Skip to content

Commit

Permalink
secret filter
Browse files Browse the repository at this point in the history 
Signed-off-by: Shubham Chauhan <shubham@tetrate.io>
  • Loading branch information
@chauhanshubham
chauhanshubham committed Nov 30, 2022
1 parent d120c23 commit 4ce9fd0
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 2 deletions.
9 changes: 7 additions & 2 deletions internal/provider/kubernetes/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,8 @@ func newGatewayAPIController(mgr manager.Manager, cfg *config.Server, su status.
if err := c.Watch(
&source.Kind{Type: &gwapiv1b1.Gateway{}},
&handler.EnqueueRequestForObject{},
predicate.NewPredicateFuncs(r.validateGatewayForReconcile)); err != nil {
predicate.NewPredicateFuncs(r.validateGatewayForReconcile),
); err != nil {
return err
}
if err := addGatewayIndexers(ctx, mgr); err != nil {
Expand Down Expand Up @@ -124,7 +125,11 @@ func newGatewayAPIController(mgr manager.Manager, cfg *config.Server, su status.
}

// Watch Secret CRUDs and process affected Gateways.
if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForObject{}); err != nil {
if err := c.Watch(
&source.Kind{Type: &corev1.Secret{}},
&handler.EnqueueRequestForObject{},
predicate.NewPredicateFuncs(r.validateSecretForReconcile),
); err != nil {
return err
}

Expand Down
29 changes: 29 additions & 0 deletions internal/provider/kubernetes/predicates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,17 @@ import (
"context"

"github.com/envoyproxy/gateway/internal/gatewayapi"
"github.com/envoyproxy/gateway/internal/provider/utils"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
)

// TODO: all predicate functions are unti test candidates.

// hasMatchingController returns true if the provided object is a GatewayClass
// with a Spec.Controller string matching this Envoy Gateway's controller string,
// or false otherwise.
Expand Down Expand Up @@ -103,3 +108,27 @@ func (r *gatewayAPIReconciler) validateRouteParentReferences(refs []gwapiv1b1.Pa

return true
}

func (r *gatewayAPIReconciler) validateSecretForReconcile(obj client.Object) bool {
secret, ok := obj.(*corev1.Secret)
if !ok {
r.log.Info("unexpected object type, bypassing reconciliation", "object", obj)
return false
}

gwList := &gwapiv1b1.GatewayList{}
if err := r.client.List(context.Background(), gwList, &client.ListOptions{
FieldSelector: fields.OneTermEqualSelector(secretGatewayIndex, utils.NamespacedName(secret).String()),
}); err != nil {
r.log.Error(err, "unable to find associated HTTPRoutes")
return false
}

for _, gw := range gwList.Items {
if !r.validateGatewayForReconcile(&gw) {
return false
}
}

return true
}

0 comments on commit 4ce9fd0

Please sign in to comment.