Add support for CORS configuration in TrafficPolicy and in HTTPRoute (kgateway-dev#11252)

Signed-off-by: Yossi Mesika <[email protected]>

Author: ymesika

.github/workflows/pr-kubernetes-tests.yaml

@@ -39,7 +39,7 @@ jobs:
         # May 19, 2025: ~18 minutes
         - cluster-name: 'cluster-three'
           go-test-args: '-v -timeout=25m'
-          go-test-run-regex: '^TestKgateway$$/^Deployer$$|^TestKgateway$$/^RouteDelegation$$|^TestKgateway$$/^Lambda$$|^TestKgateway$$/^AccessLog$$|^TestKgateway$$/^LocalRateLimit$$'
+          go-test-run-regex: '^TestKgateway$$/^Deployer$$|^TestKgateway$$/^RouteDelegation$$|^TestKgateway$$/^Lambda$$|^TestKgateway$$/^AccessLog$$|^TestKgateway$$/^LocalRateLimit$$|^TestKgateway$$/^Cors$$'
           localstack: 'true'
         # May 19, 2025: ~20 minutes
         - cluster-name: 'cluster-four'

api/applyconfiguration/api/v1alpha1/corspolicy.go

@@ -68,6 +68,10 @@ type TrafficPolicySpec struct {
 	// This controls the rate at which requests are allowed to be processed.
 	// +optional
 	RateLimit *RateLimit `json:"rateLimit,omitempty"`
+
+	// Cors specifies the CORS configuration for the policy.
+	// +optional
+	Cors *CorsPolicy `json:"cors,omitempty"`
 }
 
 // TransformationPolicy config is used to modify envoy behavior at a route level.
@@ -333,3 +337,8 @@ type RateLimitDescriptorEntryGeneric struct {
 	// +required
 	Value string `json:"value"`
 }
+
+type CorsPolicy struct {
+	// +kubebuilder:pruning:PreserveUnknownFields
+	*gwv1.HTTPCORSFilter `json:",inline"`
+}

api/applyconfiguration/api/v1alpha1/trafficpolicyspec.go

@@ -273,6 +273,66 @@ spec:
                     - CHAT_STREAMING
                     type: string
                 type: object
+              cors:
+                properties:
+                  allowCredentials:
+                    enum:
+                    - true
+                    type: boolean
+                  allowHeaders:
+                    items:
+                      maxLength: 256
+                      minLength: 1
+                      pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+                      type: string
+                    maxItems: 64
+                    type: array
+                    x-kubernetes-list-type: set
+                  allowMethods:
+                    items:
+                      enum:
+                      - GET
+                      - HEAD
+                      - POST
+                      - PUT
+                      - DELETE
+                      - CONNECT
+                      - OPTIONS
+                      - TRACE
+                      - PATCH
+                      - '*'
+                      type: string
+                    maxItems: 9
+                    type: array
+                    x-kubernetes-list-type: set
+                    x-kubernetes-validations:
+                    - message: AllowMethods cannot contain '*' alongside other methods
+                      rule: '!(''*'' in self && self.size() > 1)'
+                  allowOrigins:
+                    items:
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^(([^:/?#]+):)(//([^/?#]*))([^?#]*)(\?([^#]*))?(#(.*))?
+                      type: string
+                    maxItems: 64
+                    type: array
+                    x-kubernetes-list-type: set
+                  exposeHeaders:
+                    items:
+                      maxLength: 256
+                      minLength: 1
+                      pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+                      type: string
+                    maxItems: 64
+                    type: array
+                    x-kubernetes-list-type: set
+                  maxAge:
+                    default: 5
+                    format: int32
+                    minimum: 1
+                    type: integer
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
               extAuth:
                 properties:
                   contextExtensions: