adobe
diff --git a/‎api/v1beta1/kafkacluster_types.go‎
Lines changed: 49 additions & 10 deletions b/‎api/v1beta1/kafkacluster_types.go‎
Lines changed: 49 additions & 10 deletions
diff --git a/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 28 additions & 0 deletions b/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎charts/kafka-operator/crds/kafkaclusters.yaml‎
Lines changed: 53 additions & 0 deletions b/‎charts/kafka-operator/crds/kafkaclusters.yaml‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml‎
Lines changed: 53 additions & 0 deletions b/‎config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎config/base/rbac/role.yaml‎
Lines changed: 14 additions & 0 deletions b/‎config/base/rbac/role.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎config/samples/kraft/simplekafkacluster_kraft_with_envoy.yaml‎
Lines changed: 65 additions & 0 deletions b/‎config/samples/kraft/simplekafkacluster_kraft_with_envoy.yaml‎
Lines changed: 65 additions & 0 deletions
@@ -169,7 +169,7 @@ type KafkaClusterSpec struct {
 	RollingUpgradeConfig        RollingUpgradeConfig    `json:"rollingUpgradeConfig"`
 	// Selector for broker pods that need to be recycled/reconciled
 	TaintedBrokersSelector *metav1.LabelSelector `json:"taintedBrokersSelector,omitempty"`
-	// +kubebuilder:validation:Enum=envoy;contour
+	// +kubebuilder:validation:Enum=envoy;contour;envoygateway
 	// IngressController specifies the type of the ingress controller to be used for external listeners.
 	IngressController string `json:"ingressController,omitempty"`
 	// If true OneBrokerPerNode ensures that each kafka broker will be placed on a different node unless a custom
@@ -179,13 +179,14 @@ type KafkaClusterSpec struct {
 	// when false, they will be kept so the Kafka cluster remains available for those Kafka clients which are still using the previous ingress setting.
 	// +kubebuilder:default=false
 	// +optional
-	RemoveUnusedIngressResources bool                 `json:"removeUnusedIngressResources,omitempty"`
-	PropagateLabels              bool                 `json:"propagateLabels,omitempty"`
-	CruiseControlConfig          CruiseControlConfig  `json:"cruiseControlConfig"`
-	EnvoyConfig                  EnvoyConfig          `json:"envoyConfig,omitempty"`
-	ContourIngressConfig         ContourIngressConfig `json:"contourIngressConfig,omitempty"`
-	MonitoringConfig             MonitoringConfig     `json:"monitoringConfig,omitempty"`
-	AlertManagerConfig           *AlertManagerConfig  `json:"alertManagerConfig,omitempty"`
+	RemoveUnusedIngressResources bool                      `json:"removeUnusedIngressResources,omitempty"`
+	PropagateLabels              bool                      `json:"propagateLabels,omitempty"`
+	CruiseControlConfig          CruiseControlConfig       `json:"cruiseControlConfig"`
+	EnvoyConfig                  EnvoyConfig               `json:"envoyConfig,omitempty"`
+	ContourIngressConfig         ContourIngressConfig      `json:"contourIngressConfig,omitempty"`
+	EnvoyGatewayConfig           EnvoyGatewayIngressConfig `json:"envoyGatewayConfig,omitempty"`
+	MonitoringConfig             MonitoringConfig          `json:"monitoringConfig,omitempty"`
+	AlertManagerConfig           *AlertManagerConfig       `json:"alertManagerConfig,omitempty"`
 	// Envs defines environment variables for Kafka broker Pods.
 	// Adding the "+" prefix to the name prepends the value to that environment variable instead of overwriting it.
 	// Add the "+" suffix to append.
@@ -588,6 +589,24 @@ func (c EnvoyConfig) GetBrokerHostname(brokerId int32) string {
 	return strings.Replace(c.BrokerHostnameTemplate, "%id", strconv.Itoa(int(brokerId)), 1)
 }
 
+// GetBrokerHostname returns the broker hostname for the given broker ID
+func (c EnvoyGatewayIngressConfig) GetBrokerHostname(brokerId int32) string {
+	return strings.Replace(c.BrokerHostnameTemplate, "%id", strconv.Itoa(int(brokerId)), 1)
+}
+
+// GetGatewayClassName returns the GatewayClassName or default value
+func (c EnvoyGatewayIngressConfig) GetGatewayClassName() string {
+	if c.GatewayClassName == "" {
+		return "eg"
+	}
+	return c.GatewayClassName
+}
+
+// GetAnnotations returns the annotations for the Gateway resource
+func (c EnvoyGatewayIngressConfig) GetAnnotations() map[string]string {
+	return util.CloneMap(c.Annotations)
+}
+
 // We use -1 for ExternalStartingPort value to enable TLS on envoy
 func (c ExternalListenerConfig) TLSEnabled() bool {
 	return c.ExternalStartingPort == -1
@@ -686,8 +705,9 @@ type Config struct {
 
 type IngressConfig struct {
 	IngressServiceSettings `json:",inline"`
-	EnvoyConfig            *EnvoyConfig          `json:"envoyConfig,omitempty"`
-	ContourIngressConfig   *ContourIngressConfig `json:"contourIngressConfig,omitempty"`
+	EnvoyConfig            *EnvoyConfig               `json:"envoyConfig,omitempty"`
+	ContourIngressConfig   *ContourIngressConfig      `json:"contourIngressConfig,omitempty"`
+	EnvoyGatewayConfig     *EnvoyGatewayIngressConfig `json:"envoyGatewayConfig,omitempty"`
 }
 
 type ContourIngressConfig struct {
@@ -697,6 +717,25 @@ type ContourIngressConfig struct {
 	BrokerFQDNTemplate string `json:"brokerFQDNTemplate"`
 }
 
+type EnvoyGatewayIngressConfig struct {
+	// GatewayClassName is the name of the GatewayClass resource to use
+	// +optional
+	GatewayClassName string `json:"gatewayClassName,omitempty"`
+	// GatewayName is the name of the Gateway resource to create
+	// +optional
+	GatewayName string `json:"gatewayName,omitempty"`
+	// TLSSecretName is the name of the secret containing TLS certificates for TLS termination
+	// +optional
+	TLSSecretName string `json:"tlsSecretName,omitempty"`
+	// BrokerHostnameTemplate is the template for generating broker hostnames (e.g., "kafka-%id.example.com")
+	// The %id placeholder will be replaced with the broker ID
+	// +optional
+	BrokerHostnameTemplate string `json:"brokerHostnameTemplate,omitempty"`
+	// Annotations to add to the Gateway resource
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
 // InternalListenerConfig defines the internal listener config for Kafka
 type InternalListenerConfig struct {
 	CommonListenerSpec             `json:",inline"`
 
@@ -20780,6 +20780,31 @@ spec:
                       type: object
                     type: array
                 type: object
+              envoyGatewayConfig:
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to add to the Gateway resource
+                    type: object
+                  brokerHostnameTemplate:
+                    description: |-
+                      BrokerHostnameTemplate is the template for generating broker hostnames (e.g., "kafka-%id.example.com")
+                      The %id placeholder will be replaced with the broker ID
+                    type: string
+                  gatewayClassName:
+                    description: GatewayClassName is the name of the GatewayClass
+                      resource to use
+                    type: string
+                  gatewayName:
+                    description: GatewayName is the name of the Gateway resource to
+                      create
+                    type: string
+                  tlsSecretName:
+                    description: TLSSecretName is the name of the secret containing
+                      TLS certificates for TLS termination
+                    type: string
+                type: object
               envs:
                 description: |-
                   Envs defines environment variables for Kafka broker Pods.
@@ -20948,6 +20973,7 @@ spec:
                 enum:
                 - envoy
                 - contour
+                - envoygateway
                 type: string
               kRaft:
                 default: false
@@ -22610,6 +22636,33 @@ spec:
                                           type: object
                                         type: array
                                     type: object
+                                  envoyGatewayConfig:
+                                    properties:
+                                      annotations:
+                                        additionalProperties:
+                                          type: string
+                                        description: Annotations to add to the Gateway
+                                          resource
+                                        type: object
+                                      brokerHostnameTemplate:
+                                        description: |-
+                                          BrokerHostnameTemplate is the template for generating broker hostnames (e.g., "kafka-%id.example.com")
+                                          The %id placeholder will be replaced with the broker ID
+                                        type: string
+                                      gatewayClassName:
+                                        description: GatewayClassName is the name
+                                          of the GatewayClass resource to use
+                                        type: string
+                                      gatewayName:
+                                        description: GatewayName is the name of the
+                                          Gateway resource to create
+                                        type: string
+                                      tlsSecretName:
+                                        description: TLSSecretName is the name of
+                                          the secret containing TLS certificates for
+                                          TLS termination
+                                        type: string
+                                    type: object
                                   externalTrafficPolicy:
                                     description: |-
                                       externalTrafficPolicy denotes if this Service desires to route external
 
@@ -20780,6 +20780,31 @@ spec:
                       type: object
                     type: array
                 type: object
+              envoyGatewayConfig:
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to add to the Gateway resource
+                    type: object
+                  brokerHostnameTemplate:
+                    description: |-
+                      BrokerHostnameTemplate is the template for generating broker hostnames (e.g., "kafka-%id.example.com")
+                      The %id placeholder will be replaced with the broker ID
+                    type: string
+                  gatewayClassName:
+                    description: GatewayClassName is the name of the GatewayClass
+                      resource to use
+                    type: string
+                  gatewayName:
+                    description: GatewayName is the name of the Gateway resource to
+                      create
+                    type: string
+                  tlsSecretName:
+                    description: TLSSecretName is the name of the secret containing
+                      TLS certificates for TLS termination
+                    type: string
+                type: object
               envs:
                 description: |-
                   Envs defines environment variables for Kafka broker Pods.
@@ -20948,6 +20973,7 @@ spec:
                 enum:
                 - envoy
                 - contour
+                - envoygateway
                 type: string
               kRaft:
                 default: false
@@ -22610,6 +22636,33 @@ spec:
                                           type: object
                                         type: array
                                     type: object
+                                  envoyGatewayConfig:
+                                    properties:
+                                      annotations:
+                                        additionalProperties:
+                                          type: string
+                                        description: Annotations to add to the Gateway
+                                          resource
+                                        type: object
+                                      brokerHostnameTemplate:
+                                        description: |-
+                                          BrokerHostnameTemplate is the template for generating broker hostnames (e.g., "kafka-%id.example.com")
+                                          The %id placeholder will be replaced with the broker ID
+                                        type: string
+                                      gatewayClassName:
+                                        description: GatewayClassName is the name
+                                          of the GatewayClass resource to use
+                                        type: string
+                                      gatewayName:
+                                        description: GatewayName is the name of the
+                                          Gateway resource to create
+                                        type: string
+                                      tlsSecretName:
+                                        description: TLSSecretName is the name of
+                                          the secret containing TLS certificates for
+                                          TLS termination
+                                        type: string
+                                    type: object
                                   externalTrafficPolicy:
                                     description: |-
                                       externalTrafficPolicy denotes if this Service desires to route external
 
@@ -109,6 +109,20 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - gateway.networking.k8s.io
+  resources:
+  - gateways
+  - tcproutes
+  - tlsroutes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - kafka.banzaicloud.io
   resources:
 
@@ -0,0 +1,65 @@
+apiVersion: kafka.banzaicloud.io/v1beta1
+kind: KafkaCluster
+metadata:
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: kafka
+spec:
+  monitoringConfig:
+    jmxImage: "ghcr.io/adobe/koperator/jmx-javaagent:1.4.0"
+  headlessServiceEnabled: true
+  propagateLabels: false
+  oneBrokerPerNode: false
+  clusterImage: "ghcr.io/adobe/koperator/kafka:2.13-3.9.1"
+  ingressController: "envoy"
+  kRaftMode: true
+  readOnlyConfig: |
+    auto.create.topics.enable=false
+    cruise.control.metrics.topic.auto.create=true
+    cruise.control.metrics.topic.num.partitions=1
+    cruise.control.metrics.topic.replication.factor=2
+  brokerConfigGroups:
+    default:
+      storageConfigs:
+        - mountPath: "/kafka-logs"
+          pvcSpec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 10Gi
+      brokerAnnotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9020"
+  brokers:
+    - id: 0
+      brokerConfigGroup: "default"
+      brokerConfig:
+        roles:
+          - "broker"
+          - "controller"
+    - id: 2
+      brokerConfigGroup: "default"
+      brokerConfig:
+        roles:
+          - "broker"
+          - "controller"
+  rollingUpgradeConfig:
+    failureThreshold: 1
+  listenersConfig:
+    internalListeners:
+      - type: "plaintext"
+        name: "internal"
+        containerPort: 29092
+        usedForInnerBrokerCommunication: true
+      - type: "plaintext"
+        name: "controller"
+        containerPort: 29093
+        usedForInnerBrokerCommunication: false
+        usedForControllerCommunication: true
+    externalListeners:
+    - type: "plaintext"
+      name: "external"
+      externalStartingPort: 19090
+      containerPort: 9094
+