NET-6759 Restructure v2 GatewayClassConfig CRD (#3298)

Restructure v2 GatewayClassConfig CRD

charts/consul/templates/gateway-resources-configmap.yaml

@@ -22,13 +22,60 @@ data:
       - apiVersion: mesh.consul.hashicorp.com/v2beta1
         metadata:
           name: consul-mesh-gateway
-          namespace: {{ .Release.Namespace }}
-        kind: gatewayClassConfig
+        kind: GatewayClassConfig
         spec:
+          labels:
+            set:
+              app: {{ template "consul.name" . }}
+              chart: {{ template "consul.chart" . }}
+              heritage: {{ .Release.Service }}
+              release: {{ .Release.Name }}
+              component: mesh-gateway
           deployment:
-            resources: {{ toJson .Values.meshGateway.resources }}
-          nodeSelector: {{ .Values.meshGateway.nodeSelector }}
-          serviceType: {{ .Values.meshGateway.service.type }}
+            {{- if .Values.meshGateway.affinity }}
+            affinity: {{ toJson (default "{}" .Values.meshGateway.affinity) }}
+            {{- end }}
+            {{- if .Values.meshGateway.annotations }}
+            annotations:
+              set: {{ toJson .Values.meshGateway.annotations }}
+            {{- end }}
+            {{- if .Values.global.extraLabels }}
+            labels:
+              set: {{ toJson .Values.global.extraLabels }}
+            {{- end }}
+            container:
+              consul:
+                logging:
+                  level: {{ default .Values.global.logLevel .Values.meshGateway.logLevel }}
+              portModifier: {{ sub .Values.meshGateway.containerPort .Values.meshGateway.service.port }}
+              resources: {{ toJson .Values.meshGateway.resources }}
+            initContainer:
+              consul:
+                logging:
+                  level: {{ default .Values.global.logLevel .Values.meshGateway.logLevel }}
+              resources: {{ toJson .Values.meshGateway.initServiceInitContainer.resources }}
+            {{- if .Values.meshGateway.nodeSelector }}
+            nodeSelector: {{ toJson .Values.meshGateway.nodeSelector }}
+            {{- end }}
+            priorityClassName: {{ toJson .Values.meshGateway.priorityClassName }}
+            replicas:
+              default: {{ .Values.meshGateway.replicas }}
+              min: {{ .Values.meshGateway.replicas }}
+              max: {{ .Values.meshGateway.replicas }}
+            {{- if .Values.meshGateway.tolerations }}
+            tolerations: {{ toJson .Values.meshGateway.tolerations }}
+            {{- end }}
+          service:
+            {{- if .Values.meshGateway.service.annotations }}
+            annotations:
+              set: {{ toJson .Values.meshGateway.service.annotations }}
+            {{- end }}
+            type: {{ .Values.meshGateway.service.type }}
+          {{- if .Values.meshGateway.serviceAccount.annotations }}
+          serviceAccount:
+            annotations:
+              set: {{ toJson .Values.meshGateway.serviceAccount.annotations }}
+          {{- end }}
     meshGateways:
       - name: mesh-gateway
         namespace: {{ .Release.Namespace }}

control-plane/api/mesh/v2beta1/gateway_class_config_types.go

@@ -16,10 +16,7 @@ func init() {
 // +kubebuilder:subresource:status
 
 // GatewayClassConfig is the Schema for the Mesh Gateway API
-// +kubebuilder:printcolumn:name="Synced",type="string",JSONPath=".status.conditions[?(@.type==\"Synced\")].status",description="The sync status of the resource with Consul"
-// +kubebuilder:printcolumn:name="Last Synced",type="date",JSONPath=".status.lastSyncedTime",description="The last successful synced time of the resource with Consul"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="The age of the resource"
-// +kubebuilder:resource:shortName="gateway-class-config"
 // +kubebuilder:resource:scope=Cluster
 type GatewayClassConfig struct {
 	metav1.TypeMeta   `json:",inline"`
@@ -31,66 +28,114 @@ type GatewayClassConfig struct {
 
 // +k8s:deepcopy-gen=true
 
-// GatewayClassConfigSpec specifies the desired state of the Config CRD.
+// GatewayClassConfigSpec specifies the desired state of the GatewayClassConfig CRD.
 type GatewayClassConfigSpec struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
+
+	// Deployment contains config specific to the Deployment created from this GatewayClass
+	Deployment GatewayClassDeploymentConfig `json:"deployment,omitempty"`
+	// Role contains config specific to the Role created from this GatewayClass
+	Role GatewayClassRoleConfig `json:"role,omitempty"`
+	// RoleBinding contains config specific to the RoleBinding created from this GatewayClass
+	RoleBinding GatewayClassRoleBindingConfig `json:"roleBinding,omitempty"`
+	// Service contains config specific to the Service created from this GatewayClass
+	Service GatewayClassServiceConfig `json:"service,omitempty"`
+	// ServiceAccount contains config specific to the corev1.ServiceAccount created from this GatewayClass
+	ServiceAccount GatewayClassServiceAccountConfig `json:"serviceAccount,omitempty"`
+}
 
-	// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
-	ServiceType *corev1.ServiceType `json:"serviceType,omitempty"`
+// GatewayClassDeploymentConfig specifies the desired state of the Deployment created from the GatewayClassConfig.
+type GatewayClassDeploymentConfig struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
+
+	// Container contains config specific to the created Deployment's container
+	Container *GatewayClassContainerConfig `json:"container,omitempty"`
+	// InitContainer contains config specific to the created Deployment's init container
+	InitContainer *GatewayClassInitContainerConfig `json:"initContainer,omitempty"`
+	// NodeSelector specifies the node selector to use on the created Deployment
+	NodeSelector *corev1.NodeSelector `json:"nodeSelector,omitempty"`
+	// PriorityClassName specifies the priority class name to use on the created Deployment
+	PriorityClassName string `json:"priorityClassName,omitempty"`
+	// Replicas specifies the configuration to control the number of replicas for the created Deployment
+	Replicas *GatewayClassReplicasConfig `json:"replicas,omitempty"`
+	// SecurityContext specifies the security context for the created Deployment's Pod
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+	// Tolerations specifies the tolerations to use on the created Deployment
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+}
 
-	// NodeSelector is a selector which must be true for the pod to fit on a node.
-	// Selector which must match a node's labels for the pod to be scheduled on that node.
-	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+type GatewayClassReplicasConfig struct {
+	// Default is the number of replicas assigned to the Deployment when created
+	Default *int32 `json:"default,omitempty"`
+	// Min is the minimum number of replicas allowed for a gateway with this class.
+	// If the replica count drops below this value due to manual or automated scaling,
+	// the replica count will be restored to this value.
+	Min *int32 `json:"min,omitempty"`
+	// Max is the maximum number of replicas allowed for a gateway with this class.
+	// If the replica count exceeds this value due to manual or automated scaling,
+	// the replica count will be restored to this value.
+	Max *int32 `json:"max,omitempty"`
+}
 
-	// Tolerations allow the scheduler to schedule nodes with matching taints.
-	// More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+type GatewayClassInitContainerConfig struct {
+	// Consul specifies configuration for the consul-k8s-control-plane init container
+	Consul GatewayClassConsulConfig `json:"consul,omitempty"`
+	// Resources specifies the resource requirements for the created Deployment's init container
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+}
 
-	// Deployment defines the deployment configuration for the gateway.
-	DeploymentSpec DeploymentSpec `json:"deployment,omitempty"`
+type GatewayClassContainerConfig struct {
+	// Consul specifies configuration for the consul-dataplane container
+	Consul GatewayClassConsulConfig `json:"consul,omitempty"`
+	// Resources specifies the resource requirements for the created Deployment's container
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+}
 
-	// Annotation Information to copy to services or deployments
-	CopyAnnotations CopyAnnotationsSpec `json:"copyAnnotations,omitempty"`
+type GatewayClassRoleConfig struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
+}
 
-	// The name of an existing Kubernetes PodSecurityPolicy to bind to the managed ServiceAccount if ACLs are managed.
-	PodSecurityPolicy string `json:"podSecurityPolicy,omitempty"`
+type GatewayClassRoleBindingConfig struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
+}
 
-	// The name of the OpenShift SecurityContextConstraints resource for this gateway class to use.
-	OpenshiftSCCName string `json:"openshiftSCCName,omitempty"`
+type GatewayClassServiceConfig struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
 
-	// The value to add to privileged ports ( ports < 1024) for gateway containers
-	MapPrivilegedContainerPorts int32 `json:"mapPrivilegedContainerPorts,omitempty"`
+	// Type specifies the type of Service to use (LoadBalancer, ClusterIP, etc.)
+	Type *corev1.ServiceType `json:"type,omitempty"`
 }
 
-// +k8s:deepcopy-gen=true
+type GatewayClassServiceAccountConfig struct {
+	GatewayClassAnnotationsAndLabels `json:",inline"`
+}
 
-type DeploymentSpec struct {
-	// +kubebuilder:default:=1
-	// +kubebuilder:validation:Maximum=8
-	// +kubebuilder:validation:Minimum=1
-	// Number of gateway instances that should be deployed by default
-	DefaultInstances *int32 `json:"defaultInstances,omitempty"`
-	// +kubebuilder:default:=8
-	// +kubebuilder:validation:Maximum=8
-	// +kubebuilder:validation:Minimum=1
-	// Max allowed number of gateway instances
-	MaxInstances *int32 `json:"maxInstances,omitempty"`
-	// +kubebuilder:default:=1
-	// +kubebuilder:validation:Maximum=8
-	// +kubebuilder:validation:Minimum=1
-	// Minimum allowed number of gateway instances
-	MinInstances *int32 `json:"minInstances,omitempty"`
-
-	// Resources defines the resource requirements for the gateway.
-	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+type GatewayClassConsulConfig struct {
+	// Logging specifies the logging configuration for Consul Dataplane
+	Logging GatewayClassConsulLoggingConfig `json:"logging,omitempty"`
+}
+
+type GatewayClassConsulLoggingConfig struct {
+	// Level sets the logging level for Consul Dataplane (debug, info, etc.)
+	Level string `json:"level,omitempty"`
 }
 
-//+kubebuilder:object:generate=true
+// GatewayClassAnnotationsAndLabels exists to provide a commonly-embedded wrapper
+// for Annotations and Labels on a given resource configuration.
+type GatewayClassAnnotationsAndLabels struct {
+	// Annotations are applied to the created resource
+	Annotations GatewayClassAnnotationsLabelsConfig `json:"annotations,omitempty"`
+	// Labels are applied to the created resource
+	Labels GatewayClassAnnotationsLabelsConfig `json:"labels,omitempty"`
+}
 
-// CopyAnnotationsSpec defines the annotations that should be copied to the gateway service.
-type CopyAnnotationsSpec struct {
-	// List of annotations to copy to the gateway service.
-	Service []string `json:"service,omitempty"`
+type GatewayClassAnnotationsLabelsConfig struct {
+	// InheritFromGateway lists the names/keys of annotations or labels to copy from the Gateway resource.
+	// Any name/key included here will override those in Set if specified on the Gateway.
+	InheritFromGateway []string `json:"inheritFromGateway,omitempty"`
+	// Set lists the names/keys and values of annotations or labels to set on the resource.
+	// Any name/key included here will be overridden if present in InheritFromGateway and set on the Gateway.
+	Set map[string]string `json:"set,omitempty"`
 }
 
 // +kubebuilder:object:root=true