Update for the v1beta1 API (#12)

This change introduces a new `experimental` feature that gates the
availability of experimental types that are not in the *v1beta1* API.

Also:

* ci: Integration tests are split into a separate workflow;
* ci: A markdown workflow is added;
* The API version is removed from the module path;
* experimental: `ReferencePolicy` is renamed to `ReferenceGrant`

Signed-off-by: Oliver Gould <ver@buoyant.io>

.devcontainer/devcontainer.json

@@ -2,6 +2,7 @@
 	"name": "k8s-gateway-api.dev",
 	"image": "ghcr.io/linkerd/dev-proxy:v11",
 	"extensions": [
+		"DavidAnson.vscode-markdownlint",
 		"NathanRidley.autotrim",
 		"rust-lang.rust-analyzer",
 		"skellock.just",

.github/workflows/integration.yml

@@ -0,0 +1,56 @@
+name: integration
+
+on:
+  pull_request:
+    paths:
+      - Cargo.toml
+      - '**/*.rs'
+      - .github/workflows/integration.yml
+
+permissions:
+  contents: read
+
+env:
+  CARGO_INCREMENTAL: 0
+  CARGO_NET_RETRY: 10
+  RUSTUP_MAX_RETRIES: 10
+  RUST_VERSION: 1.60.0
+  K3D_VERSION: v5.4.1
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        k8s:
+          - v1.21
+          - v1.23
+    timeout-minutes: 5
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install rust
+        run: |
+          rm -rf $HOME/.cargo
+          curl --proto =https --tlsv1.3 -fLsSv https://sh.rustup.rs | sh -s -- -y --default-toolchain "${RUST_VERSION}"
+          source $HOME/.cargo/env
+          echo "PATH=$PATH" >> $GITHUB_ENV
+          cargo version
+      # Setup a cluster
+      - run: curl --proto =https --tlsv1.3 -fLsSv https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh | bash
+      - run: k3d --version
+      - run: k3d cluster create --no-lb --k3s-arg '--no-deploy=local-storage,traefik,servicelb,metrics-server@server:*' --image +${{ matrix.k8s }}
+      - run: kubectl version
+      # Install CRDs
+      - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
+        with:
+          repository: kubernetes-sigs/gateway-api
+          ref: 3f4b981dd6669f67398d753a6f278b241d669953 # 0.5.0-dev
+          path: gateway-api
+      - run: kubectl apply -k gateway-api/config/crd/experimental/
+      # Setup just
+      - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
+      - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
+      # Run tests
+      - run: just fetch
+      - run: just test-build --package=integration
+      - run: just test --package=integration
+

.github/workflows/lint.yml

@@ -15,7 +15,6 @@ env:
   CARGO_NET_RETRY: 10
   RUSTUP_MAX_RETRIES: 10
   RUST_VERSION: 1.60.0
-  K3D_VERSION: v5.4.1
 
 jobs:
   fmt:
@@ -41,6 +40,8 @@ jobs:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - run: just fetch
       - run: just clippy
+      - run: just clippy --all-features
+      - run: just clippy --package=integration
 
   docs:
     timeout-minutes: 10
@@ -53,36 +54,3 @@ jobs:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - run: just fetch
       - run: just docs
-
-  test:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install rust
-        run: |
-          rm -rf $HOME/.cargo
-          curl --proto =https --tlsv1.3 -fLsSv https://sh.rustup.rs | sh -s -- -y --default-toolchain "${RUST_VERSION}"
-          source $HOME/.cargo/env
-          echo "PATH=$PATH" >> $GITHUB_ENV
-          cargo version
-      # Setup a cluster
-      - run: curl --proto =https --tlsv1.3 -fLsSv https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh | bash
-      - run: k3d --version
-      - run: k3d cluster create --no-lb --k3s-arg '--no-deploy=local-storage,traefik,servicelb,metrics-server@server:*'
-      - run: kubectl version
-      # Install CRDs
-      - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
-        with:
-          repository: kubernetes-sigs/gateway-api
-          ref: v0.4.3
-          path: gateway-api
-      - run: kubectl apply -f gateway-api/config/crd/v1alpha2/
-      # Setup just
-      - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
-      - uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
-      # Run tests
-      - run: just fetch
-      - run: just test-build
-      - run: just test
-
-

.github/workflows/markdown.yml

@@ -0,0 +1,22 @@
+name: markdown
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    paths:
+      - '**/*.md'
+      - .github/workflows/markdown.yml
+
+jobs:
+  markdownlint:
+    timeout-minutes: 5
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - uses: DavidAnson/markdownlint-cli2-action@744f913a124058ee903768d3adb92a4847e5d132
+        with:
+          globs: |
+            **/*.md
+            !target/**

Cargo.toml

@@ -6,14 +6,18 @@ members = [
 
 [package]
 name = "k8s-gateway-api"
-version = "0.4.0"
+version = "0.5.0"
 edition = "2021"
 license = "Apache-2.0"
 repository = "https://github.com/linkerd/k8s-gateway-api"
 rust-version = "1.60"
 keywords = ["kubernetes", "gateway"]
 description = "Rust bindings for the Kubenetes Gateway API"
 
+[features]
+default = []
+experimental = []
+
 [dependencies]
 kube = { version = "0.73", default-features = false, features = ["derive"] }
 k8s-openapi = { version = "0.15", features = ["schemars"] }
@@ -22,10 +26,11 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 
 [dev-dependencies]
-k8s-openapi = { version = "0.15", default-features = false, features = ["v1_24"] }
+k8s-openapi = { version = "0.15", default-features = false, features = ["v1_21"] }
 
 [package.metadata.docs.rs]
 rustdoc-args = ["--cfg", "docsrs"]
 features = [
+    "experimental",
     "k8s-openapi/v1_24",
 ]

README.md

@@ -1,30 +1,30 @@
 # k8s-gateway-api
 
-(Unofficial) Rust bindings for the [Kubernetes Gateway API][ref].
+(Unofficial) Rust bindings for the [Kubernetes Gateway API][site].
 
-Based on <https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.4.3>.
+Based on [gateway-api-v0.5.0-dev].
 
 [![Crates.io][crate-badge]][crate-url]
 [![Documentation][docs-badge]][docs-url]
 [![License][lic-badge]](LICENSE)
 
-[crate-badge]: https://img.shields.io/crates/v/k8s-gateway-api.svg
-[crate-url]: https://crates.io/crates/k8s-gateway-api
-[docs-badge]: https://docs.rs/k8s-gateway-api/badge.svg
-[docs-url]: https://docs.rs/k8s-gateway-api
-[docs-url]: https://img.shields.io/crates/l/k8s-gateway-api
-[lic-badge]: https://img.shields.io/crates/l/k8s-gateway-api
-
 ## Status
 
 This crate is experimental.
 
-It defines all of the v1alpha2 Gateway API types with documentation.
+It defines all of the *v1beta1* Gateway API types with documentation, as well as
+the *v1alpha2* types when the `experimental` feature is enabled.
 
 ### TODO
 
 * Express validation constraints
 * Rustify/Linkify documentation
-* Support Linkerd-specific extensions (via feature flag).
 
-[ref]: https://gateway-api.sigs.k8s.io/
+[gateway-api-v0.5.0-dev]: https://github.com/kubernetes-sigs/gateway-api/tree/4f86f0bd65173b04dadb558f63fbbd53330736d2
+[site]: https://gateway-api.sigs.k8s.io/
+[crate-badge]: https://img.shields.io/crates/v/k8s-gateway-api.svg
+[crate-url]: https://crates.io/crates/k8s-gateway-api
+[docs-badge]: https://docs.rs/k8s-gateway-api/badge.svg
+[docs-url]: https://docs.rs/k8s-gateway-api
+[docs-url]: https://img.shields.io/crates/l/k8s-gateway-api
+[lic-badge]: https://img.shields.io/crates/l/k8s-gateway-api

integration/Cargo.toml

@@ -6,6 +6,7 @@ license = "Apache-2.0"
 publish = false
 
 [dev-dependencies]
+k8s-openapi = { version = "0.15", features = ["v1_21"] }
 tokio = { version = "1", features = ["macros", "rt"] }
 tracing = "0.1"
 k8s-gateway-api = { path = ".." }

integration/tests/gateway.rs

@@ -1,4 +1,4 @@
-use k8s_gateway_api::v1alpha2::{
+use k8s_gateway_api::{
     AllowedRoutes, Gateway, GatewaySpec, GatewayTlsConfig, Listener, RouteGroupKind,
     SecretObjectReference,
 };

integration/tests/httproute.rs

@@ -1,4 +1,4 @@
-use k8s_gateway_api::v1alpha2::{
+use k8s_gateway_api::{
     BackendRef, HttpBackendRef, HttpHeaderMatch, HttpRoute, HttpRouteMatch, HttpRouteRule,
     HttpRouteSpec,
 };

src/v1alpha2/policy.rs → src/exp/policy.rs

@@ -1,4 +1,4 @@
-use super::*;
+use crate::*;
 
 /// PolicyTargetReference identifies an API object to apply policy to. This
 /// should be used as part of Policy resources that can target Gateway API

src/v1alpha2/referencepolicy.rs → src/exp/referencegrant.rs

@@ -1,39 +1,37 @@
-use super::*;
+use crate::*;
 
-/// ReferencePolicy identifies kinds of resources in other namespaces that are
+/// ReferenceGrant identifies kinds of resources in other namespaces that are
 /// trusted to reference the specified kinds of resources in the same namespace
 /// as the policy.
 ///
-/// Each ReferencePolicy can be used to represent a unique trust relationship.
+/// Each ReferenceGrant can be used to represent a unique trust relationship.
 /// Additional Reference Policies can be used to add to the set of trusted
 /// sources of inbound references for the namespace they are defined within.
 ///
-/// All cross-namespace references in Gateway API (with the exception of cross-namespace
-/// Gateway-route attachment) require a ReferencePolicy.
-///
-/// Support: Core
+/// All cross-namespace references in Gateway API (with the exception of
+/// cross-namespace Gateway-route attachment) require a ReferenceGrant.
 #[derive(Clone, Debug, serde::Deserialize, serde::Serialize, schemars::JsonSchema)]
-pub struct ReferencePolicy {
+pub struct ReferenceGrant {
     /// From describes the trusted namespaces and kinds that can reference the
     /// resources described in "To". Each entry in this list must be considered
     /// to be an additional place that references can be valid from, or to put
     /// this another way, entries must be combined using OR.
     ///
-    /// Support: Cor
-    pub from: Vec<ReferencePolicyFrom>,
+    /// Support: Core
+    pub from: Vec<ReferenceGrantFrom>,
 
     /// To describes the resources that may be referenced by the resources
     /// described in "From". Each entry in this list must be considered to be an
     /// additional place that references can be valid to, or to put this another
     /// way, entries must be combined using OR.
     ///
     /// Support: Core
-    pub to: Vec<ReferencePolicyFrom>,
+    pub to: Vec<ReferenceGrantFrom>,
 }
 
-/// ReferencePolicyFrom describes trusted namespaces and kinds.
+/// ReferenceGrantFrom describes trusted namespaces and kinds.
 #[derive(Clone, Debug, serde::Deserialize, serde::Serialize, schemars::JsonSchema)]
-pub struct ReferencePolicyFrom {
+pub struct ReferenceGrantFrom {
     /// Group is the group of the referent.
     ///
     /// When empty, the Kubernetes core API group is inferred.
@@ -57,10 +55,10 @@ pub struct ReferencePolicyFrom {
     pub namespace: Namespace,
 }
 
-/// ReferencePolicyTo describes what Kinds are allowed as targets of the
+/// ReferenceGrantTo describes what Kinds are allowed as targets of the
 /// references.
 #[derive(Clone, Debug, serde::Deserialize, serde::Serialize, schemars::JsonSchema)]
-pub struct ReferencePolicyTo {
+pub struct ReferenceGrantTo {
     /// Group is the group of the referent.
     /// When empty, the Kubernetes core API group is inferred.
     ///

src/v1alpha2/tcproute.rs → src/exp/tcproute.rs

@@ -1,4 +1,4 @@
-use super::*;
+use crate::*;
 
 /// TCPRoute provides a way to route TCP requests. When combined with a Gateway
 /// listener, it can be used to forward connections on the port specified by the

src/v1alpha2/tlsroute.rs → src/exp/tlsroute.rs

@@ -1,4 +1,4 @@
-use super::*;
+use crate::*;
 
 /// The TLSRoute resource is similar to TCPRoute, but can be configured to match
 /// against TLS-specific metadata. This allows more flexibility in matching
@@ -78,7 +78,7 @@ pub struct TlsRouteRule {
     /// Service with no endpoints), the rule performs no forwarding; if no
     /// filters are specified that would result in a response being sent, the
     /// underlying implementation must actively reject request attempts to this
-    /// backend, by rejecting the connection or returning a 404 status code.
+    /// backend, by rejecting the connection or returning a 500 status code.
     /// Request rejections must respect weight; if an invalid backend is
     /// requested to have 80% of requests, then 80% of requests must be rejected
     /// instead.

src/v1alpha2/udproute.rs → src/exp/udproute.rs

@@ -1,4 +1,4 @@
-use super::*;
+use crate::*;
 
 #[derive(
     Clone, Debug, kube::CustomResource, serde::Deserialize, serde::Serialize, schemars::JsonSchema,

src/v1alpha2/gateway.rs → src/gateway.rs

@@ -1,4 +1,5 @@
-use super::*;
+use crate::*;
+use k8s_openapi::apimachinery::pkg::apis::meta::v1 as metav1;
 use std::collections::BTreeMap;
 
 /// Gateway represents an instance of a service-traffic handling infrastructure
@@ -8,7 +9,7 @@ use std::collections::BTreeMap;
 )]
 #[kube(
     group = "gateway.networking.k8s.io",
-    version = "v1alpha2",
+    version = "v1beta1",
     kind = "Gateway",
     status = "GatewayStatus",
     namespaced
@@ -49,7 +50,7 @@ pub struct GatewaySpec {
     /// provided in the incoming client request MUST be matched to a Listener to
     /// find the correct set of Routes.  The incoming hostname MUST be matched
     /// using the Hostname field for each Listener in order of most to least
-    /// specific.  That is, exact matches must be processed before wildcard
+    /// specific. That is, exact matches must be processed before wildcard
     /// matches.
     ///
     /// If this field specifies multiple Listeners that have the same Port value

src/v1alpha2/gatewayclass.rs → src/gatewayclass.rs

@@ -1,4 +1,5 @@
-use super::*;
+use crate::*;
+use k8s_openapi::apimachinery::pkg::apis::meta::v1 as metav1;
 
 // GatewayClass describes a class of Gateways available to the user for creating
 // Gateway resources.
@@ -22,7 +23,7 @@ use super::*;
 )]
 #[kube(
     group = "gateway.networking.k8s.io",
-    version = "v1alpha2",
+    version = "v1beta1",
     kind = "GatewayClass",
     status = "GatewayClassStatus"
 )]