Skip to content

Commit

Permalink
backport commits to release/3.1.x (#5665)
Browse files Browse the repository at this point in the history 
* feat: managed gateways config pushed when accepted (#5662)

Signed-off-by: Mattia Lavacca <[email protected]>

* fix(controllers) skip routes bound to excluded GWs (#5642)

In single-Gateway mode, properly skip route parent references for other
Gateways when determining whether to include a route.

* chore: generate validating webhook config using controller-gen (#5659)

* tests: port KongVault validation webhook tests to envtests (#5605)

Co-authored-by: Patryk Małek <[email protected]>

---------

Signed-off-by: Mattia Lavacca <[email protected]>
Co-authored-by: Travis Raines <[email protected]>
Co-authored-by: Grzegorz Burzyński <[email protected]>
Co-authored-by: Patryk Małek <[email protected]>
  • Loading branch information
@mlavacca @rainest
@czeslavo @pmalek
4 people authored Feb 28, 2024
1 parent fcc24cb commit fc60603
Show file tree
Hide file tree
Showing 18 changed files with 832 additions and 208 deletions.
7 changes: 7 additions & 0 deletions .github/test_dependencies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,10 @@ integration:
kongintegration:
# renovate: datasource=docker depName=kong versioning=docker
kong-oss: '3.5.0'

envtests:
# Because of a bug that was introduced in Kong EE 3.5 (https://konghq.atlassian.net/browse/KAG-3699),
# we need to stick to 3.4 in order to make our KongVault validation tests stable.
# This version should be bumped to the current one once the bug is fixed.
# renovate: datasource=docker depName=kong/kong-gateway versioning=docker
kong-ee: '3.4.3.4'
17 changes: 17 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,23 @@ Adding a new version? You'll need three changes:
- [0.0.5](#005)
- [0.0.4 and prior](#004-and-prior)

## Unreleased

### Added

- Managed Gateways now trigger gateway reconciliation loops, but do not get their
status updated, they only become part of the configuration published to Kong.
[#5662](https://github.com/Kong/kubernetes-ingress-controller/pull/5662)

### Fixed

- When managed Kong gateways are OSS edition, KIC will not apply licenses to
the Kong gateway instances to avoid invalid configurations.
[#5640](https://github.com/Kong/kubernetes-ingress-controller/pull/5640)
- Fixed an issue where single-Gateway mode did not actually filter out routes
associated with other Gateways in the controller class.
[#5642](https://github.com/Kong/kubernetes-ingress-controller/pull/5642)

## [3.1.0]

> Release date: 2024-02-07
Expand Down
6 changes: 5 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ CRD_INCUBATOR_GEN_PATHS ?= ./pkg/apis/incubator/...
CRD_OPTIONS ?= "+crd:allowDangerousTypes=true"

.PHONY: manifests
manifests: manifests.crds manifests.rbac manifests.single
manifests: manifests.crds manifests.rbac manifests.webhook manifests.single

.PHONY: manifests.crds
manifests.crds: controller-gen ## Generate WebhookConfiguration and CustomResourceDefinition objects.
Expand All @@ -223,6 +223,10 @@ manifests.rbac: controller-gen
$(CONTROLLER_GEN) rbac:roleName=kong-ingress-gateway paths="./internal/controllers/gateway/" output:rbac:artifacts:config=config/rbac/gateway
$(CONTROLLER_GEN) rbac:roleName=kong-ingress-crds paths="./internal/controllers/crds/" output:rbac:artifacts:config=config/rbac/crds

.PHONY: manifests.webhook
manifests.webhook: controller-gen ## Generate ValidatingWebhookConfiguration.
$(CONTROLLER_GEN) webhook paths="./internal/admission/..." output:webhook:artifacts:config=config/webhook

.PHONY: manifests.single
manifests.single: kustomize ## Compose single-file deployment manifests from building blocks
./scripts/build-single-manifests.sh
Expand Down
248 changes: 248 additions & 0 deletions config/webhook/manifests.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,248 @@
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: gateways.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- gateway.networking.k8s.io
apiVersions:
- v1
- v1beta1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- gateways
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: httproutes.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- gateway.networking.k8s.io
apiVersions:
- v1
- v1beta1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- httproutes
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: ingresses.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- ingresses
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongclusterplugins.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- kongclusterplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongconsumergroups.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- kongconsumergroups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongconsumers.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- kongconsumers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongingresses.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- kongingresses
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongplugins.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- kongplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: kongvaults.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- configuration.konghq.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- kongvaults
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: secrets.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- secrets
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /
failurePolicy: Fail
matchPolicy: Equivalent
name: services.validation.ingress-controller.konghq.com
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- services
sideEffects: None
Loading

0 comments on commit fc60603

Please sign in to comment.