Skip to content

Commit

Permalink
feature: add ref grant
Browse files Browse the repository at this point in the history
Signed-off-by: tanujd11 <[email protected]>
  • Loading branch information
tanujd11 committed Sep 13, 2023
1 parent 49f104e commit cb46735
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 5 deletions.
12 changes: 12 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,18 @@ rules:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
Expand Down
2 changes: 2 additions & 0 deletions config/samples/tcproute/gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,15 @@ kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: blixt-tcproute-sample
namespace: gwapi-ref-ns
spec:
controllerName: konghq.com/blixt
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: blixt-tcproute-sample
namespace: gwapi-ref-ns
spec:
gatewayClassName: blixt-tcproute-sample
listeners:
Expand Down
5 changes: 5 additions & 0 deletions config/samples/tcproute/server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,8 @@ spec:
selector:
app: blixt-tcproute-sample
type: ClusterIP
---
apiVersion: v1
kind: Namespace
metadata:
name: gwapi-ref-ns
16 changes: 16 additions & 0 deletions config/samples/tcproute/tcproute.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: blixt-tcproute-sample
namespace: gwapi-ref-ns
spec:
parentRefs:
- name: blixt-tcproute-sample
Expand All @@ -10,3 +11,18 @@ spec:
- backendRefs:
- name: blixt-tcproute-sample
port: 8080
namespace: default
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: tcproute-sample-ref
namespace: default
spec:
from:
- group: gateway.networking.k8s.io
kind: TCPRoute
namespace: gwapi-ref-ns
to:
- group: ""
kind: Service
1 change: 1 addition & 0 deletions controllers/gateway_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
)

//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=referencegrants,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/finalizers,verbs=update

Expand Down
58 changes: 53 additions & 5 deletions internal/dataplane/client/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package client
import (
context "context"
"encoding/binary"
"errors"
"fmt"
"net"

Expand Down Expand Up @@ -40,7 +41,12 @@ func CompileUDPRouteToDataPlaneBackend(ctx context.Context, c client.Client, udp
// TODO only using one endpoint for now until https://github.com/Kong/blixt/issues/10
var target *Target
if udproute.DeletionTimestamp == nil {
endpoints, err := endpointsFromBackendRef(ctx, c, udproute.Namespace, backendRef)
from := objectKindNamespacedName{
kind: udproute.Kind,
namespace: udproute.Namespace,
name: udproute.Name,
}
endpoints, err := endpointsFromBackendRef(ctx, from, c, udproute.Namespace, backendRef)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -112,7 +118,12 @@ func CompileTCPRouteToDataPlaneBackend(ctx context.Context, c client.Client, tcp
// TODO only using one endpoint for now until https://github.com/Kong/blixt/issues/10
var target *Target
if tcproute.DeletionTimestamp == nil {
endpoints, err := endpointsFromBackendRef(ctx, c, tcproute.Namespace, backendRef)
from := objectKindNamespacedName{
kind: tcproute.Kind,
namespace: tcproute.Namespace,
name: tcproute.Name,
}
endpoints, err := endpointsFromBackendRef(ctx, from, c, tcproute.Namespace, backendRef)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -156,9 +167,46 @@ func CompileTCPRouteToDataPlaneBackend(ctx context.Context, c client.Client, tcp
return targets, nil
}

func endpointsFromBackendRef(ctx context.Context, c client.Client, namespace string, backendRef gatewayv1alpha2.BackendRef) (*corev1.Endpoints, error) {
if backendRef.Namespace != nil {
namespace = string(*backendRef.Namespace)
type objectKindNamespacedName struct {
kind string
namespace string
name string
}

func endpointsFromBackendRef(ctx context.Context, from objectKindNamespacedName, c client.Client, namespace string, backendRef gatewayv1alpha2.BackendRef) (*corev1.Endpoints, error) {
refGrantFoundOrNotNeeded := false
if backendRef.Namespace != nil && from.namespace != string(*backendRef.Namespace) {
refGrantList := &gatewayv1beta1.ReferenceGrantList{}
err := c.List(ctx, refGrantList, &client.ListOptions{Namespace: string(*backendRef.Namespace)})
for _, refGrant := range refGrantList.Items {
useRefGrant := false
for _, dest := range refGrant.Spec.To {
if dest.Group == "" && dest.Kind == "Service" {
useRefGrant = true
break
}
}
if !useRefGrant {
continue
}
for _, src := range refGrant.Spec.From {
if src.Kind == gatewayv1alpha2.Kind(from.kind) && string(src.Namespace) == from.namespace {
refGrantFoundOrNotNeeded = true
namespace = string(*backendRef.Namespace)
break
}
}
}
if err != nil {
return nil, errors.New("not able to list reference grant")
}

} else if backendRef.Namespace == nil {
refGrantFoundOrNotNeeded = true
}

if !refGrantFoundOrNotNeeded {
return nil, errors.New("route does not have reference grant for endpoints")
}

endpoints := new(corev1.Endpoints)
Expand Down

0 comments on commit cb46735

Please sign in to comment.