policy: generalize merging API #11675
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
kind/breaking_change
kind/feature
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR generalizes the policy merging API by letting parent resources specify how child and parent policies should be merged (shallow vs. deep, parent- vs. child-preferred). Key changes include:
- Introduce a generic
MergePoliciesfunction in the plugin SDK with four merge strategies. - Replace delegation-specific annotations with a unified
kgateway.dev/inherited-policy-priorityannotation. - Update translators and plugins to honor the new merge strategies and add deep-merge support for transformation policies.
Reviewed Changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| test/kubernetes/e2e/features/route_delegation/types.go | Register new policy_merging.yaml manifest in the e2e suite |
| test/kubernetes/e2e/features/route_delegation/testdata/policy_merging.yaml | Add test fixture covering all merge-strategy scenarios |
| test/kubernetes/e2e/features/route_delegation/suite.go | Add TestPolicyMerging to validate merge strategy behavior |
| pkg/pluginsdk/policy/merge.go | Add generic merge API (MergePolicies, GetMergeStrategy) |
| pkg/pluginsdk/ir/iface.go | Add InheritedPolicyPriority field to RouteContext |
| pkg/pluginsdk/ir/gw.go | Store inherited priority on PolicyAtt, update merge origins |
| internal/kgateway/translator/irtranslator/route.go | Build and merge policies using new hierarchical priorities |
| internal/kgateway/translator/gateway/* | Propagate MergeOptions through all built-in and trafficpolicy plugins |
| api/annotations/policy.go | Define the new InheritedPolicyPriority annotation values |
| api/annotations/delegation.go | Remove delegation-specific policy priority annotations |
| internal/kgateway/krtcollections/policy.go | Read and propagate new annotation for policy inheritance |
| .golangci.yaml | Add alias for the new api/annotations package |
Comments suppressed due to low confidence (5)
test/kubernetes/e2e/features/route_delegation/testdata/policy_merging.yaml:57
- Remove the trailing whitespace on this annotation value to avoid unnecessary diffs.
kgateway.dev/inherited-policy-priority: DeepMergePreferParent
pkg/pluginsdk/policy/merge.go:118
- Add a GoDoc comment for
MergePoliciesexplaining its purpose, parameters, and return value.
func MergePolicies[T comparable](
pkg/pluginsdk/policy/merge.go:64
- Add a GoDoc for
GetMergeStrategyto describe how it maps annotation values and the hierarchy flag to aMergeStrategy.
func GetMergeStrategy(
pkg/pluginsdk/ir/gw.go:179
- Add a comment describing how
AppendWithPrioritydiffers fromAppendand how theHierarchicalPriorityparameter affects merge ordering.
func (a *AttachedPolicies) AppendWithPriority(HierarchicalPriority int, l ...AttachedPolicies) {
pkg/pluginsdk/policy/merge.go:64
- Add unit tests for
GetMergeStrategyto cover allInheritedPolicyPriorityValuecases and verify correct merge-strategy selection.
func GetMergeStrategy(
shashankram
force-pushed
the
pol-merge
branch
2 times, most recently
from
53efe7b to
3654e62
Compare
Description - Generalizes inherited policy merging so that a resource higher in the config hierarchy can define the merge strategy to use. - 4 merging strategies are supported: ShallowMergePreferChild(default), ShallowMergePreferParent, DeepMergePreferChild, DeepMergePreferParent. - The DeepMerge* variants are only implemented for TrafficPolicy's `transformation` field. Depending on the merge strategy, the higher priority transformations are ordered first. - `policy.MergePolicies` implements a generic variant for merging policies within the same hierarchy, and then across hierarchies. - Implements policy inheritance for builtin policies, i.e. a parent route's inherited policy priority is honored unlike before. - Uses the generic `kgateway.dev/inherited-policy-priority` annotation and removes the delegation specific annotation. - Makes ShallowMergePreferChild the default inherited policy for delegation so that child route's policies can override parent policies by default. This is a breaking change. Change Type ``` /kind breaking_change /kind new_feature ``` Changelog ```release-note Use `kgateway.dev/inherited-policy-priority: ShallowMergePreferParent` instead of `delegation.kgateway.dev/inherited-policy-priority: PreferParent` and `kgateway.dev/inherited-policy-priority: ShallowMergePreferChild` instead of `delegation.kgateway.dev/inherited-policy-priority: PreferChild`, as annotations to define inherited policy priority for delegated routes. By default, child HTTPRoute policies take precedence over parent HTTPRoute policies for delegated routes. ``` Additional Notes Part of kgateway-dev#11642 Signed-off-by: Shashank Ram <[email protected]>
lgadban
reviewed
Jul 15, 2025
Signed-off-by: Shashank Ram <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Generalizes inherited policy merging so that a resource higher in the config hierarchy can define the merge strategy to use.
4 merging strategies are supported: ShallowMergePreferChild(default), ShallowMergePreferParent, DeepMergePreferChild, DeepMergePreferParent.
The DeepMerge* variants are only implemented for TrafficPolicy's
transformationfield. Depending on the merge strategy, the higher priority transformations are ordered first.policy.MergePoliciesimplements a generic variant for merging policies within the same hierarchy, and then across hierarchies.Implements policy inheritance for builtin policies, i.e. a parent route's inherited policy priority is honored unlike before.
Uses the generic
kgateway.dev/inherited-policy-priorityannotation and removes the delegation specific annotation.Makes ShallowMergePreferChild the default inherited policy for delegation so that child route's policies can override parent policies by default. This is a breaking change.
Change Type
Changelog
Additional Notes
Part of #11642