internal/dag: Initial implementation for gateway-api

[stevesloka]

Super rough initial implementation for gateway-api.

Needs a lot of love, but at least has started to work while still behind the feature flag in Contour. Using this sample yaml I can get things to route properly:

kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
  name: contour-gateway
spec:
  gatewayClassName: contour-class
  listeners:
    - protocol: HTTP
      port: 80
      routes:
        kind: HTTPRoute
        selector:
          matchLabels:
            app: filter
        namespaces:
          from: "All"
---
kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
  name: http-filter-1
  namespace: projectcontour-roots 
  labels:
    app: filter
spec:
  hostnames:
    - local.projectcontour.io
  rules:
    - matches:
      - path:
          type: Prefix
          value: /
      forwardTo:
      - serviceName: rootapp
        port: 80

Updates #2287

Signed-off-by: Steve Sloka slokas@vmware.com

[codecov]

Codecov Report

Merging #3278 (f9fa493) into main (1035ddb) will increase coverage by 0.10%.
The diff coverage is 77.27%.

@@            Coverage Diff             @@
##             main    #3278      +/-   ##
==========================================
+ Coverage   75.60%   75.70%   +0.10%     
==========================================
  Files          98       98              
  Lines        6353     6396      +43     
==========================================
+ Hits         4803     4842      +39     
- Misses       1444     1446       +2     
- Partials      106      108       +2     

Impacted Files	Coverage Δ
cmd/contour/serve.go	0.00% <0.00%> (ø)
internal/dag/serviceapis_processor.go	83.72% <82.92%> (+83.72%)	⬆️
internal/k8s/log.go	69.56% <0.00%> (+6.52%)	⬆️

[stevesloka]

Ok this is a bit better with tests, but I think a reasonable start. It doesn't have any status information which I think would be a good next step to get integrated, but want to limit the changes since it's turning into a large PR.

[danehans]

Should case statements be added for "All" and "SameNamespace" allow types? I would expect a route to be precluded from valid if allow: All and no gateways exist in any namespace. I would also expect a route to be precluded from valid if allow: SameNamespace and no gateways exist in the route's namespace.

[stevesloka]

Let me take this logic out all together, then reference resolution in a new issue? I think that would be best if you're ok with that. (#3351)

[danehans]

I suggest validating each hostname. The first phase of hostname validation can be:

• Ensure the hostname is not an IP address. xref: https://golang.org/pkg/net/#ParseIP
• Ensure the hostname does not contain a port. xref: https://golang.org/pkg/net/#SplitHostPort

As a second phase, the hostname spec states "Hostname is the fully qualified domain name of a network host, as defined by RFC 3986." We should be able to use https://golang.org/pkg/net/?m=all#isDomainName (verify that it supports wildcard prefixes or augment to support wildcards).

[stevesloka]

#3353

[danehans]

Note that if kubernetes-sigs/gateway-api#538 merges, port will be optional. With this PR, when port is unspecified, the implementation should forward the request with the port unmodified. Take a look and comment if this is an issue.

[stevesloka]

#3352

[skriss]

Handful of initial comments. This looks like a good start on MVP functionality. In general, I'd say let's just be explicit about which subset of functionality we're supporting as we go, and logging errors/not processing config that we can't support yet.

[skriss]

should we skip the entire rule if we can't parse one of the matches? (I'm not totally sure)

[stevesloka]

There's an exact match as well which Contour doesn't have support for yet. I was trying to not get backed into the current HTTPProxy issue of one error makes the entire resource invalid.

[stevesloka]

These are places where we need to raise status condition errors. I think we should try and not throw away the entire resource for things that are either not implemented yet or are in error (ref #3145).

[skriss]

we should probably check for TLS config and error/not process the route if it's set, since we don't support it yet.

[stevesloka]

👍

[skriss]

I think limiting the routes we process to only those that map to this Contour's gateway is probably essential functionality for an MVP here - we have the config option in the config file, so should be able to wire that through.

[stevesloka]

I opened #3351 to track this. Do you think it's ok to merge this as-is, then follow up with that? I do understand that right now we'll process ALL gateways. =)

[stevesloka]

#3278 (comment)

[youngnick]

Couple of small things from me, but this looks okay as a first pass. Definitely plenty of work to do still though.

[youngnick]

Comment needs finishing up?

[youngnick]

I'd recommend calling these kuardSvc and blogSvc respectively, that saves one lookup when you're writing more tests.

[jmprusi]

All the usages of the FieldLogger (p.Error,p.Errorf...) panic, as it seems to not be initialized (nil).

[stevesloka]

👍 I added this to the init of the processor.

[sunjayBhatia]

Looks good to me!

On testing, left a comment about adding a new issue to track the test coverage we will need

Also, since the conformance suite is not ready, should we add some basic integration tests that we can throw away later once we can start contributing upstream? Worth adding an issue for that?

[sunjayBhatia]

Worth adding tests (or maybe a tracking issue for adding tests) around the interactions between different resources (HTTPProxy, Ingress, Gateway APIs etc.)

[stevesloka]

👍 #3367

[sunjayBhatia]

nit: Should this error be reworded?

[stevesloka]

haha yup! 👍