Support attaching ListenerSets across namespaces (#3632)

* Add support for cross-namespace gateway attachment

* drop 'Support: Core' from the listener set go types

* update GEP to match go types

* move some goals that are now addressed by the GEP

* Update gateway_types.go

Co-authored-by: Shane Utt <[email protected]>

* Make ListenerSets opt-in and remove extra ':w'

---------

Co-authored-by: Shane Utt <[email protected]>

Author: dprotaso

apis/v1/gateway_types.go

@@ -307,14 +307,22 @@ type ListenerNamespaces struct {
 	// values are:
 	//
 	// * Same: Only ListenerSets in the same namespace may be attached to this Gateway.
+	// * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway.
+	// * All: ListenerSets in all namespaces may be attached to this Gateway.
 	// * None: Only listeners defined in the Gateway's spec are allowed
 	//
 	// While this feature is experimental, the default value None
 	//
 	// +optional
 	// +kubebuilder:default=None
-	// +kubebuilder:validation:Enum=Same;None
 	From *FromNamespaces `json:"from,omitempty"`
+
+	// Selector must be specified when From is set to "Selector". In that case,
+	// only ListenerSets in Namespaces matching this Selector will be selected by this
+	// Gateway. This field is ignored for other values of "From".
+	//
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
 }
 
 // Listener embodies the concept of a logical endpoint where a Gateway accepts

apis/v1/zz_generated.deepcopy.go

@@ -95,8 +95,6 @@ type ListenerEntry struct {
 	// Name is not required to be unique across a Gateway and ListenerSets.
 	// Routes can attach to a Listener by having a ListenerSet as a parentRef
 	// and setting the SectionName
-	//
-	// Support: Core
 	Name SectionName `json:"name"`
 
 	// Hostname specifies the virtual hostname to match for protocol types that
@@ -124,22 +122,16 @@ type ListenerEntry struct {
 	// as a suffix match. That means that a match for `*.example.com` would match
 	// both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
 	//
-	// Support: Core
-	//
 	// +optional
 	Hostname *Hostname `json:"hostname,omitempty"`
 
 	// Port is the network port. Multiple listeners may use the
 	// same port, subject to the Listener compatibility rules.
 	//
-	// Support: Core
-	//
 	// +optional
 	Port PortNumber `json:"port,omitempty"`
 
 	// Protocol specifies the network protocol this listener expects to receive.
-	//
-	// Support: Core
 	Protocol ProtocolType `json:"protocol"`
 
 	// TLS is the TLS configuration for the Listener. This field is required if
@@ -152,8 +144,6 @@ type ListenerEntry struct {
 	// The GatewayClass MUST use the longest matching SNI out of all
 	// available certificates for any TLS handshake.
 	//
-	// Support: Core
-	//
 	// +optional
 	TLS *GatewayTLSConfig `json:"tls,omitempty"`
 
@@ -180,7 +170,6 @@ type ListenerEntry struct {
 	// example, even if a filter specified by a Route rule is invalid, the rest
 	// of the rules within that Route should still be supported.
 	//
-	// Support: Core
 	// +kubebuilder:default={namespaces:{from: Same}}
 	// +optional
 	AllowedRoutes *AllowedRoutes `json:"allowedRoutes,omitempty"`

apisx/v1alpha1/listenerset_types.go

@@ -39,6 +39,8 @@ type (
 	RouteGroupKind = v1.RouteGroupKind
 	// +k8s:deepcopy-gen=false
 	SectionName = v1.SectionName
+	// +k8s:deepcopy-gen=false
+	Namespace = v1.Namespace
 )
 
 // ParentGatewayReference identifies an API object including its namespace,
@@ -58,4 +60,11 @@ type ParentGatewayReference struct {
 
 	// Name is the name of the referent.
 	Name ObjectName `json:"name"`
+
+	// Namespace is the namespace of the referent.  If not present,
+	// the namespace of the referent is assumed to be the same as
+	// the namespace of the referring object.
+	//
+	// +optional
+	Namespace *Namespace `json:"namespace,omitempty"`
 }