Remove support for legacy banzaicloud istio operator based ingress

Author: amuraru

.github/actions/kind-create/action.yaml

@@ -46,12 +46,12 @@ runs:
       chmod 600 $kubeconfig_path
       echo "kubeconfig=$(echo $kubeconfig_path)" >> $GITHUB_OUTPUT
     shell: bash
-  
+
   - name: Install cloud-provider-kind
     id: cloud-provider-kind
     run: |
       echo "Install cloud-provider-kind"
       go install sigs.k8s.io/cloud-provider-kind@latest
-      kubectl label node e2e-kind-control-plane node.kubernetes.io/exclude-from-external-load-balancers- 
+      kubectl label node e2e-kind-control-plane node.kubernetes.io/exclude-from-external-load-balancers-
       ~/go/bin/cloud-provider-kind &
     shell: bash

.github/workflows/codeql-analysis.yml

@@ -60,17 +60,17 @@ jobs:
       run: |
         # Build main module
         go build ./...
-        
+
         # Build api module
         cd api
         go build ./...
         cd ..
-        
+
         # Build properties module
         cd properties
         go build ./...
         cd ..
-        
+
         # Build main binary
         go build -o bin/manager main.go
 

.github/workflows/e2e-test.yaml

@@ -87,3 +87,5 @@ jobs:
           # Clean any existing go.work files to avoid workspace conflicts
           rm -f go.work go.work.sum
           IMG_E2E=$REPOSITORY:$GITHUB_SHA make test-e2e
+
+

ADOPTERS.md

@@ -1,8 +1,8 @@
 # Adopters
  This is a list of production adopters of Banzai Cloud's Kafka Operator (in alphabetical order):
- 
+
 - Adobe Experience Platform is using the Kafka Operator to enable consistent deployment, dynamic scaling, smooth upgrades and auto-balancing in our cross-cloud Kafka infrastructure. Adobe is also contributing to the open source version of the operator.
 
 - [Banzai Cloud](https://banzaicloud.com) is using the Kafka Operator to provision, configure and manage a secure, resilient and autoscaling production ready Apache Kafka for customers.
 
-- AffirmedNetworks is looking to use Kafka Operator to provision, configure and manage life cycle of production ready Apache Kafka. One of the use cases we are looking at, is to use Kafka to manage Event Data/Detail Record that gets generated in our applications. 
+- AffirmedNetworks is looking to use Kafka Operator to provision, configure and manage life cycle of production ready Apache Kafka. One of the use cases we are looking at, is to use Kafka to manage Event Data/Detail Record that gets generated in our applications.

MIGRATION_PLAN.md

@@ -0,0 +1,280 @@
+# Migration Plan: Istio Operator → Envoy Gateway
+
+## Overview
+
+This document outlines the complete migration plan to replace the Istio-based ingress controller with [Envoy Gateway](https://gateway.envoyproxy.io/) for Kafka external access in Koperator.
+
+**Migration Date**: 2025-11-03  
+**Last Commit**: 37d9feba - "Add e2e tests"  
+**Branch**: istio
+
+## Rationale
+
+- **Standardization**: Envoy Gateway uses Kubernetes Gateway API (standard)
+- **Simplification**: Remove dependency on Istio operator and custom client library
+- **Community Support**: Envoy Gateway is actively maintained by the Envoy community
+- **Reduced Complexity**: Eliminate custom mesh gateway deployments
+
+## Current State
+
+### Istio Components to Remove
+- `pkg/resources/istioingress/` - Complete Istio ingress implementation
+- `third_party/github.com/banzaicloud/istio-client-go` - Custom Istio client
+- `tests/e2e/test_istio_kafka_cluster.go` - Istio e2e tests
+- `config/samples/kraft/kafkacluster-kraft-with-istio.yaml` - Sample config
+- API types: `IstioIngressConfig` struct and related fields
+
+### Existing Envoy Support
+The codebase already has `pkg/resources/envoy/` which creates custom Envoy deployments. This will remain as-is for now (users can still use `ingressController: "envoy"`).
+
+---
+
+## Phase 1: Code Changes
+
+### 1.1 API Changes
+
+**File**: `api/v1beta1/kafkacluster_types.go`
+
+- [ ] Remove `IstioIngressConfig` struct (lines ~511-531)
+- [ ] Remove `IstioIngressConfig` field from `KafkaClusterSpec` (line ~205)
+- [ ] Remove `IstioIngressConfig` field from `IngressConfig` struct (line ~742)
+- [ ] Update `IngressController` enum validation to remove `istioingress` (line ~188)
+- [ ] Remove Istio-related constants:
+  - `defaultIstioIngressRequestResourceCpu`
+  - `defaultIstioIngressRequestResourceMemory`
+  - `defaultIstioIngressLimitResourceCpu`
+  - `defaultIstioIngressLimitResourceMemory`
+  - `DefaultIstioProxyImage`
+- [ ] Remove methods:
+  - `GetResources()` for IstioIngressConfig
+  - `GetReplicas()` for IstioIngressConfig
+  - `GetAnnotations()` for IstioIngressConfig
+  - `GetVirtualServiceAnnotations()` for IstioIngressConfig
+  - `GetLoadBalancerSourceRanges()` for IstioIngressConfig
+- [ ] Remove import: `github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1`
+
+**File**: `api/v1beta1/zz_generated.deepcopy.go`
+- [ ] Regenerate after API changes
+
+### 1.2 Remove Istio Client Dependency
+
+**File**: `go.mod`
+- [ ] Remove `github.com/banzaicloud/istio-client-go v0.0.17` dependency
+- [ ] Remove replace directive: `github.com/banzaicloud/istio-client-go => ./third_party/github.com/banzaicloud/istio-client-go`
+- [ ] Run `go mod tidy`
+
+**Directory**: `third_party/github.com/banzaicloud/istio-client-go`
+- [ ] Delete entire directory
+
+### 1.3 Remove Istio Ingress Implementation
+
+**Directory**: `pkg/resources/istioingress/`
+- [ ] Delete entire directory containing:
+  - `istioingress.go` - Main reconciler
+  - `gateway.go` - Istio Gateway resources
+  - `virtualservice.go` - Istio VirtualService resources
+  - `meshgateway.go` - Custom mesh gateway deployment
+  - `istioingress_test.go` - Unit tests
+  - `meshgateway_test.go` - Unit tests
+
+**Directory**: `pkg/util/istioingress/`
+- [ ] Check if exists and delete if present
+
+### 1.4 Update Controller
+
+**File**: `controllers/kafkacluster_controller.go`
+- [ ] Remove import: `istioingress "github.com/banzaicloud/koperator/pkg/resources/istioingress"`
+- [ ] Remove from reconcilers list (line ~124): `istioingress.New(r.Client, instance),`
+- [ ] Remove any Istio-specific watches (check `SetupKafkaClusterWithManager`)
+
+### 1.5 Update Utility Functions
+
+**File**: `pkg/util/` (various files)
+- [ ] Search for Istio references: `grep -r "istio" pkg/util/`
+- [ ] Update or remove Istio-specific utility functions
+- [ ] Check `pkg/util/kafka/` for any Istio-related code
+
+---
+
+## Phase 2: Unit Tests
+
+### 2.1 Remove Istio Unit Tests
+
+**Files to Delete**:
+- [ ] `pkg/resources/istioingress/istioingress_test.go`
+- [ ] `pkg/resources/istioingress/meshgateway_test.go`
+- [ ] `controllers/tests/kafkacluster_controller_istioingress_test.go`
+
+### 2.2 Update Existing Tests
+
+**File**: `pkg/k8sutil/resource_test.go`
+- [ ] Remove Istio-related test cases (check for 278 new lines from last commit)
+
+**File**: `pkg/resources/envoy/envoy_test.go`
+- [ ] Review and ensure no Istio dependencies (303 new lines from last commit)
+
+**File**: `pkg/scale/scale_test.go`
+- [ ] Remove Istio scenarios if any
+
+**File**: `pkg/resources/nodeportexternalaccess/nodeportExternalAccess_test.go`
+- [ ] Review for Istio references (233 new lines from last commit)
+
+### 2.3 Run Unit Tests
+
+- [ ] Run: `make test`
+- [ ] Fix any compilation errors
+- [ ] Ensure all tests pass
+
+---
+
+## Phase 3: E2E Tests
+
+### 3.1 Remove Istio E2E Tests
+
+**Files to Delete**:
+- [ ] `tests/e2e/test_istio_kafka_cluster.go` (202 lines)
+- [ ] `config/samples/kraft/kafkacluster-kraft-with-istio.yaml` (245 lines)
+
+**File**: `tests/e2e/koperator_suite_test.go`
+- [ ] Remove Istio test invocations
+
+### 3.2 Update E2E Test Infrastructure
+
+**File**: `tests/e2e/const.go`
+- [ ] Remove Istio CRD kinds from `koperatorRelatedResourceKinds()` (lines 130-142):
+  - `virtualservices.networking.istio.io`
+  - `gateways.networking.istio.io`
+  - `destinationrules.networking.istio.io`
+  - `serviceentries.networking.istio.io`
+  - `workloadentries.networking.istio.io`
+  - `workloadgroups.networking.istio.io`
+  - `envoyfilters.networking.istio.io`
+  - `sidecars.networking.istio.io`
+  - `authorizationpolicies.security.istio.io`
+  - `peerauthentications.security.istio.io`
+  - `requestauthentications.security.istio.io`
+  - `telemetries.telemetry.istio.io`
+  - `wasmplugins.extensions.istio.io`
+
+**File**: `.github/workflows/e2e-test.yaml`
+- [ ] Remove Istio installation steps if any
+
+**File**: `.github/actions/kind-create/action.yaml`
+- [ ] Remove Istio setup if present
+
+### 3.3 Run E2E Tests
+
+- [ ] Run: `make e2e-test` or equivalent
+- [ ] Ensure tests pass without Istio
+
+---
+
+## Phase 4: Documentation & Cleanup
+
+### 4.1 Update CRDs
+
+**Files**:
+- [ ] `charts/kafka-operator/crds/kafkaclusters.yaml` - Regenerate
+- [ ] `config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml` - Regenerate
+- [ ] Run: `make generate manifests`
+
+### 4.2 Update Documentation
+
+**File**: `README.md`
+- [ ] Remove Istio references
+- [ ] Update ingress controller options (only `envoy` and `contour`)
+
+**File**: `docs/developer.md`
+- [ ] Update development setup (remove Istio)
+
+**File**: `ADOPTERS.md`
+- [ ] Review and update if needed
+
+### 4.3 Final Cleanup
+
+- [ ] Search for remaining "istio" references:
+  ```bash
+  grep -ri "istio" --exclude-dir=vendor --exclude-dir=.git --exclude="*.sum" --exclude="MIGRATION_PLAN.md"
+  ```
+- [ ] Update any remaining references
+- [ ] Run full test suite: `make test`
+- [ ] Run linting: `make lint`
+- [ ] Update CHANGELOG or release notes
+
+### 4.4 Verify Build
+
+- [ ] Run: `make build`
+- [ ] Run: `make docker-build`
+- [ ] Ensure no compilation errors
+
+---
+
+## Breaking Changes
+
+⚠️ **This is a BREAKING CHANGE for users**
+
+### Impact
+Users currently using `ingressController: "istioingress"` will need to migrate.
+
+### Migration Path for Users
+
+**Option 1: Use existing Envoy support**
+```yaml
+spec:
+  ingressController: "envoy"
+  envoyConfig:
+    # ... existing envoy config
+```
+
+**Option 2: Use Contour**
+```yaml
+spec:
+  ingressController: "contour"
+  contourIngressConfig:
+    # ... contour config
+```
+
+**Option 3: Future - Envoy Gateway** (not in this migration)
+Users who want Envoy Gateway will need to wait for future implementation or use the existing `envoy` option.
+
+---
+
+## Testing Checklist
+
+- [ ] Unit tests pass: `make test`
+- [ ] E2E tests pass: `make e2e-test`
+- [ ] Linting passes: `make lint`
+- [ ] Build succeeds: `make build`
+- [ ] Docker build succeeds: `make docker-build`
+- [ ] CRDs generated correctly: `make manifests`
+- [ ] No Istio references remain in codebase
+
+---
+
+## Rollback Plan
+
+If issues arise:
+1. Revert to commit `37d9feba` (before migration)
+2. Cherry-pick any critical fixes
+3. Re-evaluate migration approach
+
+---
+
+## Timeline
+
+- **Phase 1**: Code Changes - 2-3 hours
+- **Phase 2**: Unit Tests - 1-2 hours
+- **Phase 3**: E2E Tests - 1-2 hours
+- **Phase 4**: Documentation & Cleanup - 1 hour
+
+**Total Estimated Time**: 5-8 hours
+
+---
+
+## Notes
+
+- The existing `pkg/resources/envoy/` implementation remains unchanged
+- This migration only removes Istio support
+- Future work could add Envoy Gateway support as a new ingress controller type
+- Users have `envoy` and `contour` as alternatives
+

api/assets/kafka/kraft-controller-healthcheck.sh

@@ -33,7 +33,7 @@ MATCHING_METRIC=$(curl -s "$JMX_ENDPOINT" | grep "^${METRIC_PREFIX}" | awk '$2 =
 
 # If it's not empty, it means we found a metric with a value of 1.0.
 if [ -n "$MATCHING_METRIC" ]; then
-    # Determine the state of the controller using the last field name of the metric 
+    # Determine the state of the controller using the last field name of the metric
     # Possible values are leader, candidate, voted, follower, unattached, observer
     STATE=$(echo "$MATCHING_METRIC" | rev | cut -d'_' -f1 | rev)
 

api/v1beta1/common_types.go

@@ -199,12 +199,6 @@ const (
 	PKIBackendK8sCSR PKIBackend = "k8s-csr"
 )
 
-// IstioControlPlaneReference is a reference to the IstioControlPlane resource.
-type IstioControlPlaneReference struct {
-	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
-}
-
 // GracefulActionState holds information about GracefulAction State
 type GracefulActionState struct {
 	// CruiseControlState holds the information about graceful action state