feat: watch resource with selectors (#1661)

* add namespaceSelectors watch mode for Kubernetes provider Add namespaceSelectors watch mode for Kubernetes provider. Users will need to specify `EnvoyGateway.Provider.Type` and precisely one of `EnvoyGateway.Provider.Kubernetes.Wach.Namespaces` and `EnvoyGateway.Provider.Kubernetes.Wach.NamespaceSelectors` to set the KuberNtes wach mode. The namespaceSelectors doesn't change the namespace informers watch. The informer still watches all namespaces. The events which have Objects that are not under namesapces with the labels set by `NamespaceSelectors` are filtered out. Signed-off-by: Den Tsou <den3tsou@gmail.com> * fix: fix typos Signed-off-by: Den Tsou <den3tsou@gmail.com> * fix: fix a test and fix a bug that pointer wasn't checked Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: remove an unneeded comment Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: replace string type with KubernetesWatchModeType Signed-off-by: Den Tsou <den3tsou@gmail.com> * fix: use right values for KubernetesWatchModeType Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: run make generate Signed-off-by: Den Tsou <den3tsou@gmail.com> * wip: update to check all object's namespaces returned by client * This is a protytpe. Refactoring is required to make the code more readable because the code is getting more complex after adding this logic * Update to check all labels of namespaces of objects returned by client * Fix a bug that wrong type was checked * Don't apply predicate to filter out the event related to GatewayClass because GatewayClass is cluster scoped object * Simple test to check if only certain number of gateway is returned. More test logic is indeed needed to be added Signed-off-by: Den Tsou <den3tsou@gmail.com> * refactor: move namespace labels to struct field Signed-off-by: Den Tsou <den3tsou@gmail.com> * resolve the issue casued by resolving conflicts Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: add test for gateway Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: clean up some todo and add a comment Signed-off-by: Den Tsou <den3tsou@gmail.com> * chore: address PR comments * Update hasMatchingNamespaceLabels signature because labels is part of the struct field now * Remove the logic to check namespace of certificate ref because it is not necessary * Refactor the checkNamespaceLabels with new interface, so the code is more readable now Signed-off-by: Den Tsou <den3tsou@gmail.com> * fix: fix typos Signed-off-by: Den Tsou <den3tsou@gmail.com> * fix: fix the lint errors Signed-off-by: Den Tsou <den3tsou@gmail.com> * refactor: revert back to get namespace from caller Signed-off-by: Den Tsou <den3tsou@gmail.com> * test: add a integration test for the change Signed-off-by: Den Tsou <den3tsou@gmail.com> --------- Signed-off-by: Den Tsou <den3tsou@gmail.com> Signed-off-by: Den <6628668+den3tsou@users.noreply.github.com> Co-authored-by: Xunzhuo <bitliu@tencent.com>
envoyproxy · Sep 12, 2023 · 373ef32 · 373ef32
1 parent e158ef1
commit 373ef32
Show file tree

Hide file tree

Showing 10 changed files with 851 additions and 37 deletions.
diff --git a/api/config/v1alpha1/envoygateway_types.go b/api/config/v1alpha1/envoygateway_types.go
@@ -177,15 +177,37 @@ type EnvoyGatewayKubernetesProvider struct {
 	OverwriteControlPlaneCerts bool `json:"overwrite_control_plane_certs,omitempty"`
 }
 
+const (
+	// KubernetesWatchModeTypeNamespaces indicates that the namespace watch mode is used.
+	KubernetesWatchModeTypeNamespaces = "Namespaces"
+
+	// KubernetesWatchModeTypeNamespaceSelectors indicates that namespaceSelectors watch
+	// mode is used.
+	KubernetesWatchModeTypeNamespaceSelectors = "NamespaceSelectors"
+)
+
+// KubernetesWatchModeType defines the type of KubernetesWatchMode
+type KubernetesWatchModeType string
+
 // KubernetesWatchMode holds the configuration for which input resources to watch and reconcile.
 type KubernetesWatchMode struct {
+	// Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and
+	// KubernetesWatchModeTypeNamespaceSelectors are currently supported
+	// By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources
+	// from all namespaces.
+	Type KubernetesWatchModeType
+
 	// Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped
 	// resources such as Gateway, HTTPRoute and Service.
 	// Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as
-	// GatewayClass that it is linked to.
-	// By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources
-	// from all namespaces.
-	Namespaces []string `json:"namespaces,omitempty"`
+	// GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelectors must be set
+	Namespaces []string
+
+	// NamespaceSelectors holds a list of labels that namespaces have to have in order to be watched.
+	// Note this doesn't set the informer to watch the namespaces with the given labels. Informer still
+	// watches all namespaces. But the events for objects whois namespce have no given labels
+	// will be filtered out. Precisely one of Namespaces and NamespaceSelectors must be set
+	NamespaceSelectors []string `json:"namespaces,omitempty"`
 }
 
 // KubernetesDeployMode holds configuration for how to deploy managed resources such as the Envoy Proxy

diff --git a/api/config/v1alpha1/zz_generated.deepcopy.go b/api/config/v1alpha1/zz_generated.deepcopy.go
diff --git a/docs/latest/api/config_types.md b/docs/latest/api/config_types.md
@@ -564,7 +564,20 @@ _Appears in:_
 
 | Field | Description |
 | --- | --- |
-| `namespaces` _string array_ | Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped resources such as Gateway, HTTPRoute and Service. Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as GatewayClass that it is linked to. By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources from all namespaces. |
+| `Type` _[KubernetesWatchModeType](#kuberneteswatchmodetype)_ | Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and KubernetesWatchModeTypeNamespaceSelectors are currently supported By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources from all namespaces. |
+| `Namespaces` _string array_ | Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped resources such as Gateway, HTTPRoute and Service. Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelectors must be set |
+| `namespaces` _string array_ | NamespaceSelectors holds a list of labels that namespaces have to have in order to be watched. Note this doesn't set the informer to watch the namespaces with the given labels. Informer still watches all namespaces. But the events for objects whois namespce have no given labels will be filtered out. Precisely one of Namespaces and NamespaceSelectors must be set |
+
+
+## KubernetesWatchModeType
+
+_Underlying type:_ `string`
+
+KubernetesWatchModeType defines the type of KubernetesWatchMode
+
+_Appears in:_
+- [KubernetesWatchMode](#kuberneteswatchmode)
+
 
 
 ## LiteralCustomTag