Support Gateway Selection using Ingress Labels

[pastequo]

Changes

This PR was built on top of #1249

This is why there are a lot of changes (it includes 2 PRs in one)

• Introduce LabelSelector on istio config
• Filter gateway to use based on ingress labels & configuration label selector

/kind enhancement

Fixes #1248

Release Note

Services can be exposed by a specific istio gateway. Administrators, by using the new istio config format, are able to associate a label selector to their istio gateway. More information [here](https://docs.google.com/document/d/12X1-9nhjAhpf-Wlt3RbdoMbvx31zFBva/edit#heading=h.gjdgxs)

Docs

[knative-prow]

@pastequo: The label(s) kind/<kind> cannot be applied, because the repository doesn't have them.

In response to this:

Changes

This PR was built on top of #1249

• Introduce LabelSelector on istio config
• Filter gateway to use based on ingress labels & configuration label selector

/kind

Fixes #1248

Release Note

Docs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[knative-prow]

Hi @pastequo. Thanks for your PR.

I'm waiting for a knative-extensions member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Attention: Patch coverage is 83.64780% with 26 lines in your changes are missing coverage. Please review.

Project coverage is 80.28%. Comparing base (e73d356) to head (1f02be8).
Report is 1 commits behind head on main.

Files	Patch %	Lines
pkg/reconciler/ingress/resources/gateway.go	76.74%	13 Missing and 7 partials ⚠️
pkg/reconciler/ingress/ingress.go	90.00%	2 Missing and 1 partial ⚠️
pkg/reconciler/ingress/lister.go	40.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1250      +/-   ##
==========================================
- Coverage   80.51%   80.28%   -0.24%     
==========================================
  Files          26       26              
  Lines        2022     2115      +93     
==========================================
+ Hits         1628     1698      +70     
- Misses        301      316      +15     
- Partials       93      101       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pastequo]

Contrary to what was documented, I felt like it was wrong to implement here the check about the number of gateway (for example a maximum of one external gateway should be selected thru labels)

Even if it's not officially supported, a great part of the code acts as multiple gateway is possible. In particular, a lot of tests are using a configuration with multiple gateways.

If the change is confirmed, I think it should be done on a separated PR

[dprotaso]

You'll need to rebase since the prior PR merged.

I felt like it was wrong to implement here the check about the number of gateway (for example a maximum of one external gateway should be selected thru labels)

I'll bring it up at the WG group meeting tomorrow to see what others think.

My thoughts are given that we don't probe all gateways you could say allowing that behaviour is broken. If we have a plan to address the broken behaviour then we can drop the check.

[dprotaso]

/ok-to-test

[dprotaso]

Following up from the WG discussion - we'll want to add a check to ensure only a single gateway is selected (cause that's all we support). It's fine that this is done after this PR lands in a follow up change

[pastequo]

/retest

[skonto]

It seems to me that wherever we have a kmeta.Accessor we could replace it with ing *v1alpha1.Ingress, correct?

[pastequo]

True. I used to have ing *v1alpha1.Ingress & @dprotaso made me change for this. Which is imho better to depends on a small interface rather than an implementation

See #1250 (comment)

[skonto]

It depends generalizing for one case it is still weird but maybe a good fir for the GetLabels method.

[skonto]

We could have as an alternative, something like:

func toYamlNewFormatGateways(data []Gateway) string {
	bytes, _ := yaml.Marshal(data)
	return string(bytes)
}

"external-gateways": toYamlNewFormatGateways([]Gateway{
  {
    Namespace:  "unused",
    Name:       "unused",
    ServiceURL: "default.default.svc.cluster.local",
  },
  {
    Namespace:  "namespace",
    Name:       "gateway",
    ServiceURL: "istio-gateway.istio-system.svc.cluster.local",
    LabelSelector: &metav1.LabelSelector{
      MatchExpressions: []metav1.LabelSelectorRequirement{
        {
          Key:      "key",
          Operator: metav1.LabelSelectorOpIn,
          Values:   []string{"value"},
        },
      },
    },
  }},
),

[pastequo]

I think I rather have a string that reflects exactly what a user would have written, rather than generate it

[skonto]

For the scenarios you want to check just the user syntax yes, for the rest where you want to run test cases based on valid content it is safer. Anyway no strong preference.

[pastequo]

I think we should document this feature. Is this something we plan to do?

Do you mean aside from the google doc ? https://docs.google.com/document/d/12X1-9nhjAhpf-Wlt3RbdoMbvx31zFBva/edit#heading=h.gjdgxs

Something here https://github.com/knative/docs ? Or somewhere else ?

[skonto]

Something here https://github.com/knative/docs ?

yes

[pastequo]

Issue created: knative/docs#5905

[dprotaso]

/approve

Leaving lgtm for stavros

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso, pastequo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dprotaso]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[skonto]

@pastequo could you rebase pls so we can stamp it?

[skonto]

/lgtm
/hold for tests

[skonto]

/unhold

[dprotaso]

🎉 thanks @pastequo for your help on landing this