From 3d298882619dcc685e9f2cbe5d28dca4f57f32a7 Mon Sep 17 00:00:00 2001 From: huabing zhao Date: Sat, 9 Mar 2024 19:29:34 +0800 Subject: [PATCH 1/2] remove ProcessBackendTLSPoliciesAncestorRef Signed-off-by: huabing zhao --- internal/gatewayapi/backendtlspolicy.go | 38 ---------------------- internal/gatewayapi/translator.go | 5 +-- internal/provider/kubernetes/controller.go | 6 ++-- 3 files changed, 4 insertions(+), 45 deletions(-) diff --git a/internal/gatewayapi/backendtlspolicy.go b/internal/gatewayapi/backendtlspolicy.go index 8c022d34522..e147589577a 100644 --- a/internal/gatewayapi/backendtlspolicy.go +++ b/internal/gatewayapi/backendtlspolicy.go @@ -162,41 +162,3 @@ func getBackendTLSBundle(policies []*gwapiv1a2.BackendTLSPolicy, configmaps []*c return tlsBundle, nil } - -func (t *Translator) ProcessBackendTLSPoliciesAncestorRef(backendTLSPolicies []*gwapiv1a2.BackendTLSPolicy, gateways []*GatewayContext) []*gwapiv1a2.BackendTLSPolicy { - - var res []*gwapiv1a2.BackendTLSPolicy - - for _, btlsPolicy := range backendTLSPolicies { - - policy := btlsPolicy.DeepCopy() - res = append(res, policy) - - if policy.Status.Ancestors != nil { - for k, status := range policy.Status.Ancestors { - if status.AncestorRef.Kind != nil && *status.AncestorRef.Kind != KindGateway { - continue - } - exist := false - for _, gwContext := range gateways { - gw := gwContext.Gateway - if gw.Name == string(status.AncestorRef.Name) && gw.Namespace == NamespaceDerefOrAlpha(status.AncestorRef.Namespace, "default") { - for _, lis := range gw.Spec.Listeners { - if lis.Name == ptr.Deref(status.AncestorRef.SectionName, "") { - exist = true - } - } - } - } - - if !exist { - policy.Status.Ancestors = append(policy.Status.Ancestors[:k], policy.Status.Ancestors[k+1:]...) - } - } - } else { - policy.Status.Ancestors = []gwapiv1a2.PolicyAncestorStatus{} - } - } - - return res -} diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 51b7b6fb7dd..83a819fbd23 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -207,15 +207,12 @@ func (t *Translator) Translate(resources *Resources) *TranslateResult { securityPolicies := t.ProcessSecurityPolicies( resources.SecurityPolicies, gateways, routes, resources, xdsIR) - backendTLSPolicies := t.ProcessBackendTLSPoliciesAncestorRef( - resources.BackendTLSPolicies, gateways) - // Sort xdsIR based on the Gateway API spec sortXdsIRMap(xdsIR) return newTranslateResult(gateways, httpRoutes, grpcRoutes, tlsRoutes, tcpRoutes, udpRoutes, clientTrafficPolicies, backendTrafficPolicies, - securityPolicies, backendTLSPolicies, xdsIR, infraIR) + securityPolicies, resources.BackendTLSPolicies, xdsIR, infraIR) } diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index fe9a0242ed4..3a0f03df09a 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -873,9 +873,9 @@ func (r *gatewayAPIReconciler) processBackendTLSPolicies( for _, policy := range backendTLSPolicies.Items { policy := policy - // Discard Status to reduce memory consumption in watchable - // It will be recomputed by the gateway-api layer - policy.Status = gwapiv1a2.PolicyStatus{} // todo ? + // The status of BackendTLSPolicies can't be discarded because the status + // can be modified by multiple controllers. + policy.Status = gwapiv1a2.PolicyStatus{} resourceTree.BackendTLSPolicies = append(resourceTree.BackendTLSPolicies, &policy) } From 47c96831542d0e628d554ccdb356dee9dd896ae6 Mon Sep 17 00:00:00 2001 From: huabing zhao Date: Sun, 10 Mar 2024 09:26:00 +0800 Subject: [PATCH 2/2] address comments Signed-off-by: huabing zhao --- internal/provider/kubernetes/controller.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 3a0f03df09a..c745c86ffb0 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -875,7 +875,6 @@ func (r *gatewayAPIReconciler) processBackendTLSPolicies( policy := policy // The status of BackendTLSPolicies can't be discarded because the status // can be modified by multiple controllers. - policy.Status = gwapiv1a2.PolicyStatus{} resourceTree.BackendTLSPolicies = append(resourceTree.BackendTLSPolicies, &policy) }