remove legacy Settings type (#10458)

docs/content/static/content/osa_provided.md

@@ -15,6 +15,7 @@ Name|Version|License
 [form3tech-oss/jwt-go](https://github.com/form3tech-oss/jwt-go)|v3.2.5+incompatible|MIT License
 [fsnotify/fsnotify](https://github.com/fsnotify/fsnotify)|v1.7.0|BSD 3-clause "New" or "Revised" License
 [ghodss/yaml](https://github.com/ghodss/yaml)|v1.0.1-0.20190212211648-25d852aebe32|MIT License
+[go-logr/logr](https://github.com/go-logr/logr)|v1.4.2|Apache License 2.0
 [go-logr/zapr](https://github.com/go-logr/zapr)|v1.3.0|Apache License 2.0
 [go-openapi/loads](https://github.com/go-openapi/loads)|v0.19.4|Apache License 2.0
 [go-openapi/spec](https://github.com/go-openapi/spec)|v0.19.6|Apache License 2.0

go.mod

@@ -89,6 +89,7 @@ require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20240214155107-6cf1ede4da61
 	github.com/avast/retry-go/v4 v4.3.3
 	github.com/fgrosse/zaptest v1.1.0
+	github.com/go-logr/logr v1.4.2
 	github.com/go-logr/zapr v1.3.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/mock v1.6.0
@@ -174,7 +175,6 @@ require (
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.19.5 // indirect
 	github.com/go-openapi/errors v0.19.2 // indirect

projects/gateway2/Makefile

@@ -14,7 +14,7 @@ test:
 test-full:
 	go test -ldflags=$(LDFLAGS) -count=1 ./...
 
-# internal target used by controller_suite_test.go
+# internal target used by ./controller/controller_suite_test.go & ./setup/ggv2setup_test.go
 envtest:
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)"
 

projects/gateway2/controller/start.go

@@ -23,13 +23,13 @@ import (
 	"github.com/solo-io/gloo/projects/gateway2/extensions2/common"
 	extensionsplug "github.com/solo-io/gloo/projects/gateway2/extensions2/plugin"
 	"github.com/solo-io/gloo/projects/gateway2/extensions2/registry"
+	"github.com/solo-io/gloo/projects/gateway2/extensions2/settings"
 	"github.com/solo-io/gloo/projects/gateway2/ir"
 	"github.com/solo-io/gloo/projects/gateway2/krtcollections"
 	"github.com/solo-io/gloo/projects/gateway2/pkg/client/clientset/versioned"
 	"github.com/solo-io/gloo/projects/gateway2/proxy_syncer"
 	"github.com/solo-io/gloo/projects/gateway2/utils/krtutil"
 	"github.com/solo-io/gloo/projects/gateway2/wellknown"
-	glookubev1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/kube/apis/gloo.solo.io/v1"
 	uzap "go.uber.org/zap"
 	istiokube "istio.io/istio/pkg/kube"
 	"istio.io/istio/pkg/kube/krt"
@@ -68,9 +68,6 @@ type StartConfig struct {
 	AugmentedPods krt.Collection[krtcollections.LocalityPod]
 	UniqueClients krt.Collection[ir.UniqlyConnectedClient]
 
-	InitialSettings *glookubev1.Settings
-	Settings        krt.Singleton[glookubev1.Settings]
-
 	KrtOptions krtutil.KrtOptions
 }
 
@@ -82,6 +79,7 @@ type ControllerBuilder struct {
 	cfg         StartConfig
 	mgr         ctrl.Manager
 	isOurGw     func(gw *apiv1.Gateway) bool
+	settings    settings.Settings
 }
 
 func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuilder, error) {
@@ -138,8 +136,7 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil
 		cfg.KrtOptions,
 		cfg.Client,
 		cli,
-		cfg.InitialSettings,
-		cfg.Settings,
+		setupLog,
 	)
 	gwClasses := sets.New(append(cfg.SetupOpts.ExtraGatewayClasses, wellknown.GatewayClassName)...)
 	isOurGw := func(gw *apiv1.Gateway) bool {
@@ -149,8 +146,6 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil
 	setupLog.Info("initializing proxy syncer")
 	proxySyncer := proxy_syncer.NewProxySyncer(
 		ctx,
-		cfg.InitialSettings,
-		cfg.Settings,
 		wellknown.GatewayControllerName,
 		mgr,
 		cfg.Client,
@@ -172,6 +167,7 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil
 		cfg:         cfg,
 		mgr:         mgr,
 		isOurGw:     isOurGw,
+		settings:    commoncol.Settings,
 	}, nil
 }
 
@@ -196,23 +192,21 @@ func (c *ControllerBuilder) Start(ctx context.Context) error {
 
 	logger.Info("got xds address for deployer", uzap.String("xds_host", xdsHost), uzap.Int32("xds_port", xdsPort))
 
-	integrationEnabled := c.cfg.InitialSettings.Spec.GetGloo().GetIstioOptions().GetEnableIntegration().GetValue()
+	integrationEnabled := c.settings.EnableIstioIntegration
 
 	// copy over relevant aws options (if any) from Settings
 	var awsInfo *deployer.AwsInfo
-	awsOpts := c.cfg.InitialSettings.Spec.GetGloo().GetAwsOptions()
-	if awsOpts != nil {
-		credOpts := awsOpts.GetServiceAccountCredentials()
-		if credOpts != nil {
-			awsInfo = &deployer.AwsInfo{
-				EnableServiceAccountCredentials: true,
-				StsClusterName:                  credOpts.GetCluster(),
-				StsUri:                          credOpts.GetUri(),
-			}
-		} else {
-			awsInfo = &deployer.AwsInfo{
-				EnableServiceAccountCredentials: false,
-			}
+	stsCluster := c.settings.StsClusterName
+	stsUri := c.settings.StsUri
+	if stsCluster != "" && stsUri != "" {
+		awsInfo = &deployer.AwsInfo{
+			EnableServiceAccountCredentials: true,
+			StsClusterName:                  stsCluster,
+			StsUri:                          stsUri,
+		}
+	} else {
+		awsInfo = &deployer.AwsInfo{
+			EnableServiceAccountCredentials: false,
 		}
 	}
 

projects/gateway2/extensions2/common/krt.go

@@ -1,11 +1,14 @@
 package common
 
 import (
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"github.com/solo-io/gloo/projects/gateway2/extensions2/settings"
 	"github.com/solo-io/gloo/projects/gateway2/ir"
 	"github.com/solo-io/gloo/projects/gateway2/krtcollections"
 	"github.com/solo-io/gloo/projects/gateway2/pkg/client/clientset/versioned"
 	"github.com/solo-io/gloo/projects/gateway2/utils/krtutil"
-	glookubev1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/kube/apis/gloo.solo.io/v1"
 	"istio.io/istio/pkg/kube"
 	istiokube "istio.io/istio/pkg/kube"
 	"istio.io/istio/pkg/kube/kclient"
@@ -16,26 +19,28 @@ import (
 )
 
 type CommonCollections struct {
-	OurClient       versioned.Interface
-	Client          kube.Client
-	KrtOpts         krtutil.KrtOptions
-	Secrets         *krtcollections.SecretIndex
-	Pods            krt.Collection[krtcollections.LocalityPod]
-	InitialSettings *glookubev1.Settings
-	Settings        krt.Singleton[glookubev1.Settings]
-	RefGrants       *krtcollections.RefGrantIndex
+	OurClient versioned.Interface
+	Client    kube.Client
+	KrtOpts   krtutil.KrtOptions
+	Secrets   *krtcollections.SecretIndex
+	Pods      krt.Collection[krtcollections.LocalityPod]
+	RefGrants *krtcollections.RefGrantIndex
+
+	// static set of global Settings, non-krt based for dev speed
+	// TODO: this should be refactored to a more correct location,
+	// or even better, be removed entirely and done per Gateway (maybe in GwParams)
+	Settings settings.Settings
 }
 
 func (c *CommonCollections) HasSynced() bool {
-	return c.Secrets.HasSynced() && c.Pods.Synced().HasSynced() && c.RefGrants.HasSynced() && c.Settings.AsCollection().Synced().HasSynced()
+	return c.Secrets.HasSynced() && c.Pods.Synced().HasSynced() && c.RefGrants.HasSynced()
 }
 
 func NewCommonCollections(
 	krtOptions krtutil.KrtOptions,
 	client istiokube.Client,
 	ourClient versioned.Interface,
-	initialSettings *glookubev1.Settings,
-	settings krt.Singleton[glookubev1.Settings],
+	logger logr.Logger,
 ) *CommonCollections {
 	secretClient := kclient.New[*corev1.Secret](client)
 	k8sSecretsRaw := krt.WrapClient(secretClient, krt.WithStop(krtOptions.Stop), krt.WithName("Secrets") /* no debug here - we don't want raw secrets printed*/)
@@ -59,14 +64,18 @@ func NewCommonCollections(
 	refgrantsCol := krt.WrapClient(kclient.New[*gwv1beta1.ReferenceGrant](client), krtOptions.ToOptions("RefGrants")...)
 	refgrants := krtcollections.NewRefGrantIndex(refgrantsCol)
 
+	st, err := settings.BuildSettings()
+	if err != nil {
+		logger.Error(err, "got err while parsing Settings from env")
+	}
+	logger.Info(fmt.Sprintf("got settings from env: %+v", *st))
 	return &CommonCollections{
-		OurClient:       ourClient,
-		Client:          client,
-		KrtOpts:         krtOptions,
-		Secrets:         krtcollections.NewSecretIndex(secrets, refgrants),
-		Pods:            krtcollections.NewPodsCollection(client, krtOptions),
-		Settings:        settings,
-		InitialSettings: initialSettings,
-		RefGrants:       refgrants,
+		OurClient: ourClient,
+		Client:    client,
+		KrtOpts:   krtOptions,
+		Secrets:   krtcollections.NewSecretIndex(secrets, refgrants),
+		Pods:      krtcollections.NewPodsCollection(client, krtOptions),
+		RefGrants: refgrants,
+		Settings:  *st,
 	}
 }

projects/gateway2/extensions2/plugins/destrule/destrule_plugin.go

@@ -26,7 +26,7 @@ const (
 )
 
 func NewPlugin(ctx context.Context, commoncol *common.CommonCollections) extensionsplug.Plugin {
-	if !commoncol.InitialSettings.Spec.GetGloo().GetIstioOptions().GetEnableIntegration().GetValue() {
+	if !commoncol.Settings.EnableIstioIntegration {
 		// don't add support for destination rules if istio integration is not enabled
 		return extensionsplug.Plugin{}
 	}

projects/gateway2/extensions2/plugins/istio/plugin.go

@@ -59,42 +59,35 @@ func (i IstioSettings) Equals(in any) bool {
 var _ ir.PolicyIR = &IstioSettings{}
 
 func NewPlugin(ctx context.Context, commoncol *common.CommonCollections) extensionsplug.Plugin {
+	p := plugin{}
+
 	// TODO: if plumb settings from gw class; then they should be in the new translation pass
 	// the problem is that they get applied to an upstream, and currently we don't have access to the gateway
 	// when translating upstreams. if we want we can add the gateway to the context of PerClientProcessUpstream
-	p := plugin{}
 	sidecarEnabled := envutils.IsEnvTruthy(constants.IstioInjectionEnabled)
-	istiotSettings := krt.NewSingleton(func(ctx krt.HandlerContext) *IstioSettings {
-		settings := krt.FetchOne(ctx, commoncol.Settings.AsCollection())
-		return &IstioSettings{
-			EnableAutoMTLS:              settings.Spec.GetGloo().GetIstioOptions().GetEnableAutoMtls().GetValue(),
-			EnableIstioIntegration:      settings.Spec.GetGloo().GetIstioOptions().GetEnableIntegration().GetValue(),
-			EnableIstioSidecarOnGateway: sidecarEnabled,
-		}
-	}, commoncol.KrtOpts.ToOptions("istiotSettings")...)
+	istioSettings := IstioSettings{
+		EnableAutoMTLS:              commoncol.Settings.EnableAutoMTLS,
+		EnableIstioIntegration:      commoncol.Settings.EnableIstioIntegration,
+		EnableIstioSidecarOnGateway: sidecarEnabled,
+	}
 
 	return extensionsplug.Plugin{
 		ContributesPolicies: map[schema.GroupKind]extensionsplug.PolicyPlugin{
 			VirtualIstioGK: {
 				Name:            "istio",
 				ProcessUpstream: p.processUpstream,
-				GlobalPolicies: func(kctx krt.HandlerContext, attachmentPoints extensionsplug.AttachmentPoints) ir.PolicyIR {
-					settings := krt.FetchOne(kctx, istiotSettings.AsCollection())
-					if settings == nil {
-						return nil
-					}
-					return *settings
+				GlobalPolicies: func(_ krt.HandlerContext, _ extensionsplug.AttachmentPoints) ir.PolicyIR {
+					// return static settings which do not change post plugin creation
+					return istioSettings
 				},
 			},
 		},
-		ExtraHasSynced: istiotSettings.AsCollection().Synced().HasSynced,
 	}
 }
 
-type plugin struct {
-}
+type plugin struct{}
 
-func isDisabledForUpstream(upstream ir.Upstream) bool {
+func isDisabledForUpstream(_ ir.Upstream) bool {
 	// return in.GetDisableIstioAutoMtls().GetValue()
 
 	// TODO: implement this; we can do it by checking annotations?
@@ -104,24 +97,22 @@ func isDisabledForUpstream(upstream ir.Upstream) bool {
 // we don't have a good way of know if we have ssl on the upstream, so check cluster instead
 // this could be a problem if the policy that adds ssl runs after this one.
 // so we need to think about how's best to handle this.
-func doesClusterHaveSslConfigPresent(out *envoy_config_cluster_v3.Cluster) bool {
+func doesClusterHaveSslConfigPresent(_ *envoy_config_cluster_v3.Cluster) bool {
 	// TODO: implement this
 	return false
 }
 
-func (p plugin) processUpstream(ctx context.Context, settings ir.PolicyIR, in ir.Upstream, out *envoy_config_cluster_v3.Cluster) {
+func (p plugin) processUpstream(ctx context.Context, ir ir.PolicyIR, in ir.Upstream, out *envoy_config_cluster_v3.Cluster) {
 	var socketmatches []*envoy_config_cluster_v3.Cluster_TransportSocketMatch
 
-	st, ok := settings.(IstioSettings)
+	st, ok := ir.(IstioSettings)
 	if !ok {
 		return
 	}
-
 	// Istio automtls will only be applied when:
 	// 1) automtls is enabled on the settings
 	// 2) the upstream has not disabled auto mtls
 	// 3) the upstream has no sslConfig
-	//if p.settings.GetGloo().GetIstioOptions().GetEnableAutoMtls().GetValue() && !in.GetDisableIstioAutoMtls().GetValue() && sslConfig == nil {
 	if st.EnableAutoMTLS && !isDisabledForUpstream(in) && !doesClusterHaveSslConfigPresent(out) {
 		// Istio automtls config is not applied if istio integration is disabled on the helm chart.
 		// When istio integration is disabled via istioSds.enabled=false, there is no sds or istio-proxy sidecar present

projects/gateway2/extensions2/plugins/kubernetes/k8s.go

@@ -11,10 +11,10 @@ import (
 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	"github.com/solo-io/gloo/projects/gateway2/extensions2/common"
 	extensionsplug "github.com/solo-io/gloo/projects/gateway2/extensions2/plugin"
+	"github.com/solo-io/gloo/projects/gateway2/extensions2/settings"
 	"github.com/solo-io/gloo/projects/gateway2/ir"
 	"github.com/solo-io/gloo/projects/gateway2/krtcollections"
 	"github.com/solo-io/gloo/projects/gateway2/utils/krtutil"
-	glookubev1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/kube/apis/gloo.solo.io/v1"
 	"istio.io/istio/pkg/kube/kclient"
 	"istio.io/istio/pkg/kube/krt"
 	corev1 "k8s.io/api/core/v1"
@@ -26,16 +26,16 @@ func NewPlugin(ctx context.Context, commoncol *common.CommonCollections) extensi
 	services := krt.WrapClient(serviceClient, commoncol.KrtOpts.ToOptions("Services")...)
 	epSliceClient := kclient.New[*discoveryv1.EndpointSlice](commoncol.Client)
 	endpointSlices := krt.WrapClient(epSliceClient, commoncol.KrtOpts.ToOptions("EndpointSlices")...)
-	return NewPluginFromCollections(ctx, commoncol.KrtOpts, commoncol.Settings, commoncol.Pods, services, endpointSlices)
+	return NewPluginFromCollections(ctx, commoncol.KrtOpts, commoncol.Pods, services, endpointSlices, commoncol.Settings)
 }
 
 func NewPluginFromCollections(
 	ctx context.Context,
 	krtOpts krtutil.KrtOptions,
-	settings krt.Singleton[glookubev1.Settings],
 	pods krt.Collection[krtcollections.LocalityPod],
 	services krt.Collection[*corev1.Service],
 	endpointSlices krt.Collection[*discoveryv1.EndpointSlice],
+	stngs settings.Settings,
 ) extensionsplug.Plugin {
 	gk := schema.GroupKind{
 		Group: corev1.GroupName,
@@ -62,7 +62,7 @@ func NewPluginFromCollections(
 		return uss
 	}, krtOpts.ToOptions("KubernetesServiceUpstreams")...)
 
-	inputs := krtcollections.NewGlooK8sEndpointInputs(settings, krtOpts, endpointSlices, pods, k8sServiceUpstreams)
+	inputs := krtcollections.NewGlooK8sEndpointInputs(stngs, krtOpts, endpointSlices, pods, k8sServiceUpstreams)
 	k8sServiceEndpoints := krtcollections.NewGlooK8sEndpoints(ctx, inputs)
 
 	return extensionsplug.Plugin{

projects/gateway2/extensions2/settings/settings.go

@@ -0,0 +1,21 @@
+package settings
+
+import (
+	"github.com/kelseyhightower/envconfig"
+)
+
+type Settings struct {
+	EnableIstioIntegration bool
+	EnableAutoMTLS         bool
+	StsClusterName         string
+	StsUri                 string
+}
+
+// BuildSettings returns a zero-valued Settings obj if error is encountered when parsing env
+func BuildSettings() (*Settings, error) {
+	settings := &Settings{}
+	if err := envconfig.Process("KGW", settings); err != nil {
+		return settings, err
+	}
+	return settings, nil
+}