Kong · pmalek · Jun 22, 2022 · Jun 13, 2022
@@ -133,7 +133,7 @@ manifests.single: kustomize ## Compose single-file deployment manifests from bui
 # ------------------------------------------------------------------------------
 
 .PHONY: generate
-generate: generate.controllers generate.clientsets
+generate: generate.controllers generate.clientsets generate.gateway-api-crds-url
 
 .PHONY: generate.controllers
 generate.controllers: controller-gen
@@ -309,17 +309,76 @@ run: install
  --kubeconfig $(KUBECONFIG) \
  --feature-gates=$(KONG_CONTROLLER_FEATURE_GATES)
 
-install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+# ------------------------------------------------------------------------------
+# Gateway API
+# ------------------------------------------------------------------------------
+
+GATEWAY_API_PACKAGE ?= sigs.k8s.io/gateway-api
+# TODO: Below hardcoded ref is a workaround for the fact that we're using an untagged version
+# of sigs.k8s.io/gateway-api in go.mod - that occurred after v0.4.0 (which was tagged on master)
+# but which contains a breaking change w.r.t to the file structure in said repo - and the
+# fact that kustomize accepts only branch names, tags, or full commit hashes, i.e. short
+# hashes or go pseudo versions are not supported [1].
+# Please also note that kustomize fails silently when provided with an unsupported ref
+# and downloads the manifests from the main branch.
+#
+# [1]: https:/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md#remote-directories
+#
+# This causes a problem where we cannot use go pseudo version from go.mod i.e.
+# v0.4.1-0.20220306235253-71fee1c2808f and where we cannot update to a newer version
+# sigs.k8s.io/gateway-api because v0.5.0 hasn't been released yet and v0.4.x versions
+# do not contain the change in file structure that some of the code in this repo already
+# relies on.
+#
+# In order to avoid unnecessary work we're just hardcoding the full SHA that
+# corresponds to what's in go.mod - v0.4.1-0.20220306235253-71fee1c2808f - until
+# v0.5.0 is released which we can then use in go.mod and scrape via go list ...
+# 
+# Whenever the above happens the hardcoded SHA can be replaced with:
+# $(shell go list -m -f "{{.Version}}" $(GATEWAY_API_PACKAGE))
+#
+# Related issue: https:/Kong/kubernetes-ingress-controller/issues/2595
+GATEWAY_API_VERSION ?= 71fee1c2808fa19a5f19d952d155fc072cf9324c
+GATEWAY_API_CRDS_LOCAL_PATH = $(shell go env GOPATH)/pkg/mod/$(GATEWAY_API_PACKAGE)@$(GATEWAY_API_VERSION)/config/crd
+GATEWAY_API_REPO ?= github.com/kubernetes-sigs/gateway-api
+GATEWAY_API_CRDS_URL = $(GATEWAY_API_REPO)/config/crd?ref=$(GATEWAY_API_VERSION)
+
+.PHONY: print-gateway-api-crds-url
+print-gateway-api-crds-url:
+ @echo $(GATEWAY_API_CRDS_URL)
+
+.PHONY: generate.gateway-api-crds-url
+generate.gateway-api-crds-url:
+ URL=$(shell $(MAKE) print-gateway-api-crds-url) \
+ INPUT=$(shell pwd)/test/internal/cmd/generate-gateway-api-crds-url/gateway_consts.tmpl \
+ OUTPUT=$(shell pwd)/test/consts/gateway.go \
+ go generate ./test/internal/cmd/generate-gateway-api-crds-url
+
+.PHONY: go-mod-download-gateway-api
+go-mod-download-gateway-api:
+ @go mod download $(GATEWAY_API_PACKAGE)
+
+.PHONY: install-gateway-api-crds
+install-gateway-api-crds: go-mod-download-gateway-api
+ $(KUSTOMIZE) build $(GATEWAY_API_CRDS_LOCAL_PATH) | kubectl apply -f -
+
+.PHONY: uninstall-gateway-api-crds
+uninstall-gateway-api-crds: go-mod-download-gateway-api
+ $(KUSTOMIZE) build $(GATEWAY_API_CRDS_LOCAL_PATH) | kubectl delete -f -
+
+# Install CRDs into the K8s cluster specified in $KUBECONFIG.
+.PHONY: install
+install: manifests kustomize install-gateway-api-crds
  $(KUSTOMIZE) build config/crd | kubectl apply -f -
- $(KUSTOMIZE) build https:/kubernetes-sigs/gateway-api.git/config/crd?ref=master | kubectl apply -f -
 
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+# Uninstall CRDs from the K8s cluster specified in $KUBECONFIG.
+.PHONY: uninstall
+uninstall: manifests kustomize uninstall-gateway-api-crds
  $(KUSTOMIZE) build config/crd | kubectl delete -f -
- $(KUSTOMIZE) build https:/kubernetes-sigs/gateway-api.git/config/crd?ref=master | kubectl delete -f -
 
-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in $KUBECONFIG.
  cd config/manager && $(KUSTOMIZE) edit set image controller=${IMAGE}
  $(KUSTOMIZE) build config/default | kubectl apply -f -
 
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+undeploy: ## Undeploy controller from the K8s cluster specified in $KUBECONFIG.
  $(KUSTOMIZE) build config/default | kubectl delete -f -
@@ -9,15 +9,16 @@ import (
  "strings"
 
  "github.com/kong/kubernetes-testing-framework/pkg/clusters"
+
+ "github.com/kong/kubernetes-ingress-controller/v2/test/consts"
 )
 
 // -----------------------------------------------------------------------------
 // Testing Utility Functions - CRDs
 // -----------------------------------------------------------------------------
 
 const (
- kongCRDsKustomize = "../../config/crd/"
- gatewayCRDsKustomize = "https:/kubernetes-sigs/gateway-api/config/crd?ref=v0.4.2"
+ kongCRDsKustomize = "../../config/crd/"
 )
 
 func DeployCRDsForCluster(ctx context.Context, cluster clusters.Cluster) error {
@@ -38,14 +39,16 @@ func DeployCRDsForCluster(ctx context.Context, cluster clusters.Cluster) error {
  if err := cmd.Run(); err != nil {
  return fmt.Errorf("failed to deploy kong CRDs STDOUT=(%s) STDERR=(%s): %w", strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err)
  }
+ fmt.Printf("INFO: running kubectl kustomize for Kong CRDs (args: %v)\n", args)
  kongCRDYAML := stdout.String()
 
  // gather the YAML to deploy Gateway CRDs
  stdout, stderr = new(bytes.Buffer), new(bytes.Buffer)
- args = []string{"--kubeconfig", kubeconfig.Name(), "kustomize", gatewayCRDsKustomize}
+ args = []string{"--kubeconfig", kubeconfig.Name(), "kustomize", consts.GatewayCRDsKustomizeURL}
  cmd = exec.CommandContext(ctx, "kubectl", args...)
  cmd.Stdout = stdout
  cmd.Stderr = stderr
+ fmt.Printf("INFO: running kubectl kustomize for Gateway CRDs (args: %v)\n", args)
  if err := cmd.Run(); err != nil {
  return fmt.Errorf("failed to deploy gateway CRDs STDOUT=(%s) STDERR=(%s): %w", strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err)
  }

@@ -0,0 +1,5 @@
+package consts
+
+const (
+ GatewayCRDsKustomizeURL = "github.com/kubernetes-sigs/gateway-api/config/crd?ref=71fee1c2808fa19a5f19d952d155fc072cf9324c"
+)
@@ -50,8 +50,6 @@ const (
  // gatewayUpdateWaitTime is the amount of time to wait for updates to the Gateway, or to its
  // parent Service to fully resolve into ready state.
  gatewayUpdateWaitTime = time.Minute * 3
-
- gatewayCRDsURL = "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.4.2"
 )
 
 var (

@@ -22,6 +22,8 @@ import (
  corev1 "k8s.io/api/core/v1"
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+ "github.com/kong/kubernetes-ingress-controller/v2/test/consts"
+
  "github.com/kong/kubernetes-ingress-controller/v2/internal/annotations"
  kongv1 "github.com/kong/kubernetes-ingress-controller/v2/pkg/apis/configuration/v1"
  "github.com/kong/kubernetes-ingress-controller/v2/pkg/clientset"
@@ -62,12 +64,11 @@ nodes:
  admissionScriptPath = "../../hack/deploy-admission-controller.sh"
 )
 
-var (
- // openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout cert.key -out cert.crt -days 3650 -subj '/CN=first.example/'
- // openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout cert.key -out cert.crt -days 3650 -subj '/CN=first.example/'
- tlsPairs = []TLSPair{
- {
- Cert: `-----BEGIN CERTIFICATE-----
+// openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout cert.key -out cert.crt -days 3650 -subj '/CN=first.example/'
+// openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout cert.key -out cert.crt -days 3650 -subj '/CN=first.example/'
+var tlsPairs = []TLSPair{
+ {
+ Cert: `-----BEGIN CERTIFICATE-----
 MIICTDCCAdKgAwIBAgIUOe9HN8v1eedsZXur5uXAwJkOSG4wCgYIKoZIzj0EAwIw
 XTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
 dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEWMBQGA1UEAwwNZmlyc3QuZXhhbXBsZTAe
@@ -82,15 +83,15 @@ SM49BAMCA2gAMGUCMQC7rKXFcTAfoTSw5m2/ALseXru/xZC5t3Y7yQ+zSaneFMvQ
 KvXcO0/RGYeqLmS58C4CMGoJva3Ad5LaZ7qgMkahhLdopePb0U/GAQqIsWhHfjOT
 Il2dwxMvntBECtd0uXeKHQ==
 -----END CERTIFICATE-----`,
-  Key: `-----BEGIN PRIVATE KEY-----
+ Key: `-----BEGIN PRIVATE KEY-----
 MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAA9OHUgH4O/xF0/qyQ
 t3ZSX0/6IDilnyM1ayoUSUOfNcELUd2UZVAuZgP10f6cMUWhZANiAAR2pbLcSQhX
 4gD6IyPJiRN7lxZ8aPbi6qyPyjvoTJc6DPjMuJuJgkdSC8wye1XFsI295WGl5gbq
 JsXQyJOqU6pHg6mjTEeyRxN9HbfEpH+Zp7GZ2KuTTGzi3wnhCPqzic4=
 -----END PRIVATE KEY-----`,
-  },
-  {
-  Cert: `-----BEGIN CERTIFICATE-----
+ },
+ {
+ Cert: `-----BEGIN CERTIFICATE-----
 MIICTzCCAdSgAwIBAgIUOOTCdVckt76c9OSeGHyf+OrLU+YwCgYIKoZIzj0EAwIw
 XjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
 dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOc2Vjb25kLmV4YW1wbGUw
@@ -105,15 +106,14 @@ KoZIzj0EAwIDaQAwZgIxAPRJkWfSdIQMr2R77RgCicR+adD/mMxZra2SoL7qSMyq
 3iXLIXauNP9ar3tt1uZE8wIxAM4C6G4uoQ0dydhcgQVhlgB6GaqO18AEDYPzQjir
 dV2Bs8EBkYBx87PmZ+e/S7g9Ug==
 -----END CERTIFICATE-----`,
-  Key: `-----BEGIN PRIVATE KEY-----
+ Key: `-----BEGIN PRIVATE KEY-----
 MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBVtvjDBFke/k2Skezl
 h63g1q5IHCQM7wr1T43m5ACKZQt0ZDE1jfm1BYKk1omNpeChZANiAARwk2G6qdz9
 r+Wg7oZDvta1TQInW9FHJwnbcqGcdPjqs9+QLqvxjWi72UWLMlukh1RmkVoT4d40
 PMxZ3NvEwhsJgDJ82D7OUR2G7wZtgUj/WFj14XOofpZJmhzTQrtbbuc=
 -----END PRIVATE KEY-----`,
- },
- }
-)
+ },
+}
 
 // TestWebhookUpdate checks that the webhook updates the certificate indicated by --admission-webhook-cert-file when
 // the mounted Secret updates. This requires E2E because we can't mount Secrets with the locally-run integration
@@ -218,7 +218,8 @@ func TestWebhookUpdate(t *testing.T) {
  Name: "admission-cert",
  VolumeSource: corev1.VolumeSource{
  Secret: &corev1.SecretVolumeSource{
- SecretName: "admission-cert"},
+ SecretName: "admission-cert",
+ },
  },
  })
 
@@ -285,8 +286,8 @@ func TestDeployAllInOneDBLESSGateway(t *testing.T) {
  assert.NoError(t, env.Cleanup(ctx))
  }()
 
- t.Logf("deploying Gateway APIs CRDs from %s", gatewayCRDsURL)
- require.NoError(t, clusters.KustomizeDeployForCluster(ctx, env.Cluster(), gatewayCRDsURL))
+ t.Logf("deploying Gateway APIs CRDs from %s", consts.GatewayCRDsKustomizeURL)
+ require.NoError(t, clusters.KustomizeDeployForCluster(ctx, env.Cluster(), consts.GatewayCRDsKustomizeURL))
 
  t.Log("deploying kong components")
  manifest, err := getTestManifest(t, dblessPath)

@@ -0,0 +1,5 @@
+package consts
+
+const (
+ GatewayCRDsKustomizeURL = "{{.CRDsKustomizeURL}}"
+)
@@ -0,0 +1,81 @@
+package main
+
+import (
+ "bufio"
+ "bytes"
+ "flag"
+ "fmt"
+ "go/format"
+ "log"
+ "os"
+ "path/filepath"
+ "text/template"
+)
+
+//go:generate go run . -url $URL -in $INPUT -out $OUTPUT
+
+var (
+ urlFlag = flag.String("url", "", "The URL of Gateway API CRDs to be consumed by kustomize")
+ inFlag = flag.String("in", "", "Template file path")
+ outFlag = flag.String("out", "", "Output file path where the generate file will be placed")
+)
+
+type Data struct {
+ CRDsKustomizeURL string
+}
+
+func main() {
+ flagParse()
+
+ data := Data{
+ CRDsKustomizeURL: *urlFlag,
+ }
+ processTemplate(*inFlag, *outFlag, data)
+}
+
+func must(err error, errMsg string) {
+ if err != nil {
+ log.Fatalf("%s: %v", errMsg, err)
+ }
+}
+
+func flagParse() {
+ flag.Parse()
+ if *urlFlag == "" {
+ log.Print("Please provide the 'url' flag")
+ os.Exit(0)
+ }
+ if *inFlag == "" {
+ log.Print("Please provide the 'in' flag")
+ os.Exit(0)
+ }
+ if *outFlag == "" {
+ log.Print("Please provide the 'out' flag")
+ os.Exit(0)
+ }
+}
+
+func processTemplate(fileName string, outputFile string, data Data) {
+ base := filepath.Base(fileName)
+ tmpl, err := template.New(base).ParseFiles(fileName)
+ must(err, "Unable to parse template file")
+
+ var processed bytes.Buffer
+ err = tmpl.Execute(&processed, data)
+ must(err, "Unable to parse data into template")
+
+ formatted, err := format.Source(processed.Bytes())
+ must(err, "Unable to format resulting file")
+
+ outputPath := outputFile
+
+ f, err := os.Create(outputPath)
+ must(err, fmt.Sprintf("Unable to create file: %v", outputPath))
+
+ w := bufio.NewWriter(f)
+ _, err = w.Write(formatted)
+ must(err, "Unable to underlying buffered writer")
+
+ err = w.Flush()
+ must(err, "Unable to flush")
+}