Introduce GatewayControllerMode

Co-authored-by: Daniel Grimm <dgrimm@redhat.com> Signed-off-by: Yann Liu <yannliu@redhat.com> Move GatewayControllerMode filtering
rh-bjeon · Jun 4, 2024 · 88ab835 · 88ab835
1 parent e9f19f0
commit 88ab835
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 1 deletion.
diff --git a/pilot/pkg/bootstrap/server.go b/pilot/pkg/bootstrap/server.go
@@ -1134,7 +1134,7 @@ func (s *Server) initControllers(args *PilotArgs) error {
 
 	s.initSDSServer()
 
-	if features.EnableEnhancedResourceScoping {
+	if features.EnableEnhancedResourceScoping || features.EnableGatewayControllerMode {
 		// setup namespace filter
 		args.RegistryOptions.KubeOptions.DiscoveryNamespacesFilter = s.multiclusterController.DiscoveryNamespacesFilter
 	}

diff --git a/pilot/pkg/config/kube/crdclient/client.go b/pilot/pkg/config/kube/crdclient/client.go
@@ -353,6 +353,10 @@ func (cl *Client) addCRD(name string) {
 	filter := cl.filtersByGVK[resourceGVK]
 	objectFilter := filter.ObjectFilter
 	filter.ObjectFilter = func(t any) bool {
+		// if in gw controller mode, don't filter gw-api resources
+		if features.EnableGatewayControllerMode && s.Group() == gvk.KubernetesGateway.Group {
+			return true
+		}
 		if objectFilter != nil && !objectFilter(t) {
 			return false
 		}

diff --git a/pilot/pkg/features/pilot.go b/pilot/pkg/features/pilot.go
@@ -716,6 +716,10 @@ var (
 
 	EnableIOR = env.RegisterBoolVar("ENABLE_IOR", false,
 		"Whether to enable IOR component, which provides integration between Istio Gateways and OpenShift Routes").Get()
+
+	EnableGatewayControllerMode = env.Register("PILOT_ENABLE_GATEWAY_CONTROLLER_MODE", false,
+		"If enabled, istiod will watch Gateway API and k8s resources in every namespace, but Istio resources will be limited to "+
+			"namespaces that match the meshConfig.discoverySelectors").Get()
 )
 
 // UnsafeFeaturesEnabled returns true if any unsafe features are enabled.

diff --git a/pilot/pkg/serviceregistry/kube/controller/controller.go b/pilot/pkg/serviceregistry/kube/controller/controller.go
@@ -279,6 +279,10 @@ func NewController(kubeClient kubelib.Client, options Options) *Controller {
 			)
 		}
 
+		// don't use discoveryFilters if in gw-controller mode. always watch all namespaces
+		if features.EnableGatewayControllerMode {
+			c.opts.DiscoveryNamespacesFilter = namespace.NewDiscoveryNamespacesFilter(c.namespaces, []*metav1.LabelSelector{})
+		}
 		if c.opts.DiscoveryNamespacesFilter == nil {
 			c.opts.DiscoveryNamespacesFilter = namespace.NewDiscoveryNamespacesFilter(c.namespaces, options.MeshWatcher.Mesh().DiscoverySelectors)
 		}