feat: introduce GatewayConfig CRD for gateway-scoped configuration

[sqaisar]

Description

Introduce GatewayConfig CRD for gateway-scoped configuration of the external processor. Adds controller lifecycle handling (including finalizer management), deprecates AIGatewayRoute-level resource configuration in favor of GatewayConfig, and updates docs with migration guidance and new options.

Example

apiVersion: aigateway.envoyproxy.io/v1alpha1
kind: GatewayConfig
metadata:
  name: my-gateway-config
  namespace: default
spec:
  extProc:
   kubernetes:
      env:
        - name: OTEL_EXPORTER_OTLP_ENDPOINT
          value: "http://otel-collector:4317"
      resources:
        requests:
          cpu: "100m"
          memory: "128Mi"
        limits:
          cpu: "500m"
          memory: "512Mi"
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: my-gateway
  namespace: default
  annotations:
    aigateway.envoyproxy.io/gateway-config: my-gateway-config
spec:
  gatewayClassName: envoy-gateway
  listeners:
    - name: http
      protocol: HTTP
      port: 8080

Related Issues/PRs (if applicable)

Fixes [1]

Special notes for reviewers (if applicable)

Docs, controller, and CRD changes included; route-level resources are deprecated—see migration guidance in docs.

1: #1552

[mathetake]

Thank you for taking a shot at this!

[nacx]

Just reviewed the API for now and left one comment.

Apart from that, this GatewayConfig object is only relevant for Kubernets, but not in standalone modes (at least for now). Would it make sense to convey that in the API? For example, the Envoy Gateaay infrastructure resources have the "provider" concept and settings are under a kubernetes config know.

Something like:

apiVersion: aigateway.envoyproxy.io/v1alpha1
kind: GatewayConfig
metadata:
  name: comprehensive-config
  namespace: default
spec:
  kubernetes:  
    extProc:
      env:
        (...)

or

apiVersion: aigateway.envoyproxy.io/v1alpha1
kind: GatewayConfig
metadata:
  name: comprehensive-config
  namespace: default
spec:
  extProc:  
    kubernetes:
      env:
        (...)

WDYT?

[sqaisar]

Thank you for taking a shot at this!

Thankyou for quickly reviewing the changes. I've resolved all of them. Please take a look.

[mathetake]

looking good so far!

[sqaisar]

@mathetake I've updated the type to GatewayConfig.extProc.kubernetes
for now all changes looks concluded. Please review.

[mathetake]

Looks good to me modulo a few comments. Thank you so much for working on this! I will defer to @nacx for the rest as i will not be available to review at least for the next 48 hours

[sqaisar]

Added more tests to make up for coverage.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 58.36910% with 97 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.98%. Comparing base (2c3b46f) to head (4901e49).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ers/externalversions/api/v1alpha1/gatewayconfig.go	0.00%	27 Missing ⚠️
internal/controller/gateway_mutator.go	74.00%	18 Missing and 8 partials ⚠️
...oned/typed/api/v1alpha1/fake/fake_gatewayconfig.go	0.00%	16 Missing ⚠️
...tset/versioned/typed/api/v1alpha1/gatewayconfig.go	0.00%	9 Missing ⚠️
internal/controller/gateway_config.go	89.39%	5 Missing and 2 partials ⚠️
...lpha1/client/listers/api/v1alpha1/gatewayconfig.go	0.00%	4 Missing ⚠️
...ientset/versioned/typed/api/v1alpha1/api_client.go	0.00%	2 Missing ⚠️
...rsioned/typed/api/v1alpha1/fake/fake_api_client.go	0.00%	2 Missing ⚠️
...formers/externalversions/api/v1alpha1/interface.go	0.00%	2 Missing ⚠️
...lpha1/client/informers/externalversions/generic.go	0.00%	2 Missing ⚠️

❌ Your patch status has failed because the patch coverage (58.36%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1623      +/-   ##
==========================================
- Coverage   83.46%   82.98%   -0.48%     
==========================================
  Files         138      143       +5     
  Lines       12540    12758     +218     
==========================================
+ Hits        10466    10587     +121     
- Misses       1440     1527      +87     
- Partials      634      644      +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mathetake]

LGTM! I will wait for other maintainers to take a look until tomorrow otherwise good to go!

cc @envoyproxy/ai-gateway-maintainers

[sqaisar]

LGTM! I will wait for other maintainers to take a look until tomorrow otherwise good to go!

cc @envoyproxy/ai-gateway-maintainers

Thankyou.

[Xunzhuo]

why not just use EnvoyProxy CR?

[nacx]

why not just use EnvoyProxy CR

Mostly because the configuration of the extproc container is generated on the fly by EAIGW, and its config can't be preconfigured in the EP resource.

[nacx]

Thanks @sqaisar! This looks great.
I've left a few comments mostly related to testing and I think this will be good to go once done!

[sqaisar]

Thanks @sqaisar! This looks great. I've left a few comments mostly related to testing and I think this will be good to go once done!

I've resolved them. Looks better i think.

[nacx]

This is not what I meant. The thing we're missing in the tests is the behaviour when the referenced config does not exist (and will never exist). For example, users make a typo in the annotation value. What is the expected behaviour then? This is what I think this test needs to validate.

[nacx]

Instead of relying on the test name, which makes it harder to evolve these tests, just add a property to the test case: gatewayConfig *aigv1a1.GatewayConfig, and if it is set, then create it with the fake client. You can extract this GW config into a package variable to make it easier to reference in the test if most of its information is static.

[nacx]

Instead of doing this, delete this custom file and point directly to the file in the examples directory. This is what I meant in my previous comment. You already spotted an issue where the example was missing the kubernetes keyword, and we want to keep examples always working. Let's do that by using those in the e2e tests, as we do with other examples.

[mathetake]

@sqaisar would you mind addressing comments by @nacx? this is almost there to the finish line and we would love to see this land before the next v0.5 release!