feat: set loadbalancerIP from Gateway.spec.addresses (#13070)

Signed-off-by: omar <[email protected]>

Author: puertomontt

pkg/deployer/values.go

@@ -115,6 +115,7 @@ type HelmImage struct {
 type HelmService struct {
 	Type                  *string           `json:"type,omitempty"`
 	ClusterIP             *string           `json:"clusterIP,omitempty"`
+	LoadBalancerIP        *string           `json:"loadBalancerIP,omitempty"`
 	ExtraAnnotations      map[string]string `json:"extraAnnotations,omitempty"`
 	ExtraLabels           map[string]string `json:"extraLabels,omitempty"`
 	ExternalTrafficPolicy *string           `json:"externalTrafficPolicy,omitempty"`

pkg/deployer/values_helpers.go

@@ -1,7 +1,9 @@
 package deployer
 
 import (
+	"errors"
 	"fmt"
+	"net/netip"
 	"regexp"
 	"sort"
 	"strings"
@@ -18,6 +20,14 @@ import (
 	"github.com/kgateway-dev/kgateway/v2/pkg/pluginsdk/ir"
 )
 
+var (
+	// ErrMultipleAddresses is returned when multiple addresses are specified in Gateway.spec.addresses
+	ErrMultipleAddresses = errors.New("multiple addresses given, only one address is supported")
+
+	// ErrNoValidIPAddress is returned when no valid IP address is found in Gateway.spec.addresses
+	ErrNoValidIPAddress = errors.New("IP address in Gateway.spec.addresses not valid")
+)
+
 // This file contains helper functions that generate helm values in the format needed
 // by the deployer.
 
@@ -108,16 +118,59 @@ func GetServiceValues(svcConfig *kgateway.Service) *HelmService {
 	// convert the service type enum to its string representation;
 	// if type is not set, it will default to 0 ("ClusterIP")
 	var svcType *string
-	if svcConfig.GetType() != nil {
-		svcType = ptr.To(string(*svcConfig.GetType()))
+	var clusterIP *string
+	var extraAnnotations map[string]string
+	var extraLabels map[string]string
+	var externalTrafficPolicy *string
+
+	if svcConfig != nil {
+		if svcConfig.GetType() != nil {
+			svcType = ptr.To(string(*svcConfig.GetType()))
+		}
+		clusterIP = svcConfig.GetClusterIP()
+		extraAnnotations = svcConfig.GetExtraAnnotations()
+		extraLabels = svcConfig.GetExtraLabels()
+		externalTrafficPolicy = svcConfig.GetExternalTrafficPolicy()
 	}
+
 	return &HelmService{
 		Type:                  svcType,
-		ClusterIP:             svcConfig.GetClusterIP(),
-		ExtraAnnotations:      svcConfig.GetExtraAnnotations(),
-		ExtraLabels:           svcConfig.GetExtraLabels(),
-		ExternalTrafficPolicy: svcConfig.GetExternalTrafficPolicy(),
+		ClusterIP:             clusterIP,
+		ExtraAnnotations:      extraAnnotations,
+		ExtraLabels:           extraLabels,
+		ExternalTrafficPolicy: externalTrafficPolicy,
+	}
+}
+
+// SetLoadBalancerIPFromGateway extracts the IP address from Gateway.spec.addresses
+// and sets it on the HelmService if the service type is LoadBalancer.
+// Only sets the IP if exactly one valid IP address is found in Gateway.spec.addresses.
+// Returns an error if more than one address is specified or no valid IP address is found.
+func SetLoadBalancerIPFromGateway(gw *gwv1.Gateway, svc *HelmService) error {
+	// Only extract IP if service type is LoadBalancer
+	if svc.Type == nil || *svc.Type != string(corev1.ServiceTypeLoadBalancer) {
+		return nil
 	}
+
+	if len(gw.Spec.Addresses) == 0 {
+		return nil
+	}
+
+	if len(gw.Spec.Addresses) > 1 {
+		return fmt.Errorf("%w: gateway %s/%s has %d addresses", ErrMultipleAddresses, gw.Namespace, gw.Name, len(gw.Spec.Addresses))
+	}
+
+	addr := gw.Spec.Addresses[0]
+	// IPAddressType or nil (defaults to IPAddressType per Gateway API spec)
+	if addr.Type == nil || *addr.Type == gwv1.IPAddressType {
+		// Validate IP format
+		if parsedIP, err := netip.ParseAddr(addr.Value); err == nil && parsedIP.IsValid() {
+			svc.LoadBalancerIP = &addr.Value
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%w: gateway %s/%s has no valid IP address", ErrNoValidIPAddress, gw.Namespace, gw.Name)
 }
 
 // Convert service account values from GatewayParameters into helm values to be used by the deployer.

pkg/deployer/values_helpers_test.go

@@ -4,6 +4,10 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 func TestComponentLogLevelsToString(t *testing.T) {
@@ -56,3 +60,175 @@ func TestComponentLogLevelsToString(t *testing.T) {
 		})
 	}
 }
+
+func TestSetLoadBalancerIPFromGateway(t *testing.T) {
+	tests := []struct {
+		name        string
+		addresses   []gwv1.GatewaySpecAddress
+		serviceType *string
+		wantIP      *string
+		wantErr     error
+	}{
+		{
+			name: "single valid IPv4 address with LoadBalancer service",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      ptr.To("203.0.113.10"),
+			wantErr:     nil,
+		},
+		{
+			name: "single valid IPv6 address with LoadBalancer service",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "2001:db8::1"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      ptr.To("2001:db8::1"),
+			wantErr:     nil,
+		},
+		{
+			name: "nil address type defaults to IPAddressType",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: nil, Value: "192.0.2.1"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      ptr.To("192.0.2.1"),
+			wantErr:     nil,
+		},
+		{
+			name:        "empty addresses array with LoadBalancer service",
+			addresses:   []gwv1.GatewaySpecAddress{},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     nil,
+		},
+		{
+			name: "multiple valid IP addresses returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.11"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrMultipleAddresses,
+		},
+		{
+			name: "multiple addresses with mixed types returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.HostnameAddressType), Value: "example.com"},
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrMultipleAddresses,
+		},
+		{
+			name: "single hostname address returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.HostnameAddressType), Value: "example.com"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrNoValidIPAddress,
+		},
+		{
+			name: "single invalid IP address returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "not-an-ip"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrNoValidIPAddress,
+		},
+		{
+			name: "single invalid IP address format returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "256.256.256.256"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrNoValidIPAddress,
+		},
+		{
+			name: "nil type with valid IP returns IP",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: nil, Value: "203.0.113.10"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      ptr.To("203.0.113.10"),
+			wantErr:     nil,
+		},
+		{
+			name: "nil type with invalid IP returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: nil, Value: "invalid"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrNoValidIPAddress,
+		},
+		{
+			name: "three addresses returns error",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.11"},
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.12"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeLoadBalancer)),
+			wantIP:      nil,
+			wantErr:     ErrMultipleAddresses,
+		},
+		{
+			name: "valid IP with ClusterIP service does not set IP",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+			},
+			serviceType: ptr.To(string(corev1.ServiceTypeClusterIP)),
+			wantIP:      nil,
+			wantErr:     nil,
+		},
+		{
+			name: "valid IP with nil service type does not set IP",
+			addresses: []gwv1.GatewaySpecAddress{
+				{Type: ptr.To(gwv1.IPAddressType), Value: "203.0.113.10"},
+			},
+			serviceType: nil,
+			wantIP:      nil,
+			wantErr:     nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gw := &gwv1.Gateway{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-gateway",
+					Namespace: "default",
+				},
+				Spec: gwv1.GatewaySpec{
+					Addresses: tt.addresses,
+				},
+			}
+
+			svc := &HelmService{
+				Type: tt.serviceType,
+			}
+
+			err := SetLoadBalancerIPFromGateway(gw, svc)
+			if tt.wantErr != nil {
+				assert.Error(t, err, "expected error")
+				assert.ErrorIs(t, err, tt.wantErr, "error type mismatch")
+				assert.Nil(t, svc.LoadBalancerIP, "expected nil IP when error occurs")
+			} else {
+				assert.NoError(t, err, "unexpected error")
+				if tt.wantIP == nil {
+					assert.Nil(t, svc.LoadBalancerIP, "expected nil but got %v", svc.LoadBalancerIP)
+				} else {
+					assert.NotNil(t, svc.LoadBalancerIP, "expected non-nil IP")
+					assert.Equal(t, *tt.wantIP, *svc.LoadBalancerIP, "IP address mismatch")
+				}
+			}
+		})
+	}
+}

pkg/kgateway/deployer/gateway_parameters.go

@@ -478,6 +478,10 @@ func (k *kgatewayParameters) getValues(gw *gwv1.Gateway, gwParam *kgateway.Gatew
 
 	// service values
 	gateway.Service = deployer.GetServiceValues(svcConfig)
+	// Extract loadBalancerIP from Gateway.spec.addresses and set it on the service if service type is LoadBalancer
+	if err := deployer.SetLoadBalancerIPFromGateway(gw, gateway.Service); err != nil {
+		return nil, err
+	}
 	// serviceaccount values
 	gateway.ServiceAccount = deployer.GetServiceAccountValues(svcAccountConfig)
 	// pod template values

pkg/kgateway/helm/agentgateway/templates/service.yaml

@@ -21,6 +21,9 @@ spec:
   {{- with $gateway.service.clusterIP }}
   clusterIP: {{ . }}
   {{- end }}
+  {{- with $gateway.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
   ports:
   {{- range $p := $gateway.ports }}
     - name: {{ $p.name }}

pkg/kgateway/helm/envoy/templates/service.yaml

@@ -21,6 +21,9 @@ spec:
   {{- with $gateway.service.clusterIP }}
   clusterIP: {{ . }}
   {{- end }}
+  {{- with $gateway.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
   ports:
   {{- range $p := $gateway.ports }}
   - name: {{ $p.name }}

test/deployer/internal_helm_test.go

@@ -121,6 +121,10 @@ wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBtestcertdata
 			Name:      "envoy-infrastructure",
 			InputFile: "envoy-infrastructure",
 		},
+		{
+			Name:      "gateway with static IP address",
+			InputFile: "loadbalancer-static-ip",
+		},
 		{
 			Name:      "agentgateway-params-primary",
 			InputFile: "agentgateway-params-primary",