Merge pull request #17380 from hakman/automated-cherry-pick-of-#17358-upstream-release-1.32

Automated cherry pick of #17358: Add support for Gateway API within Cilium

Author: k8s-ci-robot

docs/networking/cilium.md

@@ -249,6 +249,32 @@ EOF
 
 Note that you can create an ingress resource for Hubble UI by configuring the `hubble.ui.ingress` stanza. See [Cilium Helm chart documentation](https://artifacthub.io/packages/helm/cilium/cilium/1.11.1) for more information.
 
+## Gateway API Support
+
+{{ kops_feature_table(kops_added_default='1.32') }}
+
+Cilium supports the Kubernetes Gateway API, which provides a more expressive and extensible way to configure ingress traffic. To enable Gateway API support in Cilium, you need to:
+
+1. Enable the cluster-wide Gateway API feature in your cluster spec
+2. Enable Cilium's Gateway API support
+
+Here's how to configure it:
+
+```yaml
+spec:
+  networking:
+    cilium:
+      gatewayAPI:
+        enabled: true
+```
+
+Note that enabling Cilium's Gateway API support requires having the Gateway API custom resources definitions (CRDs) deployed manually or through a custom addon first. The current version of Cilium requires the experimental channel. To install it manually, simply run:
+```bash
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml
+```
+
+For more information about using the Gateway API with Cilium, see the [Cilium Gateway API documentation](https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/).
+
 ## Getting help
 
 For problems with deploying Cilium please post an issue to Github:

k8s/crds/kops.k8s.io_clusters.yaml

@@ -5496,6 +5496,20 @@ spec:
                           The cluster is operated by cilium-etcd-operator.
                           Default: false
                         type: boolean
+                      gatewayAPI:
+                        description: GatewayAPI specifies the configuration for Cilium
+                          Gateway API settings.
+                        properties:
+                          enableSecretsSync:
+                            description: |-
+                              EnableSecretsSync specifies whether synchronization of secrets is enabled.
+                              Default: true
+                            type: boolean
+                          enabled:
+                            description: Enabled specifies whether Cilium Gateway
+                              API is enabled.
+                            type: boolean
+                        type: object
                       hubble:
                         description: Hubble configures the Hubble service on the Cilium
                           agent.

pkg/apis/kops/networking.go

@@ -525,6 +525,9 @@ type CiliumNetworkingSpec struct {
 
 	// Ingress specifies the configuration for Cilium Ingress settings.
 	Ingress *CiliumIngressSpec `json:"ingress,omitempty"`
+
+	// GatewayAPI specifies the configuration for Cilium Gateway API settings.
+	GatewayAPI *CiliumGatewayAPISpec `json:"gatewayAPI,omitempty"`
 }
 
 // CiliumIngressSpec configures Cilium Ingress settings.
@@ -554,6 +557,16 @@ type CiliumIngressSpec struct {
 	SharedLoadBalancerServiceName string `json:"sharedLoadBalancerServiceName,omitempty"`
 }
 
+// CiliumGatewayAPISpec configures Cilium Gateway API settings.
+type CiliumGatewayAPISpec struct {
+	// Enabled specifies whether Cilium Gateway API is enabled.
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// EnableSecretsSync specifies whether synchronization of secrets is enabled.
+	// Default: true
+	EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
+}
+
 // HubbleSpec configures the Hubble service on the Cilium agent.
 type HubbleSpec struct {
 	// Enabled decides if Hubble is enabled on the agent or not

pkg/apis/kops/v1alpha2/networking.go

@@ -642,6 +642,9 @@ type CiliumNetworkingSpec struct {
 
 	// Ingress specifies the configuration for Cilium Ingress settings.
 	Ingress *CiliumIngressSpec `json:"ingress,omitempty"`
+
+	// GatewayAPI specifies the configuration for Cilium Gateway API settings.
+	GatewayAPI *CiliumGatewayAPISpec `json:"gatewayAPI,omitempty"`
 }
 
 // CiliumIngressSpec configures Cilium Ingress settings.
@@ -671,6 +674,16 @@ type CiliumIngressSpec struct {
 	SharedLoadBalancerServiceName string `json:"sharedLoadBalancerServiceName,omitempty"`
 }
 
+// CiliumGatewayAPISpec configures Cilium Gateway API settings.
+type CiliumGatewayAPISpec struct {
+	// Enabled specifies whether Cilium Gateway API is enabled.
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// EnableSecretsSync specifies whether synchronization of secrets is enabled.
+	// Default: true
+	EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
+}
+
 // HubbleSpec configures the Hubble service on the Cilium agent.
 type HubbleSpec struct {
 	// Enabled decides if Hubble is enabled on the agent or not

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -473,6 +473,9 @@ type CiliumNetworkingSpec struct {
 
 	// Ingress specifies the configuration for Cilium Ingress settings.
 	Ingress *CiliumIngressSpec `json:"ingress,omitempty"`
+
+	// GatewayAPI specifies the configuration for Cilium Gateway API settings.
+	GatewayAPI *CiliumGatewayAPISpec `json:"gatewayAPI,omitempty"`
 }
 
 // CiliumIngressSpec configures Cilium Ingress settings.
@@ -502,6 +505,16 @@ type CiliumIngressSpec struct {
 	SharedLoadBalancerServiceName string `json:"sharedLoadBalancerServiceName,omitempty"`
 }
 
+// CiliumGatewayAPISpec configures Cilium Gateway API settings.
+type CiliumGatewayAPISpec struct {
+	// Enabled specifies whether Cilium Gateway API is enabled.
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// EnableSecretsSync specifies whether synchronization of secrets is enabled.
+	// Default: true
+	EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
+}
+
 // HubbleSpec configures the Hubble service on the Cilium agent.
 type HubbleSpec struct {
 	// Enabled decides if Hubble is enabled on the agent or not