Kong · czeslavo · Jan 17, 2025 · Jan 9, 2025 · Jan 16, 2025 · Jan 17, 2025
@@ -31,6 +31,9 @@
   owning service. Currently specifying ingress service of `DataPlane` is
   supported.
   [#966](https://github.com/Kong/gateway-operator/pull/966)
+- Added support for `ControlPlaneRef`s with `type` equal to `konnectID` for
+  all Konnect entities that refer to a `ControlPlane`.
+  [#985](https://github.com/Kong/gateway-operator/pull/985)
 
 ### Changed
 

@@ -0,0 +1,46 @@
+kind: KonnectAPIAuthConfiguration
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: konnect-api-auth-dev
+  namespace: default
+spec:
+  type: token
+  token: kpat_XXXXXX
+  serverURL: us.api.konghq.tech
+---
+kind: KonnectGatewayControlPlane
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: cp-to-be-referred-by-id
+  namespace: default
+spec:
+  name: cp-to-be-referred-by-id
+  konnect:
+    authRef:
+      name: konnect-api-auth-dev
+---
+kind: KongService
+apiVersion: configuration.konghq.com/v1alpha1
+metadata:
+  name: service-1
+  namespace: default
+spec:
+  name: service-1
+  host: example.com
+  controlPlaneRef:
+    type: konnectID
+    # Once `cp-to-be-referred-by-id` is created and has a Konnect ID assigned, replace the value below with it.
+    konnectID: "e43fcae3-1851-44e9-9b55-50e51b97a741"
+---
+kind: KongConsumer
+apiVersion: configuration.konghq.com/v1
+metadata:
+  name: consumer-1
+  namespace: default
+username: consumer-1
+custom_id: 08433C12-2B81-4738-B61D-3AA2136F0212
+spec:
+  controlPlaneRef:
+    type: konnectID
+    # Once `cp-to-be-referred-by-id` is created and has a Konnect ID assigned, replace the value below with it.
+    konnectID: "e43fcae3-1851-44e9-9b55-50e51b97a741"
@@ -5,19 +5,21 @@ import (
 	"time"
 
 	"k8s.io/apimachinery/pkg/types"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
 )
 
 // ReferencedControlPlaneDoesNotExistError is an error type that is returned when
 // a Konnect entity references a KonnectGatewayControlPlane that does not exist.
 type ReferencedControlPlaneDoesNotExistError struct {
-	Reference types.NamespacedName
+	Reference configurationv1alpha1.ControlPlaneRef
 	Err       error
 }
 
 // Error implements the error interface.
 func (e ReferencedControlPlaneDoesNotExistError) Error() string {
-	return fmt.Sprintf("referenced Control Plane %s does not exist: %v",
-		e.Reference, e.Err,
+	return fmt.Sprintf("referenced Control Plane %q does not exist: %v",
+		e.Reference.String(), e.Err,
 	)
 }
 
@@ -136,3 +138,13 @@ func (e ReferencedKongKeySetIsBeingDeleted) Error() string {
 	return fmt.Sprintf("referenced KongKeySet %s is being deleted (deletion timestamp: %s)",
 		e.Reference, e.DeletionTimestamp)
 }
+
+// ReferencedKongGatewayControlPlaneIsUnsupported is an error type that is returned when a given CP reference type is not
+// supported.
+type ReferencedKongGatewayControlPlaneIsUnsupported struct {
+	Reference configurationv1alpha1.ControlPlaneRef
+}
+
+func (e ReferencedKongGatewayControlPlaneIsUnsupported) Error() string {
+	return fmt.Sprintf("referenced ControlPlaneRef %s is unsupported", e.Reference.String())
+}
@@ -1,6 +1,8 @@
 package konnect
 
 import (
+	"context"
+
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/kong/gateway-operator/controller/konnect/constraints"
@@ -13,24 +15,33 @@ type ReconciliationIndexOption struct {
 	ExtractValue client.IndexerFunc
 }
 
-// controlPlaneKonnectNamespacedRefAsSlice returns a slice of strings representing
-// the KonnectNamespacedRef of the object.
-func controlPlaneKonnectNamespacedRefAsSlice[
+// indexKonnectGatewayControlPlaneRef returns a function that extracts the KonnectGatewayControlPlane reference from the
+// object and returns it as a slice of strings for indexing.
+func indexKonnectGatewayControlPlaneRef[
+	T constraints.SupportedKonnectEntityType,
+	TEnt constraints.EntityType[T],
+](cl client.Client) client.IndexerFunc {
+	return func(obj client.Object) []string {
+		o, ok := obj.(TEnt)
+		if !ok {
+			return nil
+		}
+		return controlPlaneRefAsSlice(o, cl)
+	}
+}
+
+// controlPlaneRefAsSlice returns a slice of strings representing the KonnectNamespacedRef of the object.
+func controlPlaneRefAsSlice[
 	T constraints.SupportedKonnectEntityType,
 	TEnt constraints.EntityType[T],
-](ent TEnt) []string {
-	cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(ent)
+](ent TEnt, cl client.Client) []string {
+	cpRef, ok := getControlPlaneRef(ent).Get()
 	if !ok {
 		return nil
 	}
-
-	konnectRef := cpRef.KonnectNamespacedRef
-	// NOTE: cross namespace refs are not supported yet.
-	// TODO: https://github.com/Kong/kubernetes-configuration/issues/36
-	// Specifying the same namespace is optional and is supported.
-	if konnectRef.Namespace != "" && konnectRef.Namespace != ent.GetNamespace() {
+	cp, err := getCPForRef(context.Background(), cl, cpRef, ent.GetNamespace())
+	if err != nil {
 		return nil
 	}
-
-	return []string{ent.GetNamespace() + "/" + konnectRef.Name}
+	return []string{client.ObjectKeyFromObject(cp).String()}
 }
@@ -12,21 +12,12 @@ const (
 )
 
 // IndexOptionsForKongCACertificate returns required Index options for KongCACertificate reconclier.
-func IndexOptionsForKongCACertificate() []ReconciliationIndexOption {
+func IndexOptionsForKongCACertificate(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongCACertificate{},
 			IndexField:   IndexFieldKongCACertificateOnKonnectGatewayControlPlane,
-			ExtractValue: konnectGatewayControlPlaneRefFromKongCACertificate,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongCACertificate](cl),
 		},
 	}
 }
-
-// konnectGatewayControlPlaneRefFromKongCACertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCACertificate spec.
-func konnectGatewayControlPlaneRefFromKongCACertificate(obj client.Object) []string {
-	cert, ok := obj.(*configurationv1alpha1.KongCACertificate)
-	if !ok {
-		return nil
-	}
-	return controlPlaneKonnectNamespacedRefAsSlice(cert)
-}
@@ -12,21 +12,12 @@ const (
 )
 
 // IndexOptionsForKongCertificate returns required Index options for KongCertificate reconclier.
-func IndexOptionsForKongCertificate() []ReconciliationIndexOption {
+func IndexOptionsForKongCertificate(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongCertificate{},
 			IndexField:   IndexFieldKongCertificateOnKonnectGatewayControlPlane,
-			ExtractValue: konnectGatewayControlPlaneRefFromKongCertificate,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongCertificate](cl),
 		},
 	}
 }
-
-// konnectGatewayControlPlaneRefFromKongCertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCertificate spec.
-func konnectGatewayControlPlaneRefFromKongCertificate(obj client.Object) []string {
-	cert, ok := obj.(*configurationv1alpha1.KongCertificate)
-	if !ok {
-		return nil
-	}
-	return controlPlaneKonnectNamespacedRefAsSlice(cert)
-}
@@ -17,7 +17,7 @@ const (
 )
 
 // IndexOptionsForKongConsumer returns required Index options for KongConsumer reconciler.
-func IndexOptionsForKongConsumer() []ReconciliationIndexOption {
+func IndexOptionsForKongConsumer(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1.KongConsumer{},
@@ -32,7 +32,7 @@ func IndexOptionsForKongConsumer() []ReconciliationIndexOption {
 		{
 			IndexObject:  &configurationv1.KongConsumer{},
 			IndexField:   IndexFieldKongConsumerOnKonnectGatewayControlPlane,
-			ExtractValue: kongConsumerReferencesKonnectGatewayControlPlane,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1.KongConsumer](cl),
 		},
 	}
 }
@@ -52,12 +52,3 @@ func kongConsumerReferencesKongPluginsViaAnnotation(object client.Object) []stri
 	}
 	return metadata.ExtractPluginsWithNamespaces(consumer)
 }
-
-func kongConsumerReferencesKonnectGatewayControlPlane(object client.Object) []string {
-	consumer, ok := object.(*configurationv1.KongConsumer)
-	if !ok {
-		return nil
-	}
-
-	return controlPlaneKonnectNamespacedRefAsSlice(consumer)
-}
@@ -15,7 +15,7 @@ const (
 )
 
 // IndexOptionsForKongConsumerGroup returns required Index options for KongConsumerGroup reconciler.
-func IndexOptionsForKongConsumerGroup() []ReconciliationIndexOption {
+func IndexOptionsForKongConsumerGroup(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1beta1.KongConsumerGroup{},
@@ -25,7 +25,7 @@ func IndexOptionsForKongConsumerGroup() []ReconciliationIndexOption {
 		{
 			IndexObject:  &configurationv1beta1.KongConsumerGroup{},
 			IndexField:   IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane,
-			ExtractValue: kongConsumerGroupReferencesKonnectGatewayControlPlane,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1beta1.KongConsumerGroup](cl),
 		},
 	}
 }
@@ -37,12 +37,3 @@ func kongConsumerGroupReferencesKongPluginsViaAnnotation(object client.Object) [
 	}
 	return metadata.ExtractPluginsWithNamespaces(consumerGroup)
 }
-
-func kongConsumerGroupReferencesKonnectGatewayControlPlane(object client.Object) []string {
-	group, ok := object.(*configurationv1beta1.KongConsumerGroup)
-	if !ok {
-		return nil
-	}
-
-	return controlPlaneKonnectNamespacedRefAsSlice(group)
-}
@@ -12,21 +12,12 @@ const (
 )
 
 // IndexOptionsForKongDataPlaneCertificate returns required Index options for KongConsumer reconciler.
-func IndexOptionsForKongDataPlaneCertificate() []ReconciliationIndexOption {
+func IndexOptionsForKongDataPlaneCertificate(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongDataPlaneClientCertificate{},
 			IndexField:   IndexFieldKongDataPlaneClientCertificateOnKonnectGatewayControlPlane,
-			ExtractValue: kongDataPlaneCertificateReferencesKonnectGatewayControlPlane,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongDataPlaneClientCertificate](cl),
 		},
 	}
 }
-
-func kongDataPlaneCertificateReferencesKonnectGatewayControlPlane(object client.Object) []string {
-	dpCert, ok := object.(*configurationv1alpha1.KongDataPlaneClientCertificate)
-	if !ok {
-		return nil
-	}
-
-	return controlPlaneKonnectNamespacedRefAsSlice(dpCert)
-}
@@ -15,7 +15,7 @@ const (
 )
 
 // IndexOptionsForKongKey returns required Index options for KongKey reconclier.
-func IndexOptionsForKongKey() []ReconciliationIndexOption {
+func IndexOptionsForKongKey(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongKey{},
@@ -25,7 +25,7 @@ func IndexOptionsForKongKey() []ReconciliationIndexOption {
 		{
 			IndexObject:  &configurationv1alpha1.KongKey{},
 			IndexField:   IndexFieldKongKeyOnKonnectGatewayControlPlane,
-			ExtractValue: konnectGatewayControlPlaneRefFromKongKey,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongKey](cl),
 		},
 	}
 }
@@ -45,12 +45,3 @@ func kongKeySetRefFromKongKey(obj client.Object) []string {
 
 	return []string{key.GetNamespace() + "/" + key.Spec.KeySetRef.NamespacedRef.Name}
 }
-
-// konnectGatewayControlPlaneRefFromKongKey returns namespace/name of referenced KonnectGatewayControlPlane in KongKey spec.
-func konnectGatewayControlPlaneRefFromKongKey(obj client.Object) []string {
-	key, ok := obj.(*configurationv1alpha1.KongKey)
-	if !ok {
-		return nil
-	}
-	return controlPlaneKonnectNamespacedRefAsSlice(key)
-}
@@ -12,21 +12,12 @@ const (
 )
 
 // IndexOptionsForKongKeySet returns required Index options for KongKeySet reconclier.
-func IndexOptionsForKongKeySet() []ReconciliationIndexOption {
+func IndexOptionsForKongKeySet(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongKeySet{},
 			IndexField:   IndexFieldKongKeySetOnKonnectGatewayControlPlane,
-			ExtractValue: konnectGatewayControlPlaneRefFromKongKeySet,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongKeySet](cl),
 		},
 	}
 }
-
-// konnectGatewayControlPlaneRefFromKongKeySet returns namespace/name of referenced KonnectGatewayControlPlane in KongKeySet spec.
-func konnectGatewayControlPlaneRefFromKongKeySet(obj client.Object) []string {
-	keySet, ok := obj.(*configurationv1alpha1.KongKeySet)
-	if !ok {
-		return nil
-	}
-	return controlPlaneKonnectNamespacedRefAsSlice(keySet)
-}
@@ -15,7 +15,7 @@ const (
 )
 
 // IndexOptionsForKongService returns required Index options for KongService reconciler.
-func IndexOptionsForKongService() []ReconciliationIndexOption {
+func IndexOptionsForKongService(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongService{},
@@ -25,7 +25,7 @@ func IndexOptionsForKongService() []ReconciliationIndexOption {
 		{
 			IndexObject:  &configurationv1alpha1.KongService{},
 			IndexField:   IndexFieldKongServiceOnKonnectGatewayControlPlane,
-			ExtractValue: kongServiceReferencesKonnectGatewayControlPlane,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongService](cl),
 		},
 	}
 }
@@ -38,12 +38,3 @@ func kongServiceUsesPlugins(object client.Object) []string {
 
 	return metadata.ExtractPluginsWithNamespaces(svc)
 }
-
-func kongServiceReferencesKonnectGatewayControlPlane(object client.Object) []string {
-	svc, ok := object.(*configurationv1alpha1.KongService)
-	if !ok {
-		return nil
-	}
-
-	return controlPlaneKonnectNamespacedRefAsSlice(svc)
-}
@@ -12,21 +12,12 @@ const (
 )
 
 // IndexOptionsForKongUpstream returns required Index options for KongUpstream reconciler.
-func IndexOptionsForKongUpstream() []ReconciliationIndexOption {
+func IndexOptionsForKongUpstream(cl client.Client) []ReconciliationIndexOption {
 	return []ReconciliationIndexOption{
 		{
 			IndexObject:  &configurationv1alpha1.KongUpstream{},
 			IndexField:   IndexFieldKongUpstreamOnKonnectGatewayControlPlane,
-			ExtractValue: kongUpstreamReferencesKonnectGatewayControlPlane,
+			ExtractValue: indexKonnectGatewayControlPlaneRef[configurationv1alpha1.KongUpstream](cl),
 		},
 	}
 }
-
-func kongUpstreamReferencesKonnectGatewayControlPlane(object client.Object) []string {
-	upstream, ok := object.(*configurationv1alpha1.KongUpstream)
-	if !ok {
-		return nil
-	}
-
-	return controlPlaneKonnectNamespacedRefAsSlice(upstream)
-}