get operator in sync with Contour (#464)

Updates operator per Contour changes:

projectcontour/contour#4141
projectcontour/contour#4138
projectcontour/contour#4145

Signed-off-by: Steve Kriss <[email protected]>

config/crd/contour/01-crds.yaml

@@ -1890,6 +1890,12 @@ spec:
                       description: RequestHashPolicy contains configuration for an
                         individual hash policy on a request attribute.
                       properties:
+                        hashSourceIP:
+                          description: HashSourceIP should be set to true when request
+                            source IP hash based load balancing is desired. It must
+                            be the only hash option field set, otherwise this request
+                            hash policy object will be ignored.
+                          type: boolean
                         headerHashOptions:
                           description: HeaderHashOptions should be set when request
                             header hash based load balancing is desired. It must be
@@ -2565,6 +2571,12 @@ spec:
                             description: RequestHashPolicy contains configuration
                               for an individual hash policy on a request attribute.
                             properties:
+                              hashSourceIP:
+                                description: HashSourceIP should be set to true when
+                                  request source IP hash based load balancing is desired.
+                                  It must be the only hash option field set, otherwise
+                                  this request hash policy object will be ignored.
+                                type: boolean
                               headerHashOptions:
                                 description: HeaderHashOptions should be set when
                                   request header hash based load balancing is desired.
@@ -3269,6 +3281,12 @@ spec:
                           description: RequestHashPolicy contains configuration for
                             an individual hash policy on a request attribute.
                           properties:
+                            hashSourceIP:
+                              description: HashSourceIP should be set to true when
+                                request source IP hash based load balancing is desired.
+                                It must be the only hash option field set, otherwise
+                                this request hash policy object will be ignored.
+                              type: boolean
                             headerHashOptions:
                               description: HeaderHashOptions should be set when request
                                 header hash based load balancing is desired. It must
@@ -3616,7 +3634,7 @@ spec:
                     description: The fully qualified domain name of the root of the
                       ingress tree all leaves of the DAG rooted at this object relate
                       to the fqdn.
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
                   rateLimitPolicy:
                     description: The policy for rate limiting on the virtual host.

config/rbac/role.yaml

@@ -95,6 +95,7 @@ rules:
   - gatewayclasses
   - gateways
   - httproutes
+  - referencepolicies
   - tlsroutes
   verbs:
   - get

examples/operator/operator.yaml

@@ -2525,6 +2525,12 @@ spec:
                       description: RequestHashPolicy contains configuration for an
                         individual hash policy on a request attribute.
                       properties:
+                        hashSourceIP:
+                          description: HashSourceIP should be set to true when request
+                            source IP hash based load balancing is desired. It must
+                            be the only hash option field set, otherwise this request
+                            hash policy object will be ignored.
+                          type: boolean
                         headerHashOptions:
                           description: HeaderHashOptions should be set when request
                             header hash based load balancing is desired. It must be
@@ -4143,6 +4149,12 @@ spec:
                             description: RequestHashPolicy contains configuration
                               for an individual hash policy on a request attribute.
                             properties:
+                              hashSourceIP:
+                                description: HashSourceIP should be set to true when
+                                  request source IP hash based load balancing is desired.
+                                  It must be the only hash option field set, otherwise
+                                  this request hash policy object will be ignored.
+                                type: boolean
                               headerHashOptions:
                                 description: HeaderHashOptions should be set when
                                   request header hash based load balancing is desired.
@@ -4847,6 +4859,12 @@ spec:
                           description: RequestHashPolicy contains configuration for
                             an individual hash policy on a request attribute.
                           properties:
+                            hashSourceIP:
+                              description: HashSourceIP should be set to true when
+                                request source IP hash based load balancing is desired.
+                                It must be the only hash option field set, otherwise
+                                this request hash policy object will be ignored.
+                              type: boolean
                             headerHashOptions:
                               description: HeaderHashOptions should be set when request
                                 header hash based load balancing is desired. It must
@@ -5194,7 +5212,7 @@ spec:
                     description: The fully qualified domain name of the root of the
                       ingress tree all leaves of the DAG rooted at this object relate
                       to the fqdn.
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
                   rateLimitPolicy:
                     description: The policy for rate limiting on the virtual host.
@@ -8967,6 +8985,7 @@ rules:
   - gatewayclasses
   - gateways
   - httproutes
+  - referencepolicies
   - tlsroutes
   verbs:
   - get

internal/objects/clusterrole/cluster_role.go

@@ -104,8 +104,9 @@ func desiredClusterRole(name string, contour *operatorv1alpha1.Contour) *rbacv1.
 	gateway := rbacv1.PolicyRule{
 		Verbs:     verbGLWU,
 		APIGroups: groupGateway,
-		Resources: []string{"gatewayclasses", "gateways", "httproutes", "tlsroutes"},
+		Resources: []string{"gatewayclasses", "gateways", "httproutes", "tlsroutes", "referencepolicies"},
 	}
+	// Note, ReferencePolicy does not currently have a .status field so it's omitted from the below.
 	gatewayStatus := rbacv1.PolicyRule{
 		Verbs:     verbCGU,
 		APIGroups: groupGateway,

internal/operator/operator.go

@@ -23,7 +23,6 @@ import (
 	"github.com/projectcontour/contour-operator/internal/controller"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/rest"
 	controller_runtime "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -60,7 +59,8 @@ type Operator struct {
 // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;delete;create;update
 // +kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update
-// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses;gateways;httproutes;tlsroutes,verbs=get;list;watch;update
+// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses;gateways;httproutes;tlsroutes;referencepolicies,verbs=get;list;watch;update
+// Note, ReferencePolicy does not currently have a .status field so it's omitted from the below.
 // +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses/status;gateways/status;httproutes/status;tlsroutes/status,verbs=create;get;update
 // Required for Contour to set "unsupported" status
 // +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=udproutes;tcproutes,verbs=get;list;watch
@@ -129,25 +129,3 @@ func (o *Operator) Start(ctx context.Context) error {
 		return err
 	}
 }
-
-// GatewayAPIResources for Operator.
-// The list omits TCP and UDP routes since they're unsupported by operator.
-func GatewayAPIResources() []schema.GroupVersionResource {
-	return []schema.GroupVersionResource{{
-		Group:    gatewayv1alpha2.GroupVersion.Group,
-		Version:  gatewayv1alpha2.GroupVersion.Version,
-		Resource: "gatewayclasses",
-	}, {
-		Group:    gatewayv1alpha2.GroupVersion.Group,
-		Version:  gatewayv1alpha2.GroupVersion.Version,
-		Resource: "gateways",
-	}, {
-		Group:    gatewayv1alpha2.GroupVersion.Group,
-		Version:  gatewayv1alpha2.GroupVersion.Version,
-		Resource: "httproutes",
-	}, {
-		Group:    gatewayv1alpha2.GroupVersion.Group,
-		Version:  gatewayv1alpha2.GroupVersion.Version,
-		Resource: "tlsroutes",
-	}}
-}