projectcapsule
diff --git a/‎Makefile
Lines changed: 8 additions & 0 deletions b/‎Makefile
Lines changed: 8 additions & 0 deletions
diff --git a/‎api/v1beta2/gateway_options.go
Lines changed: 12 additions & 0 deletions b/‎api/v1beta2/gateway_options.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎api/v1beta2/tenant_types.go
Lines changed: 2 additions & 0 deletions b/‎api/v1beta2/tenant_types.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎api/v1beta2/zz_generated.deepcopy.go
Lines changed: 21 additions & 0 deletions b/‎api/v1beta2/zz_generated.deepcopy.go
Lines changed: 21 additions & 0 deletions
diff --git a/‎charts/capsule/README.md
Lines changed: 3 additions & 0 deletions b/‎charts/capsule/README.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎charts/capsule/crds/capsule.clastix.io_tenants.yaml
Lines changed: 51 additions & 0 deletions b/‎charts/capsule/crds/capsule.clastix.io_tenants.yaml
Lines changed: 51 additions & 0 deletions
diff --git a/‎charts/capsule/templates/mutatingwebhookconfiguration.yaml
Lines changed: 23 additions & 0 deletions b/‎charts/capsule/templates/mutatingwebhookconfiguration.yaml
Lines changed: 23 additions & 0 deletions
diff --git a/‎charts/capsule/templates/validatingwebhookconfiguration.yaml
Lines changed: 26 additions & 0 deletions b/‎charts/capsule/templates/validatingwebhookconfiguration.yaml
Lines changed: 26 additions & 0 deletions
diff --git a/‎charts/capsule/values.schema.json
Lines changed: 27 additions & 0 deletions b/‎charts/capsule/values.schema.json
Lines changed: 27 additions & 0 deletions
diff --git a/‎charts/capsule/values.yaml
Lines changed: 6 additions & 0 deletions b/‎charts/capsule/values.yaml
Lines changed: 6 additions & 0 deletions
@@ -224,8 +224,15 @@ golint: golangci-lint
 e2e: ginkgo
 	$(MAKE) e2e-build && $(MAKE) e2e-exec && $(MAKE) e2e-destroy
 
+API_GW         := none
+API_GW_VERSION := v1.3.0
+API_GW_LOOKUP  := kubernetes-sigs/gateway-api/
+e2e-install-deps:
+	@$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/$(API_GW_LOOKUP)/releases/download/$(API_GW_VERSION)/standard-install.yaml
+
 e2e-build: kind
 	$(KIND) create cluster --wait=60s --name $(CLUSTER_NAME) --image kindest/node:$(KUBERNETES_SUPPORTED_VERSION)
+	$(MAKE) e2e-install-deps
 	$(MAKE) e2e-install
 
 .PHONY: e2e-install
@@ -266,6 +273,7 @@ trace-e2e: kind
 	$(KIND) create cluster --wait=60s --image kindest/node:$(KUBERNETES_SUPPORTED_VERSION) --config hack/kind-cluster.yml
 	$(MAKE) e2e-load-image CLUSTER_NAME=capsule-tracing IMAGE=$(CAPSULE_IMG) VERSION=tracing
 	$(MAKE) trace-install
+	$(MAKE) e2e-install-deps
 	$(MAKE) e2e-exec
 	$(KIND) delete cluster --name capsule-tracing
 
 
@@ -0,0 +1,12 @@
+// Copyright 2020-2023 Project Capsule Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1beta2
+
+import (
+	"github.com/projectcapsule/capsule/pkg/api"
+)
+
+type GatewayOptions struct {
+	AllowedClasses *api.SelectionListWithDefaultSpec `json:"allowedClasses,omitempty"`
+}
@@ -49,6 +49,8 @@ type TenantSpec struct {
 	// A default value can be specified, and all the Pod resources created will inherit the declared class.
 	// Optional.
 	PriorityClasses *api.DefaultAllowedListSpec `json:"priorityClasses,omitempty"`
+	// Specifies options for the GatewayClass resources.
+	GatewayOptions GatewayOptions `json:"gatewayOptions,omitempty"`
 	// Toggling the Tenant resources cordoning, when enable resources cannot be deleted.
 	//+kubebuilder:default:=false
 	Cordoned bool `json:"cordoned,omitempty"`
 
@@ -212,6 +212,9 @@ Here the values you can override:
 | webhooks.hooks.defaults.pvc.failurePolicy | string | `"Fail"` |  |
 | webhooks.hooks.defaults.pvc.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` |  |
 | webhooks.hooks.defaults.pvc.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
+| webhooks.hooks.gateways.failurePolicy | string | `"Fail"` |  |
+| webhooks.hooks.gateways.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` |  |
+| webhooks.hooks.gateways.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
 | webhooks.hooks.ingresses.failurePolicy | string | `"Fail"` |  |
 | webhooks.hooks.ingresses.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` |  |
 | webhooks.hooks.ingresses.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
 
@@ -1160,6 +1160,57 @@ spec:
                   If unset, Tenant uses CapsuleConfiguration's forceTenantPrefix
                   Optional
                 type: boolean
+              gatewayOptions:
+                description: Specifies options for the GatewayClass resources.
+                properties:
+                  allowedClasses:
+                    properties:
+                      default:
+                        type: string
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                type: object
               imagePullPolicies:
                 description: Specify the allowed values for the imagePullPolicies
                   option in Pod resources. Capsule assures that all Pod resources
 
@@ -81,6 +81,29 @@ webhooks:
   sideEffects: None
   timeoutSeconds: {{ $.Values.webhooks.mutatingWebhooksTimeoutSeconds }}
 {{- end }}
+{{- with .Values.webhooks.hooks.gateways }}
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    {{- include "capsule.webhooks.service" (dict "path" "/defaults" "ctx" $) | nindent 4 }}
+  failurePolicy: {{ .failurePolicy }}
+  name: gateway.defaults.projectcapsule.dev
+  rules:
+  - apiGroups:
+    - gateway.networking.k8s.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - gateways
+    scope: "Namespaced"
+  namespaceSelector:
+  {{- toYaml .namespaceSelector | nindent 4}}
+  sideEffects: None
+  timeoutSeconds: {{ $.Values.webhooks.mutatingWebhooksTimeoutSeconds }}
+{{- end }}
 {{- with (mergeOverwrite .Values.webhooks.hooks.namespace.mutation .Values.webhooks.hooks.namespaceOwnerReference) }}
 - admissionReviewVersions:
     - v1
 
@@ -40,6 +40,32 @@ webhooks:
   sideEffects: None
   timeoutSeconds: {{ $.Values.webhooks.validatingWebhooksTimeoutSeconds }}
 {{- end }}
+{{- with .Values.webhooks.hooks.gateways }}
+- admissionReviewVersions:
+    - v1
+    - v1beta1
+  clientConfig:
+    {{- include "capsule.webhooks.service" (dict "path" "/gateways" "ctx" $) | nindent 4 }}
+  failurePolicy: {{ .failurePolicy }}
+  matchPolicy: Equivalent
+  name: gateway.projectcapsule.dev
+  namespaceSelector:
+  {{- toYaml .namespaceSelector | nindent 4}}
+  objectSelector: {}
+  rules:
+    - apiGroups:
+        - gateway.networking.k8s.io
+      apiVersions:
+        - v1
+      operations:
+        - CREATE
+        - UPDATE
+      resources:
+        - gateways
+      scope: Namespaced
+  sideEffects: None
+  timeoutSeconds: {{ $.Values.webhooks.validatingWebhooksTimeoutSeconds }}
+{{- end }}
 {{- with .Values.webhooks.hooks.ingresses }}
 - admissionReviewVersions:
     - v1
 
@@ -629,6 +629,33 @@
                             },
                             "type": "object"
                         },
+                        "gateways": {
+                            "properties": {
+                                "failurePolicy": {
+                                    "type": "string"
+                                },
+                                "namespaceSelector": {
+                                    "properties": {
+                                        "matchExpressions": {
+                                            "items": {
+                                                "properties": {
+                                                    "key": {
+                                                        "type": "string"
+                                                    },
+                                                    "operator": {
+                                                        "type": "string"
+                                                    }
+                                                },
+                                                "type": "object"
+                                            },
+                                            "type": "array"
+                                        }
+                                    },
+                                    "type": "object"
+                                }
+                            },
+                            "type": "object"
+                        },
                         "ingresses": {
                             "properties": {
                                 "failurePolicy": {
 
@@ -289,6 +289,12 @@ webhooks:
             operator: Exists
           - key: projectcapsule.dev/cordoned
             operator: Exists
+    gateways:
+      failurePolicy: Fail
+      namespaceSelector:
+        matchExpressions:
+          - key: capsule.clastix.io/tenant
+            operator: Exists
     ingresses:
       failurePolicy: Fail
       namespaceSelector: