Merge branch 'main' into update-release-template

.github/workflows/tests.yaml

@@ -25,8 +25,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
 
     - name: Setup go
       uses: actions/setup-go@v5
@@ -70,13 +68,40 @@ jobs:
         max_attempts: 3
         command: make verify.generators
 
-  install-with-kustomize:
+  samples:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+
+    - name: Setup go
+      uses: actions/setup-go@v5
       with:
-        fetch-depth: 0
+        go-version-file: go.mod
+
+    - name: Create k8s KinD Cluster
+      uses: helm/[email protected]
+
+    - uses: jdx/mise-action@v2
+      with:
+        install: false
+
+    # We use install.all to install all CRDs and resources also the ones that are not bundled
+    # in base kustomization (e.g. currently AIGateway) but which have samples defined.
+    - name: Verify installing CRDs via kustomize works
+      run: make install.all
+
+    - name: Install and delete each sample one by one
+      run: make test.samples
+
+    - name: Verify that uninstalling operator CRDs via kustomize works
+      run: make uninstall.all
+
+  install-with-kustomize:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
 
     - name: Setup go
       uses: actions/setup-go@v5
@@ -122,8 +147,6 @@ jobs:
     steps:
     - name: checkout repository
       uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
 
     - name: setup golang
       uses: actions/setup-go@v5
@@ -198,8 +221,6 @@ jobs:
     steps:
     - name: checkout repository
       uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
 
     - name: setup golang
       uses: actions/setup-go@v5
@@ -251,8 +272,6 @@ jobs:
     steps:
     - name: checkout repository
       uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
 
     - name: setup golang
       uses: actions/setup-go@v5
@@ -400,8 +419,6 @@ jobs:
 
       - name: checkout repository
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: download tests report
         id: download-coverage
@@ -431,6 +448,7 @@ jobs:
       - install-with-kustomize
       - build
       - unit-tests
+      - samples
       # - conformance-tests
       - integration-tests
       - integration-tests-bluegreen

CHANGELOG.md

@@ -22,6 +22,11 @@
 
 ## Unreleased
 
+### Added
+
+- Add `ExternalTrafficPolicy` to `DataPlane`'s `ServiceOptions`
+  [#241](https://github.com/Kong/gateway-operator/pull/241)
+
 ### Breaking Changes
 
 - Changes project layout to match `kubebuilder` `v4`. Some import paths (due to dir renames) have changed

Makefile

@@ -372,6 +372,10 @@ test.conformance:
 		KGO_RELEASE=$(TAG)
 		GOTESTFLAGS="$(GOTESTFLAGS)"
 
+.PHONY: test.samples
+test.samples: kustomize
+	find ./config/samples -not -name "kustomization.*" -type f | xargs -I{} bash -c "kubectl apply -f {}; kubectl delete -f {}"
+
 # ------------------------------------------------------------------------------
 # Gateway API
 # ------------------------------------------------------------------------------
@@ -492,12 +496,23 @@ debug.skaffold.continuous: _ensure-kong-system-namespace
 install: manifests kustomize install-gateway-api-crds
 	$(KUSTOMIZE) build config/crd | kubectl apply --server-side -f -
 
+# Install standard and experimental CRDs into the K8s cluster specified in ~/.kube/config.
+.PHONY: install.all
+install.all: manifests kustomize install-gateway-api-crds
+	kubectl apply --server-side -f $(PROJECT_DIR)/config/crd/bases/
+
 # Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 # Call with ignore-not-found=true to ignore resource not found errors during deletion.
 .PHONY: uninstall
 uninstall: manifests kustomize uninstall-gateway-api-crds
 	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
+# Uninstall standard and experimental CRDs from the K8s cluster specified in ~/.kube/config.
+# Call with ignore-not-found=true to ignore resource not found errors during deletion.
+.PHONY: uninstall.all
+uninstall.all: manifests kustomize uninstall-gateway-api-crds
+	kubectl delete --ignore-not-found=$(ignore-not-found) -f $(PROJECT_DIR)/config/crd/bases/
+
 # Deploy controller to the K8s cluster specified in ~/.kube/config.
 # This will wait for operator's Deployment to get Available.
 # This uses a temporary directory becuase "kustomize edit set image" would introduce

api/v1beta1/dataplane_types.go

@@ -172,6 +172,27 @@ type ServiceOptions struct {
 	//
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
+
+	// ExternalTrafficPolicy describes how nodes distribute service traffic they
+	// receive on one of the Service's "externally-facing" addresses (NodePorts,
+	// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+	// the service in a way that assumes that external load balancers will take care
+	// of balancing the service traffic between nodes, and so each node will deliver
+	// traffic only to the node-local endpoints of the service, without masquerading
+	// the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+	// be dropped.) The default value, "Cluster", uses the standard behavior of
+	// routing to all endpoints evenly (possibly modified by topology and other
+	// features). Note that traffic sent to an External IP or LoadBalancer IP from
+	// within the cluster will always get "Cluster" semantics, but clients sending to
+	// a NodePort from within the cluster may need to take traffic policy into account
+	// when picking a node.
+	//
+	// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+	//
+	// +optional
+	// +kubebuilder:default=Cluster
+	// +kubebuilder:validation:Enum=Cluster;Local
+	ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"`
 }
 
 // DataPlaneStatus defines the observed state of DataPlane

config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml

@@ -8397,6 +8397,29 @@ spec:
 
                               More info: http://kubernetes.io/docs/user-guide/annotations
                             type: object
+                          externalTrafficPolicy:
+                            default: Cluster
+                            description: |-
+                              ExternalTrafficPolicy describes how nodes distribute service traffic they
+                              receive on one of the Service's "externally-facing" addresses (NodePorts,
+                              ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+                              the service in a way that assumes that external load balancers will take care
+                              of balancing the service traffic between nodes, and so each node will deliver
+                              traffic only to the node-local endpoints of the service, without masquerading
+                              the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+                              be dropped.) The default value, "Cluster", uses the standard behavior of
+                              routing to all endpoints evenly (possibly modified by topology and other
+                              features). Note that traffic sent to an External IP or LoadBalancer IP from
+                              within the cluster will always get "Cluster" semantics, but clients sending to
+                              a NodePort from within the cluster may need to take traffic policy into account
+                              when picking a node.
+
+
+                              More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+                            enum:
+                            - Cluster
+                            - Local
+                            type: string
                           ports:
                             description: |-
                               Ports defines the list of ports that are exposed by the service.

config/crd/bases/gateway-operator.konghq.com_gatewayconfigurations.yaml

@@ -16254,6 +16254,29 @@ spec:
 
                                   More info: http://kubernetes.io/docs/user-guide/annotations
                                 type: object
+                              externalTrafficPolicy:
+                                default: Cluster
+                                description: |-
+                                  ExternalTrafficPolicy describes how nodes distribute service traffic they
+                                  receive on one of the Service's "externally-facing" addresses (NodePorts,
+                                  ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+                                  the service in a way that assumes that external load balancers will take care
+                                  of balancing the service traffic between nodes, and so each node will deliver
+                                  traffic only to the node-local endpoints of the service, without masquerading
+                                  the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+                                  be dropped.) The default value, "Cluster", uses the standard behavior of
+                                  routing to all endpoints evenly (possibly modified by topology and other
+                                  features). Note that traffic sent to an External IP or LoadBalancer IP from
+                                  within the cluster will always get "Cluster" semantics, but clients sending to
+                                  a NodePort from within the cluster may need to take traffic policy into account
+                                  when picking a node.
+
+
+                                  More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+                                enum:
+                                - Cluster
+                                - Local
+                                type: string
                               type:
                                 default: LoadBalancer
                                 description: |-

config/crd/dataplane/gateway-operator.konghq.com_dataplanes.yaml

@@ -8397,6 +8397,29 @@ spec:
 
                               More info: http://kubernetes.io/docs/user-guide/annotations
                             type: object
+                          externalTrafficPolicy:
+                            default: Cluster
+                            description: |-
+                              ExternalTrafficPolicy describes how nodes distribute service traffic they
+                              receive on one of the Service's "externally-facing" addresses (NodePorts,
+                              ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+                              the service in a way that assumes that external load balancers will take care
+                              of balancing the service traffic between nodes, and so each node will deliver
+                              traffic only to the node-local endpoints of the service, without masquerading
+                              the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+                              be dropped.) The default value, "Cluster", uses the standard behavior of
+                              routing to all endpoints evenly (possibly modified by topology and other
+                              features). Note that traffic sent to an External IP or LoadBalancer IP from
+                              within the cluster will always get "Cluster" semantics, but clients sending to
+                              a NodePort from within the cluster may need to take traffic policy into account
+                              when picking a node.
+
+
+                              More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+                            enum:
+                            - Cluster
+                            - Local
+                            type: string
                           ports:
                             description: |-
                               Ports defines the list of ports that are exposed by the service.

controller/gateway/controller_reconciler_utils.go

@@ -134,8 +134,9 @@ func gatewayConfigDataPlaneOptionsToDataPlaneOptions(opts operatorv1beta1.Gatewa
 			Services: &operatorv1beta1.DataPlaneServices{
 				Ingress: &operatorv1beta1.DataPlaneServiceOptions{
 					ServiceOptions: operatorv1beta1.ServiceOptions{
-						Type:        opts.Network.Services.Ingress.Type,
-						Annotations: opts.Network.Services.Ingress.Annotations,
+						Type:                  opts.Network.Services.Ingress.Type,
+						Annotations:           opts.Network.Services.Ingress.Annotations,
+						ExternalTrafficPolicy: opts.Network.Services.Ingress.ExternalTrafficPolicy,
 					},
 				},
 			},