Merge pull request #4277 from zac-nixon/znixon/addons

[Gateway API] Add Addon Support

Author: k8s-ci-robot

.gitignore

@@ -26,3 +26,6 @@ site
 *.bak
 scripts/aws_sdk_model_override/*
 /gomock_reflect*
+config/crd/bases/gateway.k8s.aws_listenerruleconfigurations.yaml
+config/crd/bases/gateway.k8s.aws_loadbalancerconfigurations.yaml
+config/crd/bases/gateway.k8s.aws_targetgroupconfigurations.yaml

apis/gateway/v1beta1/loadbalancerconfig_types.go

@@ -140,6 +140,18 @@ type MutualAuthenticationAttributes struct {
 	TrustStore *string `json:"trustStore,omitempty"`
 }
 
+// ShieldConfiguration configuration parameters used to configure Shield
+type ShieldConfiguration struct {
+	// Enabled whether Shield Advanced should be configured with the Gateway
+	Enabled bool `json:"enabled,omitempty"`
+}
+
+// WAFv2Configuration configuration parameters used to configure WAFv2
+type WAFv2Configuration struct {
+	// ACL The WebACL to configure with the Gateway
+	ACL string `json:"webACL"`
+}
+
 // +kubebuilder:validation:Pattern="^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\\d|65[0-4]\\d{2}|6[0-4]\\d{3}|[1-5]\\d{4}|[1-9]\\d{0,3})?$"
 type ProtocolPort string
 type ListenerConfiguration struct {
@@ -261,6 +273,14 @@ type LoadBalancerConfigurationSpec struct {
 	// MinimumLoadBalancerCapacity define the capacity reservation for LoadBalancers
 	// +optional
 	MinimumLoadBalancerCapacity *MinimumLoadBalancerCapacity `json:"minimumLoadBalancerCapacity,omitempty"`
+
+	// WAFv2 define the AWS WAFv2 settings for a Gateway [Application Load Balancer]
+	// +optional
+	WAFv2 *WAFv2Configuration `json:"wafV2,omitempty"`
+
+	// ShieldAdvanced define the AWS Shield settings for a Gateway [Application Load Balancer]
+	// +optional
+	ShieldAdvanced *ShieldConfiguration `json:"shieldConfiguration,omitempty"`
 }
 
 // TODO -- these can be used to set what generation the gateway is currently on to track progress on reconcile.

apis/gateway/v1beta1/zz_generated.deepcopy.go

@@ -282,6 +282,15 @@ spec:
                 items:
                   type: string
                 type: array
+              shieldConfiguration:
+                description: ShieldAdvanced define the AWS Shield settings for a Gateway
+                  [Application Load Balancer]
+                properties:
+                  enabled:
+                    description: Enabled whether Shield Advanced should be configured
+                      with the Gateway
+                    type: boolean
+                type: object
               sourceRanges:
                 description: sourceRanges an optional list of CIDRs that are allowed
                   to access the LB.
@@ -296,6 +305,16 @@ spec:
               vpcId:
                 description: vpcId is the ID of the VPC for the load balancer.
                 type: string
+              wafV2:
+                description: WAFv2 define the AWS WAFv2 settings for a Gateway [Application
+                  Load Balancer]
+                properties:
+                  webACL:
+                    description: ACL The WebACL to configure with the Gateway
+                    type: string
+                required:
+                - webACL
+                type: object
             type: object
           status:
             description: LoadBalancerConfigurationStatus defines the observed state