Add support for GEP-1713: ListenerSets

[davidjumani]

Description

Adds support for ListenerSets laid out in https://gateway-api.sigs.k8s.io/geps/gep-1713.

This works around the restriction of a maximum of 64 listeners defined on a gateway. Users can now define multiple listenersets and map them to the appropriate parent gateway

Fixes #10662

This PR also adds policy support for listener sets

Added tests for the same

--- PASS: TestListenerSet (61.70s)
    --- PASS: TestListenerSet/ListenerSet (46.42s)
        --- PASS: TestListenerSet/ListenerSet/TestInvalidListenerSetNonExistingGW (3.48s)
        --- PASS: TestListenerSet/ListenerSet/TestInvalidListenerSetNotAllowed (5.46s)
        --- PASS: TestListenerSet/ListenerSet/TestPolicies (11.37s)
        --- PASS: TestListenerSet/ListenerSet/TestValidListenerSet (13.49s)

Change Type

/kind new_feature

Changelog

Allows a Kubernetes gateway to have more than 64 listeners by implementing ListenerSets defined in https://gateway-api.sigs.k8s.io/geps/gep-1713. Listener Sets can define their own listeners and be mapped to a parent gateway via their parentRef. The Kubernetes gateway will have the merged list of all listeners from itself and attached ListenerSets. This experimental feature requires the `xlistenersets.gateway.networking.x-k8s.io` CRD to be present.

[davidjumani]

Does this need to be in a goroutine ?

[stevenctl]

No, will create a goroutine under the hood

[yuval-k]

i think we need to call Register only after krt has started. @stevenctl do you know if that issue was fixed?

[stevenctl]

Ah, it's letting me respond here. For posterity: I believe the only issue is if we need the initial state, and luckily in this case we do not.

[davidjumani]

Decided to keep this the same as the GatewayReporter since they are pretty much the same thing. This avoids too many changes in the code, especially around status reporting

[stevenctl]

it might be possible that we miss the krt lookup and only have the api.Gateway here if we hit this path before translation finishes; we're guaranteed to eventually get it though

[yuval-k]

i think this should work because the controller should start only after krt is warm, IIRC.

[davidjumani]

I added the WaitUntilSynced above in an attempt to fix that

[stevenctl]

style nit: alias the returned func or give it's args names

[davidjumani]

Good idea, added!

[stevenctl]

we should eventually make our test translator handle getting istio-unknown types into krt clients so we can test for our own CRs too..

[yuval-k]

why is this exported?

[davidjumani]

Forgot to remove it in the cleanup. Fixed

[yuval-k]

i think this should work because the controller should start only after krt is warm, IIRC.

[yuval-k]

i think we need to call Register only after krt has started. @stevenctl do you know if that issue was fixed?

[yuval-k]

consider adding select with default clause; so if the channel is full it won't get stuck.
i think the channel would then just need capacity of 1

[davidjumani]

Would that lead to missed events when a gateway is modified ?

[stevenctl]

KRT handles a slow/blocking callback internally; it won't make other Register/dependent collections get stuck.
While we can do something like go func() { events <- ev }() here, I think the current code is fine.

[lgadban]

why are we getting route attached policies here?

[davidjumani]

This is similar to fetching policies for listeners in the gateway
Ref:

kgateway/internal/kgateway/krtcollections/policy.go

Line 290 in 56d7672

AttachedPolicies: toAttachedPolicies(h.policies.getTargetingPolicies(kctx, extensionsplug.RouteAttachmentPoint, out.ObjectSource, string(l.Name), i.GetLabels())),