!52 cross namespace routing for gateway and httproute

Merge pull request !52 from niklaus-x/cross-ns-work0105

Author: Niklaus-xie

controllers/v1_controller.go

@@ -48,6 +48,36 @@ type NodeReconciler struct {
 	Scheme *runtime.Scheme
 }
 
+type NamespaceReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+}
+
+func (r *NamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	if !pkg.ActiveSIGs.SyncedAtStart {
+		<-time.After(100 * time.Millisecond)
+		return ctrl.Result{Requeue: true}, nil
+	}
+
+	var obj v1.Namespace
+
+	lctx := context.WithValue(ctx, utils.CtxKey_Logger, utils.NewLog(uuid.New().String(), "debug"))
+	slog := utils.LogFromContext(lctx)
+	slog.Debugf("Namespace event: " + req.Name)
+
+	if err := r.Get(ctx, req.NamespacedName, &obj); err != nil {
+		if client.IgnoreNotFound(err) == nil {
+			pkg.ActiveSIGs.UnsetNamespace(req.Name)
+			return ctrl.Result{}, nil
+		} else {
+			return ctrl.Result{}, err
+		}
+	} else {
+		pkg.ActiveSIGs.SetNamespace(obj.DeepCopy())
+		return ctrl.Result{}, nil
+	}
+}
+
 func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	lctx := context.WithValue(ctx, utils.CtxKey_Logger, utils.NewLog(uuid.New().String(), "debug"))
 	var obj v1.Endpoints
@@ -149,18 +179,20 @@ func (r *NodeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.
 
 // SetupReconcilerForCoreV1WithManager sets up the v1 controllers with the Manager.
 func SetupReconcilerForCoreV1WithManager(mgr ctrl.Manager) error {
-	rEps, rSvc, rNode :=
+	rEps, rSvc, rNode, rNs :=
 		&EndpointsReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()},
 		&ServiceReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()},
-		&NodeReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()}
+		&NodeReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()},
+		&NamespaceReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()}
 
-	err1, err2, err3 :=
+	err1, err2, err3, err4 :=
 		ctrl.NewControllerManagedBy(mgr).For(&v1.Endpoints{}).Complete(rEps),
 		ctrl.NewControllerManagedBy(mgr).For(&v1.Service{}).Complete(rSvc),
-		ctrl.NewControllerManagedBy(mgr).For(&v1.Node{}).Complete(rNode)
+		ctrl.NewControllerManagedBy(mgr).For(&v1.Node{}).Complete(rNode),
+		ctrl.NewControllerManagedBy(mgr).For(&v1.Namespace{}).Complete(rNs)
 
 	errmsg := ""
-	for _, err := range []error{err1, err2, err3} {
+	for _, err := range []error{err1, err2, err3, err4} {
 		if err != nil {
 			errmsg += err.Error() + ";"
 		}

pkg/cache.go

@@ -30,31 +30,48 @@ func init() {
 		HTTPRoute:      map[string]*gatewayv1beta1.HTTPRoute{},
 		Endpoints:      map[string]*v1.Endpoints{},
 		Service:        map[string]*v1.Service{},
-		GatewayClasses: map[string]*gatewayv1beta1.GatewayClass{},
+		GatewayClass:   map[string]*gatewayv1beta1.GatewayClass{},
+		Namespace:      map[string]*v1.Namespace{},
 	}
 }
 
+func (c *SIGCache) SetNamespace(obj *v1.Namespace) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	if obj != nil {
+		c.Namespace[obj.Name] = obj
+	}
+}
+
+func (c *SIGCache) UnsetNamespace(keyname string) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+
+	delete(c.Namespace, keyname)
+}
+
 func (c *SIGCache) SetGatewayClass(obj *gatewayv1beta1.GatewayClass) {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
 
 	if obj != nil {
-		c.GatewayClasses[obj.Name] = obj
+		c.GatewayClass[obj.Name] = obj
 	}
 }
 
 func (c *SIGCache) UnsetGatewayClass(keyname string) {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
 
-	delete(c.GatewayClasses, keyname)
+	delete(c.GatewayClass, keyname)
 }
 
 func (c *SIGCache) GetGatewayClass(keyname string) *gatewayv1beta1.GatewayClass {
 	c.mutex.RLock()
 	defer c.mutex.RUnlock()
 
-	return c.GatewayClasses[keyname]
+	return c.GatewayClass[keyname]
 }
 
 func (c *SIGCache) SetGateway(obj *gatewayv1beta1.Gateway) {
@@ -211,6 +228,15 @@ func (c *SIGCache) _attachedHTTPRoutes(gw *gatewayv1beta1.Gateway) []*gatewayv1b
 		return []*gatewayv1beta1.HTTPRoute{}
 	}
 
+	allowedRoutes := map[string]*gatewayv1beta1.AllowedRoutes{}
+	for _, listener := range gw.Spec.Listeners {
+		vsname := gwListenerName(gw, &listener)
+
+		if listener.AllowedRoutes != nil {
+			allowedRoutes[vsname] = listener.AllowedRoutes
+		}
+	}
+
 	hrs := []*gatewayv1beta1.HTTPRoute{}
 	for _, hr := range ActiveSIGs.HTTPRoute {
 		for _, pr := range hr.Spec.ParentRefs {
@@ -219,7 +245,15 @@ func (c *SIGCache) _attachedHTTPRoutes(gw *gatewayv1beta1.Gateway) []*gatewayv1b
 				ns = string(*pr.Namespace)
 			}
 			if utils.Keyname(ns, string(pr.Name)) == utils.Keyname(gw.Namespace, gw.Name) {
-				hrs = append(hrs, hr)
+				vsname := hrParentName(hr, &pr)
+				if allowed, ok := allowedRoutes[vsname]; ok {
+					if routeNs, ok := ActiveSIGs.Namespace[hr.Namespace]; ok {
+						matched := namespaceMatches(gw.Namespace, allowed.Namespaces, routeNs)
+						if matched {
+							hrs = append(hrs, hr)
+						}
+					}
+				}
 			}
 		}
 	}
@@ -274,7 +308,7 @@ func (c *SIGCache) AllAttachedServiceKeys() []string {
 	defer c.mutex.RUnlock()
 
 	svcs := []string{}
-	for _, gwc := range c.GatewayClasses {
+	for _, gwc := range c.GatewayClass {
 		for _, gw := range c._attachedGateways(gwc) {
 			for _, hr := range c._attachedHTTPRoutes(gw) {
 				svcs = append(svcs, c._attachedServiceKeys(hr)...)
@@ -438,6 +472,7 @@ func (c *SIGCache) syncCoreV1Resources(mgr manager.Manager) error {
 			c.Endpoints[utils.Keyname(eps.Namespace, eps.Name)] = eps.DeepCopy()
 		}
 	}
+
 	if svcList, err := kubeClient.CoreV1().Services(v1.NamespaceAll).List(context.TODO(), metav1.ListOptions{}); err != nil {
 		return err
 	} else {
@@ -446,6 +481,16 @@ func (c *SIGCache) syncCoreV1Resources(mgr manager.Manager) error {
 			c.Service[utils.Keyname(svc.Namespace, svc.Name)] = svc.DeepCopy()
 		}
 	}
+
+	if nsList, err := kubeClient.CoreV1().Namespaces().List(context.TODO(), metav1.ListOptions{}); err != nil {
+		return nil
+	} else {
+		for _, ns := range nsList.Items {
+			slog.Debugf("found ns: %s", ns.Name)
+			c.Namespace[ns.Name] = ns.DeepCopy()
+		}
+	}
+
 	if nList, err := kubeClient.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{}); err != nil {
 		return err
 	} else {
@@ -495,7 +540,7 @@ func (c *SIGCache) syncGatewayResources(mgr manager.Manager) error {
 		for _, gwc := range gwcList.Items {
 			if gwc.Spec.ControllerName == gatewayv1beta1.GatewayController(ActiveSIGs.ControllerName) {
 				slog.Debugf("found gatewayclass %s", gwc.Name)
-				c.GatewayClasses[gwc.Name] = gwc.DeepCopy()
+				c.GatewayClass[gwc.Name] = gwc.DeepCopy()
 			} else {
 				msg := fmt.Sprintf("This gwc's ControllerName %s not equal to this controller. Ignore.", gwc.Spec.ControllerName)
 				slog.Debugf(msg)

pkg/types.go

@@ -32,7 +32,8 @@ type SIGCache struct {
 	HTTPRoute      map[string]*gatewayv1beta1.HTTPRoute
 	Endpoints      map[string]*v1.Endpoints
 	Service        map[string]*v1.Service
-	GatewayClasses map[string]*gatewayv1beta1.GatewayClass
+	GatewayClass   map[string]*gatewayv1beta1.GatewayClass
+	Namespace      map[string]*v1.Namespace
 }
 
 type BIGIPConfigs []BIGIPConfig

pkg/utils.go

@@ -3,6 +3,9 @@ package pkg
 import (
 	"strings"
 
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 )
 
@@ -21,3 +24,24 @@ func hrParentName(hr *gatewayv1beta1.HTTPRoute, pr *gatewayv1beta1.ParentReferen
 func gwListenerName(gw *gatewayv1beta1.Gateway, ls *gatewayv1beta1.Listener) string {
 	return strings.Join([]string{"gw", gw.Namespace, gw.Name, string(ls.Name)}, ".")
 }
+
+func namespaceMatches(gwNamespace string, namespaces *gatewayv1beta1.RouteNamespaces, routeNs *v1.Namespace) bool {
+	if namespaces == nil || namespaces.From == nil {
+		return true
+	}
+
+	switch *namespaces.From {
+	case gatewayv1beta1.NamespacesFromAll:
+		return true
+	case gatewayv1beta1.NamespacesFromSame:
+		return gwNamespace == routeNs.Name
+	case gatewayv1beta1.NamespacesFromSelector:
+		if selector, err := metav1.LabelSelectorAsSelector(namespaces.Selector); err != nil {
+			return false
+		} else {
+			return selector.Matches(labels.Set(routeNs.Labels))
+		}
+	}
+
+	return true
+}