feat(dataplane): allow setting DataPlane's NodePort port number

Author: pmalek

CHANGELOG.md

@@ -55,6 +55,8 @@
   [#1409](https://github.com/Kong/gateway-operator/pull/1409)
 - Support `NodePort` as ingress service type for `DataPlane`
   [#1430](https://github.com/Kong/gateway-operator/pull/1430)
+- Allow setting `NodePort` port number for ingress service for `DataPlane`.
+  [#1516](https://github.com/Kong/gateway-operator/pull/1516)
 - Bump default `DataPlane` image to 3.10
   Default image changes from `kong` to `kong/kong-gateway`.
   [#1405](https://github.com/Kong/gateway-operator/pull/1405)

config/crd/kustomization.yaml

@@ -2,4 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - https://github.com/kong/kubernetes-configuration/config/crd/gateway-operator?ref=1c6842bc66da6bb32b30be6e1464bfcf04e9e46c # Version is auto-updated by the generating script.
+  - https://github.com/kong/kubernetes-configuration/config/crd/gateway-operator?ref=ae2932af9c0df395ce023e4c7e901a5caf8ab36e # Version is auto-updated by the generating script.

config/samples/dataplane-with-nodeport.yaml

@@ -0,0 +1,42 @@
+apiVersion: gateway-operator.konghq.com/v1beta1
+kind: DataPlane
+metadata:
+  name: dataplane-node-port
+spec:
+  deployment:
+    podTemplateSpec:
+      spec:
+        containers:
+        - name: proxy
+          # renovate: datasource=docker versioning=docker
+          image: kong/kong-gateway:3.10
+          env:
+          - name: KONG_LOG_LEVEL
+            value: debug
+          - name: KONG_PROXY_LISTEN
+            value: 0.0.0.0:9000 reuseport backlog=16384
+          - name: KONG_PORT_MAPS
+            value: 8080:9000
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "250m"
+            limits:
+              memory: "1024Mi"
+              cpu: "1000m"
+          readinessProbe:
+            initialDelaySeconds: 1
+            periodSeconds: 1
+  network:
+    services:
+      ingress:
+        annotations:
+          foo: bar
+        ports:
+          - name: http
+            port: 8080
+            targetPort: 9000
+          - name: http
+            port: 8083
+            targetPort: 9000
+            nodePort: 30083

controller/dataplane/owned_resources.go

@@ -364,11 +364,7 @@ func ensureIngressServiceForDataPlane(
 			existingService.Spec.Selector = generatedService.Spec.Selector
 			updated = true
 		}
-		if !cmp.Equal(generatedService.Spec.Ports, existingService.Spec.Ports, cmp.FilterPath(func(p cmp.Path) bool {
-			// We need to check all the service values but the NodePort, as this field is assigned by
-			// the K8S controlplane components.
-			return p.Last().String() == ".NodePort"
-		}, cmp.Ignore())) {
+		if !comparePorts(existingService.Spec.Ports, generatedService.Spec.Ports, dataPlane) {
 			existingService.Spec.Ports = generatedService.Spec.Ports
 			updated = true
 		}
@@ -385,3 +381,44 @@ func ensureIngressServiceForDataPlane(
 
 	return op.Created, generatedService, cl.Create(ctx, generatedService)
 }
+
+// comparePorts compares the ports of two services.
+// It returns true if the ports are equal, ignoring the NodePort field
+// for the ingress service if it was not set in the dataplane spec.
+func comparePorts(
+	a, b []corev1.ServicePort,
+	dataPlane *operatorv1beta1.DataPlane,
+) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i := range a {
+		if a[i].Name != b[i].Name {
+			return false
+		}
+		if a[i].Protocol != b[i].Protocol {
+			return false
+		}
+		if a[i].Port != b[i].Port {
+			return false
+		}
+		if a[i].TargetPort != b[i].TargetPort {
+			return false
+		}
+		if a[i].AppProtocol != b[i].AppProtocol {
+			return false
+		}
+
+		if a[i].NodePort != b[i].NodePort {
+			if dataPlane != nil &&
+				dataPlane.Spec.Network.Services != nil &&
+				dataPlane.Spec.Network.Services.Ingress != nil &&
+				len(dataPlane.Spec.Network.Services.Ingress.Ports) > i &&
+				dataPlane.Spec.Network.Services.Ingress.Ports[i].NodePort != 0 {
+				return false
+			}
+		}
+
+	}
+	return true
+}

controller/dataplane/owned_resources_test.go

@@ -331,3 +331,76 @@ func TestEnsureIngressServiceForDataPlane(t *testing.T) {
 		})
 	}
 }
+
+func TestComparePorts(t *testing.T) {
+	testCases := []struct {
+		name      string
+		a         []corev1.ServicePort
+		b         []corev1.ServicePort
+		dataPlane *operatorv1beta1.DataPlane
+		expected  bool
+	}{
+		{
+			name: "should return true when NodePort differs but not specified in DataPlane spec",
+			a:    []corev1.ServicePort{{Name: "port-80", Port: 80, NodePort: 30080}},
+			b:    []corev1.ServicePort{{Name: "port-80", Port: 80, NodePort: 30081}},
+			dataPlane: builder.NewDataPlaneBuilder().
+				WithIngressServicePorts([]operatorv1beta1.DataPlaneServicePort{
+					{
+						Name:       "http",
+						Port:       80,
+						TargetPort: intstr.FromInt(8000),
+						// NodePort not specified
+					},
+				}).Build(),
+			expected: true,
+		},
+		{
+			name: "should return false when NodePort differs and is specified in DataPlane spec",
+			a:    []corev1.ServicePort{{Name: "port-80", Port: 80, NodePort: 30080}},
+			b:    []corev1.ServicePort{{Name: "port-80", Port: 80, NodePort: 30081}},
+			dataPlane: builder.NewDataPlaneBuilder().
+				WithIngressServicePorts([]operatorv1beta1.DataPlaneServicePort{
+					{
+						Name:       "http",
+						Port:       80,
+						TargetPort: intstr.FromInt(8000),
+						NodePort:   30080,
+					},
+				}).Build(),
+			expected: false,
+		},
+		{
+			name: "should return true when multiple ports match except NodePort which is not specified",
+			a: []corev1.ServicePort{
+				{Name: "port-80", Port: 80, NodePort: 30080},
+				{Name: "port-443", Port: 443, NodePort: 30443},
+			},
+			b: []corev1.ServicePort{
+				{Name: "port-80", Port: 80, NodePort: 30081},
+				{Name: "port-443", Port: 443, NodePort: 30444},
+			},
+			dataPlane: builder.NewDataPlaneBuilder().
+				WithIngressServicePorts([]operatorv1beta1.DataPlaneServicePort{
+					{
+						Name:       "http",
+						Port:       80,
+						TargetPort: intstr.FromInt(8000),
+					},
+					{
+						Name:       "https",
+						Port:       443,
+						TargetPort: intstr.FromInt(8443),
+					},
+				}).Build(),
+			expected: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			actual := comparePorts(tc.a, tc.b, tc.dataPlane)
+			require.Equal(t, tc.expected, actual)
+		})
+	}
+}

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/google/go-containerregistry v0.20.3
 	github.com/google/uuid v1.6.0
 	github.com/gruntwork-io/terratest v0.48.2
-	github.com/kong/kubernetes-configuration v1.3.2-0.20250416141332-1c6842bc66da
+	github.com/kong/kubernetes-configuration v1.3.2-0.20250418121302-ae2932af9c0d
 	github.com/kong/kubernetes-telemetry v0.1.9
 	github.com/kong/kubernetes-testing-framework v0.47.2
 	github.com/kong/semver/v4 v4.0.1

go.sum

@@ -309,8 +309,8 @@ github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zt
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kong/go-kong v0.65.1 h1:CM+8NlF+VbJckTxP2hGmSPKhA1GMliitXjQ7vJiPkaE=
 github.com/kong/go-kong v0.65.1/go.mod h1:sqdysTKrXIJ6mpxHwTwjgZhLW7jR1/puczTXHLUwJaE=
-github.com/kong/kubernetes-configuration v1.3.2-0.20250416141332-1c6842bc66da h1:LLP1I+lIdU+hbasONUxnjpK2TUAr0juMqw+bqygwYd8=
-github.com/kong/kubernetes-configuration v1.3.2-0.20250416141332-1c6842bc66da/go.mod h1:+HRrz0eeoy7d5YJYiCkk736xaSq3y9fbV5SvucYo/tY=
+github.com/kong/kubernetes-configuration v1.3.2-0.20250418121302-ae2932af9c0d h1:0ArTLuANecKiI9/B5+Fxf80And1T1nb+pyob+l1LuVQ=
+github.com/kong/kubernetes-configuration v1.3.2-0.20250418121302-ae2932af9c0d/go.mod h1:3p31CROMO9LZmAB18Udn0luTPl/xu5XLls6DQj4IjB4=
 github.com/kong/kubernetes-telemetry v0.1.9 h1:XbDMZjZZclHO4oyJGW1mmZ6bzbTnANjcRAYsBg+jpno=
 github.com/kong/kubernetes-telemetry v0.1.9/go.mod h1:lBSbaQdJkoMMO0d+cJWopoJiJ+QHFBttbhCp5VRibJ8=
 github.com/kong/kubernetes-testing-framework v0.47.2 h1:+2Z9anTpbV/hwNeN+NFQz53BMU+g3QJydkweBp3tULo=

pkg/utils/kubernetes/resources/services.go

@@ -159,6 +159,7 @@ func ServicePortsFromDataPlaneIngressOpt(dataplane *operatorv1beta1.DataPlane) S
 					Protocol:   corev1.ProtocolTCP,
 					Port:       p.Port,
 					TargetPort: targetPort,
+					NodePort:   p.NodePort,
 				})
 				alreadyUsedPorts[p.Port] = struct{}{}
 			}