chinmoysahu opened a new pull request, #815: URL: https://github.com/apache/solr-operator/pull/815
## Summary This PR adds support for the Kubernetes Gateway API as a new external addressability method for SolrCloud instances. Gateway API is the successor to the Ingress API and provides a more flexible, vendor-neutral way to manage ingress traffic in Kubernetes. ## Features ### Gateway API Integration - **New addressability method**: `spec.solrAddressability.external.method: Gateway` - **Automatic HTTPRoute management** for common and per-node services - **Cross-namespace Gateway references** with optional listener targeting via `sectionName` - **Custom labels and annotations** for HTTPRoute resources ### BackendTLSPolicy Support - **Automatic TLS policy creation** for secure backend connections when `spec.solrTLS` is enabled - **Flexible CA configuration**: CA certificate references (ConfigMap/Secret) or well-known CAs - **Per-service policies** for common and individual node services ## API Changes **New Types** (`api/v1beta1/solrcloud_types.go`): - `SolrGatewayOptions`, `GatewayParentReference`, `SolrBackendTLSPolicy`, `GatewayCertificateReference` **New Utility Functions** (`controllers/util/`): - `gateway_util.go`: HTTPRoute generation and management - `gateway_util_backendtls.go`: BackendTLSPolicy generation and management **RBAC**: Added permissions for `httproutes` and `backendtlspolicies` in `gateway.networking.k8s.io` API group ## Documentation - `docs/solr-cloud/gateway-api.md`: Comprehensive usage guide with configuration examples, BackendTLSPolicy setup, and Gateway implementation support matrix (Envoy Gateway, kgateway, NGINX Gateway Fabric, etc.) - `docs/solr-cloud/README.md`: Added Gateway API reference ## Dependency Updates **Gateway API v1.4.0+** is required to use the stable `v1` API for `BackendTLSPolicy` (GA). This upgrade forced Go 1.24.0+ ([required by Gateway API v1.4.0](https://github.com/kubernetes-sigs/gateway-api/blob/v1.4.0/go.mod#L3)), which cascaded to Kubernetes libraries (v0.34.1) and controller-runtime (v0.22.1). **CRD Changes**: Extensive changes in `config/crd/bases/*.yaml` include new Gateway API fields plus upstream schema updates from Kubernetes library upgrades (deprecation notices, field descriptions, etc.). These are auto-generated by `controller-gen`. **References:** - [Gateway API v1.4.0 Release](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.4.0) - [Gateway API v1.4.0 go.mod](https://github.com/kubernetes-sigs/gateway-api/blob/v1.4.0/go.mod) - [Go 1.24 Release Notes](https://go.dev/doc/go1.24) ## Example Configuration ```yaml apiVersion: solr.apache.org/v1beta1 kind: SolrCloud metadata: name: example namespace: solr-ns spec: replicas: 3 solrImage: tag: "9.7.0" solrTLS: pkcs12Secret: name: solr-tls-cert key: keystore.p12 solrAddressability: external: method: Gateway domainName: solr.example.com useExternalAddress: true gateway: parentRefs: - name: my-gateway namespace: gateway-ns sectionName: https backendTLSPolicy: caCertificateRefs: - name: solr-ca-cert ``` ## Testing **E2E Tests** (`tests/e2e/solrcloud_gateway_test.go`): - HTTPRoute and BackendTLSPolicy lifecycle management - CA certificate configuration switching - Resource cleanup and orphan handling **Manual Testing**: - ✅ Tested with kgateway on Kubernetes 1.32 - ✅ Verified with both NGINX Ingress and Gateway modes to ensure backward compatibility - ✅ Verified cross-namespace Gateway references - ✅ Confirmed TLS backend connections with BackendTLSPolicy ## Compatibility - **Gateway API**: v1.4.0+ required (BackendTLSPolicy GA support) - **Kubernetes**: 1.23+ (Gateway API CRDs must be installed) - **Backward compatible**: Existing Ingress and other addressability methods unchanged - **Breaking changes**: None ## Migration Path 1. Install Gateway API CRDs (v1.4.0+) 2. Deploy a Gateway resource 3. Update SolrCloud spec to use `method: Gateway` 4. Operator automatically creates HTTPRoute resources -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
