } @@ -246,7 +251,7 @@ func (c *ControllerBuilder) Start(ctx context.Context) error { gwCfg := GatewayConfig{ Mgr: c.mgr, - GWClasses: sets.New(append(c.cfg.SetupOpts.ExtraGatewayClasses, wellknown.GatewayClassName)...), + GWClasses: c.allowedGatewayClasses, ControllerName: wellknown.GatewayControllerName, AutoProvision: AutoProvision, ControlPlane: deployer.ControlPlaneInfo{ diff --git a/projects/gateway2/proxy_syncer/proxy_syncer.go b/projects/gateway2/proxy_syncer/proxy_syncer.go index 91073585952..bd177c3e6ee 100644 --- a/projects/gateway2/proxy_syncer/proxy_syncer.go +++ b/projects/gateway2/proxy_syncer/proxy_syncer.go @@ -24,6 +24,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/pkg/syncer/setup" "github.com/solo-io/gloo/projects/gloo/pkg/xds" rlkubev1a1 "github.com/solo-io/solo-apis/pkg/api/ratelimit.solo.io/v1alpha1" + "k8s.io/apimachinery/pkg/util/sets" "github.com/solo-io/solo-kit/pkg/api/v1/clients/common" "github.com/solo-io/solo-kit/pkg/api/v1/clients/kubesecret" @@ -93,8 +94,9 @@ type ProxySyncer struct { proxiesToReconcile krt.Singleton[proxyList] proxyTrigger *krt.RecomputeTrigger - destRules DestinationRuleIndex - translator setup.TranslatorFactory + destRules DestinationRuleIndex + translator setup.TranslatorFactory + allowedGatewayClasses sets.Set[string] waitForSync []cache.InformerSynced } @@ -133,6 +135,7 @@ func NewProxySyncer( syncerExtensions []syncer.TranslatorSyncerExtension, glooReporter reporter.StatusReporter, proxyReconcileQueue ggv2utils.AsyncQueue[gloov1.ProxyList], + allowedGatewayClasses sets.Set[string], ) *ProxySyncer { return &ProxySyncer{ initialSettings: initialSettings, @@ -154,7 +157,8 @@ func NewProxySyncer( // once we audit the plugins to be safe for concurrent use, we can instantiate the translator here. // this will also have the advantage, that the plugin life-cycle will outlive a single translation // so that they could own krt collections internally. - translator: translator, + translator: translator, + allowedGatewayClasses: allowedGatewayClasses, } } @@ -409,6 +413,9 @@ func (s *ProxySyncer) Init(ctx context.Context, dbg *krt.DebugHandler) error { s.proxyTrigger = krt.NewRecomputeTrigger(true) glooProxies := krt.NewCollection(kubeGateways, func(kctx krt.HandlerContext, gw *gwv1.Gateway) *glooProxy { + if !s.allowedGatewayClasses.Has(string(gw.Spec.GatewayClassName)) { + return nil + } logger.Debugf("building proxy for kube gw %s version %s", client.ObjectKeyFromObject(gw), gw.GetResourceVersion()) s.proxyTrigger.MarkDependant(kctx) proxy := s.buildProxy(ctx, gw)