AlinsRan opened a new pull request, #2791:
URL: https://github.com/apache/apisix-ingress-controller/pull/2791
## Description
This PR adds the `L4RoutePolicy` CRD (`apisix.apache.org/v1alpha1`)
following the Gateway API Policy Attachment pattern. It attaches APISIX stream
plugins to Gateway API L4 routes — `TCPRoute`, `UDPRoute`, and `TLSRoute`.
### What's included
- New API type `L4RoutePolicy` with generated CRD, deepcopy, RBAC, and API
reference docs.
- Indexer, TCP/UDP/TLSRoute controller watches, and translator support that
merges the policy's stream plugins into the matching stream routes.
- `targetRefs` validation: `kind` must be `TCPRoute`/`UDPRoute`/`TLSRoute`
and `group` must be `gateway.networking.k8s.io`.
- `sectionName` targeting is not supported for L4 routes, so such refs are
ignored both when accepting a policy and when attaching plugins.
- Deterministic conflict resolution (oldest policy wins) with Gateway API
`PolicyAncestorStatus` reporting, including correct ancestor cleanup on route
deletion.
- e2e tests (TCPRoute) and translator/controller unit tests.
### Example
```yaml
apiVersion: apisix.apache.org/v1alpha1
kind: L4RoutePolicy
metadata:
name: tcp-policy
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: TCPRoute
name: my-tcproute
plugins:
- name: ip-restriction
config:
whitelist:
- 127.0.0.0/24
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
