auto enable gateway api support (#592)

auto enable gateway API support

Signed-off-by: Alice-Lilith <[email protected]>

cmd/agent/main.go

@@ -111,7 +111,7 @@ func cmd() *cobra.Command {
 
 	// feature flags
 	c.Flags().BoolVar(&opts.enableFeatureIngress, "enable-feature-ingress", true, "Enables the Ingress controller")
-	c.Flags().BoolVar(&opts.enableFeatureGateway, "enable-feature-gateway", false, "Enables the Gateway controller")
+	c.Flags().BoolVar(&opts.enableFeatureGateway, "enable-feature-gateway", true, "When true, enables support for Gateway API if the CRDs are detected. When false, Gateway API support will not be enabled")
 	c.Flags().BoolVar(&opts.disableGatewayReferenceGrants, "disable-reference-grants", false, "Opts-out of requiring ReferenceGrants for cross namespace references in Gateway API config")
 	c.Flags().BoolVar(&opts.enableFeatureBindings, "enable-feature-bindings", false, "Enables the Endpoint Bindings controller")
 
@@ -147,56 +147,55 @@ func runController(ctx context.Context, opts managerOpts) error {
 	}
 
 	// shared features between Ingress and Gateway (tunnels)
-	if opts.enableFeatureIngress || opts.enableFeatureGateway {
-		var comments tunneldriver.TunnelDriverComments
-		if opts.enableFeatureGateway {
-			comments = tunneldriver.TunnelDriverComments{
-				Gateway: "gateway-api",
-			}
-		}
 
-		rootCAs := "trusted"
-		if opts.rootCAs != "" {
-			rootCAs = opts.rootCAs
+	var comments tunneldriver.TunnelDriverComments
+	if opts.enableFeatureGateway {
+		comments = tunneldriver.TunnelDriverComments{
+			Gateway: "gateway-api",
 		}
+	}
 
-		td, err := tunneldriver.New(ctx, ctrl.Log.WithName("drivers").WithName("tunnel"),
-			tunneldriver.TunnelDriverOpts{
-				ServerAddr: opts.serverAddr,
-				Region:     opts.region,
-				RootCAs:    rootCAs,
-				Comments:   &comments,
-			},
-		)
-
-		if err != nil {
-			return fmt.Errorf("unable to create tunnel driver: %w", err)
-		}
+	rootCAs := "trusted"
+	if opts.rootCAs != "" {
+		rootCAs = opts.rootCAs
+	}
 
-		// register healthcheck for tunnel driver
-		healthcheck.RegisterHealthChecker(td)
-
-		if err = (&agentcontroller.TunnelReconciler{
-			Client:       mgr.GetClient(),
-			Log:          ctrl.Log.WithName("controllers").WithName("tunnel"),
-			Scheme:       mgr.GetScheme(),
-			Recorder:     mgr.GetEventRecorderFor("tunnel-controller"),
-			TunnelDriver: td,
-		}).SetupWithManager(mgr); err != nil {
-			setupLog.Error(err, "unable to create controller", "controller", "Tunnel")
-			os.Exit(1)
-		}
+	td, err := tunneldriver.New(ctx, ctrl.Log.WithName("drivers").WithName("tunnel"),
+		tunneldriver.TunnelDriverOpts{
+			ServerAddr: opts.serverAddr,
+			Region:     opts.region,
+			RootCAs:    rootCAs,
+			Comments:   &comments,
+		},
+	)
 
-		if err = (&agentcontroller.AgentEndpointReconciler{
-			Client:       mgr.GetClient(),
-			Log:          ctrl.Log.WithName("controllers").WithName("agentendpoint"),
-			Scheme:       mgr.GetScheme(),
-			Recorder:     mgr.GetEventRecorderFor("agentendpoint-controller"),
-			TunnelDriver: td,
-		}).SetupWithManager(mgr); err != nil {
-			setupLog.Error(err, "unable to create controller", "controller", "AgentEndpoint")
-			os.Exit(1)
-		}
+	if err != nil {
+		return fmt.Errorf("unable to create tunnel driver: %w", err)
+	}
+
+	// register healthcheck for tunnel driver
+	healthcheck.RegisterHealthChecker(td)
+
+	if err = (&agentcontroller.TunnelReconciler{
+		Client:       mgr.GetClient(),
+		Log:          ctrl.Log.WithName("controllers").WithName("tunnel"),
+		Scheme:       mgr.GetScheme(),
+		Recorder:     mgr.GetEventRecorderFor("tunnel-controller"),
+		TunnelDriver: td,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "Tunnel")
+		os.Exit(1)
+	}
+
+	if err = (&agentcontroller.AgentEndpointReconciler{
+		Client:       mgr.GetClient(),
+		Log:          ctrl.Log.WithName("controllers").WithName("agentendpoint"),
+		Scheme:       mgr.GetScheme(),
+		Recorder:     mgr.GetEventRecorderFor("agentendpoint-controller"),
+		TunnelDriver: td,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "AgentEndpoint")
+		os.Exit(1)
 	}
 
 	// register healthchecks

cmd/api/main.go

@@ -28,6 +28,7 @@ import (
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
 
+	"k8s.io/client-go/discovery"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"k8s.io/utils/ptr"
@@ -76,8 +77,8 @@ var (
 
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-	utilruntime.Must(gatewayv1beta1.Install(scheme))
 	utilruntime.Must(gatewayv1.Install(scheme))
+	utilruntime.Must(gatewayv1beta1.Install(scheme))
 	utilruntime.Must(ingressv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(ngrokv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(bindingsv1alpha1.AddToScheme(scheme))
@@ -164,7 +165,7 @@ func cmd() *cobra.Command {
 
 	// feature flags
 	c.Flags().BoolVar(&opts.enableFeatureIngress, "enable-feature-ingress", true, "Enables the Ingress controller")
-	c.Flags().BoolVar(&opts.enableFeatureGateway, "enable-feature-gateway", false, "Enables the Gateway controller")
+	c.Flags().BoolVar(&opts.enableFeatureGateway, "enable-feature-gateway", true, "When true, enables support for Gateway API if the CRDs are detected. When false, Gateway API support will not be enabled")
 	c.Flags().BoolVar(&opts.disableGatewayReferenceGrants, "disable-reference-grants", false, "Opts-out of requiring ReferenceGrants for cross namespace references in Gateway API config")
 	c.Flags().BoolVar(&opts.enableFeatureBindings, "enable-feature-bindings", false, "Enables the Endpoint Bindings controller")
 	c.Flags().StringSliceVar(&opts.bindings.endpointSelectors, "bindings-endpoint-selectors", []string{"true"}, "Endpoint Selectors for Endpoint Bindings")
@@ -194,6 +195,31 @@ func startOperator(ctx context.Context, opts managerOpts) error {
 		return fmt.Errorf("unable to create k8s client: %w", err)
 	}
 
+	// Unless we are fully opting-out of GWAPI support, check if the CRDs are installed. If not, disable GWAPI support
+	if opts.enableFeatureGateway {
+		discoveryClient, err := discovery.NewDiscoveryClientForConfig(k8sConfig)
+		if err != nil {
+			return fmt.Errorf("unable to create discovery client: %w", err)
+		}
+
+		apiGroupList, err := discoveryClient.ServerGroups()
+		if err != nil {
+			return fmt.Errorf("unable to list server groups: %w", err)
+		}
+
+		gatewayAPIGroupInstalled := false
+		for _, group := range apiGroupList.Groups {
+			if group.Name == "gateway.networking.k8s.io" {
+				gatewayAPIGroupInstalled = true
+				break
+			}
+		}
+		if !gatewayAPIGroupInstalled {
+			setupLog.Info("Gateway API CRDs not detected, Gateway feature set will be disabled")
+			opts.enableFeatureGateway = false
+		}
+	}
+
 	var ok bool
 	opts.namespace, ok = os.LookupEnv("POD_NAMESPACE")
 	if !ok {

helm/ngrok-operator/README.md

@@ -143,11 +143,11 @@ To uninstall the chart:
 
 ### Kubernetes Gateway feature configuration
 
-| Name                             | Description                                                                                                             | Value   |
-| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------- |
-| `useExperimentalGatewayApi`      | DEPRECATED: Use gateway.enabled instead                                                                                 |         |
-| `gateway.enabled`                | When true, enable the Gateway controller                                                                                | `false` |
-| `gateway.disableReferenceGrants` | When true, disables required ReferenceGrants for cross-namespace references. Does nothing when gateway.enabled is false | `false` |
+| Name                             | Description                                                                                                                    | Value   |
+| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------- |
+| `useExperimentalGatewayApi`      | DEPRECATED: Use gateway.enabled instead                                                                                        |         |
+| `gateway.enabled`                | When true, Gateway API support will be enabled if the CRDs are detected. When false, Gateway API support will never be enabled | `true`  |
+| `gateway.disableReferenceGrants` | When true, disables required ReferenceGrants for cross-namespace references. Does nothing when gateway.enabled is false        | `false` |
 
 ### Kubernetes Bindings feature configuration
 

helm/ngrok-operator/values.yaml

@@ -278,11 +278,11 @@ agent:
 ## @section Kubernetes Gateway feature configuration
 ##
 ## @extra useExperimentalGatewayApi DEPRECATED: Use gateway.enabled instead
-## @param gateway.enabled When true, enable the Gateway controller
+## @param gateway.enabled When true, Gateway API support will be enabled if the CRDs are detected. When false, Gateway API support will never be enabled
 ## @param gateway.disableReferenceGrants When true, disables required ReferenceGrants for cross-namespace references. Does nothing when gateway.enabled is false
 ##
 gateway:
-  enabled: false
+  enabled: true # Enabled by default if the Gateway API CRDs are detected
   disableReferenceGrants: false
 
 ##