Kuadrant · didierofrivia · Apr 7, 2025 · Mar 26, 2025 · Mar 26, 2025
@@ -223,8 +223,9 @@
 
 	// check the status of the gateways' configuration resources
 	for _, g := range affectedGateways {
-		switch g.gatewayClass.Spec.ControllerName {
-		case istioGatewayControllerName:
+		controllerName := g.gatewayClass.Spec.ControllerName
+		switch defaultGatewayControllerName(controllerName) {
+		case defaultIstioGatewayControllerName:
 			// EnvoyFilter
 			istioAuthClustersModifiedGateways, _ := state.Load(StateIstioAuthClustersModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioAuthClustersModifiedGateways, topology, func(_ machinery.Object) bool {
@@ -237,17 +238,17 @@
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there
 			})...)
-		case envoyGatewayGatewayControllerName:
+		case defaultEnvoyGatewayGatewayControllerName:
 			gatewayAncestor := gatewayapiv1.ParentReference{Name: gatewayapiv1.ObjectName(g.gateway.GetName()), Namespace: ptr.To(gatewayapiv1.Namespace(g.gateway.GetNamespace()))}
 			// EnvoyPatchPolicy
 			envoyGatewayAuthClustersModifiedGateways, _ := state.Load(StateEnvoyGatewayAuthClustersModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantenvoygateway.EnvoyPatchPolicyGroupKind, envoyGatewayAuthClustersModifiedGateways, topology, func(obj machinery.Object) bool {
-				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyPatchPolicy).Status, envoyGatewayGatewayControllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(envoygatewayv1alpha1.PolicyConditionProgrammed))
+				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyPatchPolicy).Status, controllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(envoygatewayv1alpha1.PolicyConditionProgrammed))
 			})...)
 			// EnvoyExtensionPolicy
 			envoyGatewayExtensionsModifiedGateways, _ := state.Load(StateEnvoyGatewayExtensionsModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantenvoygateway.EnvoyExtensionPolicyGroupKind, envoyGatewayExtensionsModifiedGateways, topology, func(obj machinery.Object) bool {
-				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyExtensionPolicy).Status, envoyGatewayGatewayControllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(gatewayapiv1alpha2.PolicyConditionAccepted))
+				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyExtensionPolicy).Status, controllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(gatewayapiv1alpha2.PolicyConditionAccepted))
 			})...)
 		default:
 			componentsToSync = append(componentsToSync, fmt.Sprintf("%s (%s/%s)", machinery.GatewayGroupKind.Kind, g.gateway.GetNamespace(), g.gateway.GetName()))

@@ -2,6 +2,9 @@ package controllers
 
 import (
 	"fmt"
+	"strings"
+
+	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	"github.com/kuadrant/policy-machinery/controller"
 	"github.com/kuadrant/policy-machinery/machinery"
@@ -18,9 +21,8 @@ import (
 )
 
 const (
-	// make these configurable?
-	istioGatewayControllerName        = "istio.io/gateway-controller"
-	envoyGatewayGatewayControllerName = "gateway.envoyproxy.io/gatewayclass-controller"
+	defaultIstioGatewayControllerName        = "istio.io/gateway-controller"
+	defaultEnvoyGatewayGatewayControllerName = "gateway.envoyproxy.io/gatewayclass-controller"
 )
 
 var (
@@ -49,6 +51,9 @@ var (
 		{Kind: &kuadrantenvoygateway.EnvoyPatchPolicyGroupKind},
 		{Kind: &kuadrantenvoygateway.EnvoyExtensionPolicyGroupKind},
 	}
+
+	istioGatewayControllerNames        = getGatewayControllerNames("ISTIO_GATEWAY_CONTROLLER_NAMES", defaultIstioGatewayControllerName)
+	envoyGatewayGatewayControllerNames = getGatewayControllerNames("ENVOY_GATEWAY_GATEWAY_CONTROLLER_NAMES", defaultEnvoyGatewayGatewayControllerName)
 )
 
 //+kubebuilder:rbac:groups=kuadrant.io,resources=authpolicies,verbs=get;list;watch;update;patch
@@ -119,3 +124,24 @@ func gatewayComponentsToSync(gateway *machinery.Gateway, componentGroupKind sche
 	}
 	return nil
 }
+
+func getGatewayControllerNames(envName string, defaultGatewayControllerName string) []gatewayapiv1.GatewayController {
+	envValue := env.GetString(envName, defaultGatewayControllerName)
+	gatewayControllers := lo.Map(strings.Split(envValue, ","), func(c string, _ int) gatewayapiv1.GatewayController {
+		return gatewayapiv1.GatewayController(strings.TrimSpace(c))
+	})
+
+	if envValue == defaultGatewayControllerName {
+		return gatewayControllers
+	}
+	return append(gatewayControllers, gatewayapiv1.GatewayController(defaultGatewayControllerName))
+}
+
+func defaultGatewayControllerName(controllerName gatewayapiv1.GatewayController) gatewayapiv1.GatewayController {
+	if lo.Contains(istioGatewayControllerNames, controllerName) {
+		return defaultIstioGatewayControllerName
+	} else if lo.Contains(envoyGatewayGatewayControllerNames, controllerName) {
+		return defaultEnvoyGatewayGatewayControllerName
+	}
+	return "Unknown"
+}
@@ -0,0 +1,32 @@
+package controllers
+
+import (
+	"testing"
+
+	"gotest.tools/assert"
+	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+)
+
+func TestGetGatewayControllerNames(t *testing.T) {
+	t.Setenv("ISTIO_GATEWAY_CONTROLLER_NAMES", "istio-alpha1 , istio-alpha2  ")
+
+	istioGwCtrlNames := getGatewayControllerNames("ISTIO_GATEWAY_CONTROLLER_NAMES", "default-istio")
+	envoyGwGwCtrlNames := getGatewayControllerNames("ENVOY_GATEWAY_GATEWAY_CONTROLLER_NAMES", "default-envoy")
+
+	assert.Equal(t, len(istioGwCtrlNames), 3)
+	assert.Equal(t, istioGwCtrlNames[0], gatewayapiv1.GatewayController("istio-alpha1"))
+	assert.Equal(t, istioGwCtrlNames[1], gatewayapiv1.GatewayController("istio-alpha2"))
+	assert.Equal(t, istioGwCtrlNames[2], gatewayapiv1.GatewayController("default-istio"))
+
+	assert.Equal(t, len(envoyGwGwCtrlNames), 1)
+	assert.Equal(t, envoyGwGwCtrlNames[0], gatewayapiv1.GatewayController("default-envoy"))
+}
+
+func TestDefaultGatewayControllerNames(t *testing.T) {
+	istioGatewayControllerNames = []gatewayapiv1.GatewayController{"istio-alpha1"}
+	envoyGatewayGatewayControllerNames = []gatewayapiv1.GatewayController{"envoy-alpha1"}
+
+	assert.Equal(t, defaultGatewayControllerName("istio-alpha1"), gatewayapiv1.GatewayController("istio.io/gateway-controller"))
+	assert.Equal(t, defaultGatewayControllerName("envoy-alpha1"), gatewayapiv1.GatewayController("gateway.envoyproxy.io/gatewayclass-controller"))
+	assert.Equal(t, defaultGatewayControllerName("envoy-alpha2"), gatewayapiv1.GatewayController("Unknown"))
+}
@@ -74,7 +74,7 @@
 
 	gateways := lo.UniqBy(lo.FilterMap(lo.Values(effectivePolicies.(EffectiveAuthPolicies)), func(effectivePolicy EffectiveAuthPolicy, _ int) (*machinery.Gateway, bool) {
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(effectivePolicy.Path)
-		return gateway, gatewayClass.Spec.ControllerName == envoyGatewayGatewayControllerName
+		return gateway, lo.Contains(envoyGatewayGatewayControllerNames, gatewayClass.Spec.ControllerName)
 	}), func(gateway *machinery.Gateway) string {
 		return gateway.GetLocator()
 	})

@@ -174,7 +174,7 @@ func (r *EnvoyGatewayExtensionReconciler) buildWasmConfigs(ctx context.Context,
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(path)
 
 		// ignore if not an envoy gateway gateway
-		if gatewayClass.Spec.ControllerName != envoyGatewayGatewayControllerName {
+		if !lo.Contains(envoyGatewayGatewayControllerNames, gatewayClass.Spec.ControllerName) {
 			continue
 		}
 

@@ -74,7 +74,7 @@ func (r *EnvoyGatewayRateLimitClusterReconciler) Reconcile(ctx context.Context,
 
 	gateways := lo.UniqBy(lo.FilterMap(lo.Values(effectivePolicies.(EffectiveRateLimitPolicies)), func(effectivePolicy EffectiveRateLimitPolicy, _ int) (*machinery.Gateway, bool) {
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(effectivePolicy.Path)
-		return gateway, gatewayClass.Spec.ControllerName == envoyGatewayGatewayControllerName
+		return gateway, lo.Contains(envoyGatewayGatewayControllerNames, gatewayClass.Spec.ControllerName)
 	}), func(gateway *machinery.Gateway) string {
 		return gateway.GetLocator()
 	})

@@ -74,7 +74,7 @@ func (r *IstioAuthClusterReconciler) Reconcile(ctx context.Context, _ []controll
 
 	gateways := lo.UniqBy(lo.FilterMap(lo.Values(effectivePolicies.(EffectiveAuthPolicies)), func(effectivePolicy EffectiveAuthPolicy, _ int) (*machinery.Gateway, bool) {
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(effectivePolicy.Path)
-		return gateway, gatewayClass.Spec.ControllerName == istioGatewayControllerName
+		return gateway, lo.Contains(istioGatewayControllerNames, gatewayClass.Spec.ControllerName)
 	}), func(gateway *machinery.Gateway) string {
 		return gateway.GetLocator()
 	})

@@ -179,7 +179,7 @@ func (r *IstioExtensionReconciler) buildWasmConfigs(ctx context.Context, state *
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(path)
 
 		// ignore if not an istio gateway
-		if gatewayClass.Spec.ControllerName != istioGatewayControllerName {
+		if !lo.Contains(istioGatewayControllerNames, gatewayClass.Spec.ControllerName) {
 			continue
 		}
 

@@ -74,7 +74,7 @@ func (r *IstioRateLimitClusterReconciler) Reconcile(ctx context.Context, _ []con
 
 	gateways := lo.UniqBy(lo.FilterMap(lo.Values(effectivePolicies.(EffectiveRateLimitPolicies)), func(effectivePolicy EffectiveRateLimitPolicy, _ int) (*machinery.Gateway, bool) {
 		gatewayClass, gateway, _, _, _, _ := kuadrantpolicymachinery.ObjectsInRequestPath(effectivePolicy.Path)
-		return gateway, gatewayClass.Spec.ControllerName == istioGatewayControllerName
+		return gateway, lo.Contains(istioGatewayControllerNames, gatewayClass.Spec.ControllerName)
 	}), func(gateway *machinery.Gateway) string {
 		return gateway.GetLocator()
 	})

@@ -402,15 +402,15 @@ func (r *ObservabilityReconciler) Reconcile(baseCtx context.Context, _ []control
 	for _, gatewayClass := range gatewayClasses {
 		gateways := topology.All().Children(gatewayClass)
 		gwClass := gatewayClass.(*machinery.GatewayClass)
-		if gwClass.GatewayClass.Spec.ControllerName == istioGatewayControllerName {
+		if lo.Contains(istioGatewayControllerNames, gwClass.GatewayClass.Spec.ControllerName) {
 			istiodMonitor := istiodMonitorBuild(istiodMonitorNS)
 			r.createServiceMonitor(ctx, istiodMonitor, logger)
 
 			for _, gateway := range gateways {
 				istioPodMonitor := istioPodMonitorBuild(gateway.GetNamespace())
 				r.createPodMonitor(ctx, istioPodMonitor, logger)
 			}
-		} else if gwClass.GatewayClass.Spec.ControllerName == envoyGatewayGatewayControllerName {
+		} else if lo.Contains(envoyGatewayGatewayControllerNames, gwClass.GatewayClass.Spec.ControllerName) {
 			envoyGatewayMonitor := envoyGatewayMonitorBuild(envoyGatewayMonitorNS)
 			r.createServiceMonitor(ctx, envoyGatewayMonitor, logger)
 

@@ -193,8 +193,9 @@ func (r *RateLimitPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.Rate
 
 	// check the status of the gateways' configuration resources
 	for _, g := range affectedGateways {
-		switch g.gatewayClass.Spec.ControllerName {
-		case istioGatewayControllerName:
+		controllerName := g.gatewayClass.Spec.ControllerName
+		switch defaultGatewayControllerName(controllerName) {
+		case defaultIstioGatewayControllerName:
 			// EnvoyFilter
 			istioRateLimitClustersModifiedGateways, _ := state.Load(StateIstioRateLimitClustersModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantistio.EnvoyFilterGroupKind, istioRateLimitClustersModifiedGateways, topology, func(_ machinery.Object) bool {
@@ -207,17 +208,17 @@ func (r *RateLimitPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1.Rate
 				// return meta.IsStatusConditionTrue(lo.Map(obj.(*controller.RuntimeObject).Object.(*istioclientgoextensionv1alpha1.WasmPlugin).Status.Conditions, kuadrantistio.ConditionToProperConditionFunc), "Ready")
 				return true // Istio won't ever populate the status stanza of WasmPlugin resources, so we cannot expect to find a given a condition there
 			})...)
-		case envoyGatewayGatewayControllerName:
+		case defaultEnvoyGatewayGatewayControllerName:
 			gatewayAncestor := gatewayapiv1.ParentReference{Name: gatewayapiv1.ObjectName(g.gateway.GetName()), Namespace: ptr.To(gatewayapiv1.Namespace(g.gateway.GetNamespace()))}
 			// EnvoyPatchPolicy
 			envoyGatewayRateLimitClustersModifiedGateways, _ := state.Load(StateEnvoyGatewayRateLimitClustersModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantenvoygateway.EnvoyPatchPolicyGroupKind, envoyGatewayRateLimitClustersModifiedGateways, topology, func(obj machinery.Object) bool {
-				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyPatchPolicy).Status, envoyGatewayGatewayControllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(envoygatewayv1alpha1.PolicyConditionProgrammed))
+				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyPatchPolicy).Status, controllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(envoygatewayv1alpha1.PolicyConditionProgrammed))
 			})...)
 			// EnvoyExtensionPolicy
 			envoyGatewayExtensionsModifiedGateways, _ := state.Load(StateEnvoyGatewayExtensionsModified)
 			componentsToSync = append(componentsToSync, gatewayComponentsToSync(g.gateway, kuadrantenvoygateway.EnvoyExtensionPolicyGroupKind, envoyGatewayExtensionsModifiedGateways, topology, func(obj machinery.Object) bool {
-				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyExtensionPolicy).Status, envoyGatewayGatewayControllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(gatewayapiv1alpha2.PolicyConditionAccepted))
+				return meta.IsStatusConditionTrue(kuadrantgatewayapi.PolicyStatusConditionsFromAncestor(obj.(*controller.RuntimeObject).Object.(*envoygatewayv1alpha1.EnvoyExtensionPolicy).Status, controllerName, gatewayAncestor, gatewayapiv1.Namespace(obj.GetNamespace())), string(gatewayapiv1alpha2.PolicyConditionAccepted))
 			})...)
 		default:
 			componentsToSync = append(componentsToSync, fmt.Sprintf("%s (%s/%s)", machinery.GatewayGroupKind.Kind, g.gateway.GetNamespace(), g.gateway.GetName()))