diff --git a/devel/architecture/kgateway/DEV.md b/devel/architecture/kgateway/DEV.md
new file mode 100644
index 00000000000..778ec09d956
--- /dev/null
+++ b/devel/architecture/kgateway/DEV.md
@@ -0,0 +1,103 @@
+# Architecture
+Kgateway is a control plane for envoy based on the gateway-api. This means that we translate K8s objects like Gateways, HttpRoutes, Service, EndpointSlices and User policy into envoy configuration.
+
+Our goals with the architecture of the project are to make it scalable and extendable.
+
+To make the project scalable, it's important to keep the computation minimal when changes occur. For example, when a pod changes, or a policy is updated, we do the minimum amount of computation to update the envoy configuration.
+
+With extendability, Kgateway is the basis on-top of which users can easily add their own custom logic. to that end we have a plugin system that allows users to add their own custom logic to the control plane in a way that's opaque to the core code.
+
+
+Going down further, to enable these goals we use [KRT](https://github.com/istio/istio/tree/master/pkg/kube/krt#krt-kubernetes-declarative-controller-runtime) based system. KRT gives us a few advantages:
+- The ability to complement controllers of custom Intermediate Representation (henceforth IR).
+- Automatically track object dependencies and changes and only invoke logic that depends on the object that changed.
+
+# CRD Lifecycle
+
+How does a user CRD make it into envoy?
+
+We have 3 main translation lifecycles: Routes & Listeners, Clusters and Endpoints.
+
+Let's focus on the first one - Routes and Listeners, as this is where the majority of the logic is.
+
+Envoy Routes & Listeners translate from Gateways, HttpRoutes, and user policies (i.e. RoutePolicy, ListenerPolicy, etc).
+
+## Policies (Contributed by Plugins)
+
+To add a policy to KGateway, it needs to be contributed through a **plugin**. Each plugin acts as an independent Kubernetes controller that provides Kgateway with a **KRT collection of IR policies** (this is done by translating the policy CRD to a policy IR). The second important thing a plugin provides is a function that allocates a **translation pass** for the gateway translation phase. This will be used when doing xDS translation. More on that later.
+
+To add a policy to Kgateway we need to 'contribute' it as a plugin. You can think of a plugin as an
+independent k8s controller that translates a CRD to an krt-collection of policies in IR form Kgateway can understand (it's called `ir.PolicyWrapper`).
+A plugin lifecycle is the length of the program - it doesn't reset on each translation (we will explain later where we hold translation state).
+
+When a plugin can contribute a policy to Kgateway, Kgateway uses policy collection to perform **policy attachment** - this is the process of assigning policies to the object they impact (like HttpRoutes) based on their targetRefs.
+
+You can see in the Plugin interface a field called `ContributesPolicies` which is a map of GK -> `PolicyPlugin`.
+The policy plugin contains a bunch of fields, but for our discussion we'll focus on these two:
+
+```go
+type PolicyPlugin struct {
+ Policies krt.Collection[ir.PolicyWrapper]
+ NewGatewayTranslationPass func(ctx context.Context, tctx ir.GwTranslationCtx) ir.ProxyTranslationPass
+ // ... other fields
+}
+```
+Policies is a the collection of policies that the plugin contributes. The plugin is responsible to create
+this collection, usually by starting with a CRD collection, and then translating to a `ir.PolicyWrapper` struct.
+
+Lets look at the important fields in the PolicyWrapper:
+
+```go
+type PolicyWrapper struct {
+ // The Group, Kind Name, Namespace to the original policy object
+ ObjectSource `json:",inline"`
+ // The IR of the policy objects. Ideally with structural errors either removed so it can be applied to envoy, or retained and returned in the translation pass (this depends on the defined fallback behavior).
+ // Opaque to us other than metadata.
+ PolicyIR PolicyIR
+ // Where to attach the policy. This usually comes from the policy CRD.
+ TargetRefs []PolicyTargetRef
+}
+```
+
+The system will make use of the targetRefs to attach the policy IR to Listners and HttpRoutes. You will then
+get access to the IR during translation (more on that later).
+
+When translating a Policy to a PolicyIR, you'll want to take the translation **as close as you can** to envoy's config structures. For example, if your policy will result in an envoy
+PerFilterConfig on a route, the PolicyIR should contain the proto.Any that will be applied there. Doing most of the policy translation at this phase as advantages:
+- Policy will only re-translate when the policy CRD changes
+- We can expose errors in translation on the policy CRD status as soon as the policy is written (no need to depend on later translation phases).
+
+The second field, `NewGatewayTranslationPass` allocates a new translation state for the
+gateway/route translation. This function will be invoked during the Translation to xDS phase, so will expand on it later.
+
+## HttpRotues and Gateways
+
+HttpRoutes and Gateways are handled by Kgateway. Kgateway builds an IR for HttpRoutes and Gateways, that looks very similar to
+the original object, but in additional has an `AttachedPolicies` struct that contains all the policies that are attached to the object.
+
+Kgateway uses the `TargetRefs` field in the PolicyWrapper (and extensionRefs in the Route objects) to opaquely attach the policy to the HttpRoute or Gateway.
+
+## Translation to xDS
+
+When we reach this phase, we already have the Policy -> IR translation done; and we have all the HttpRoutes and Gateways in IR form with the policies attached to them.
+
+The translation to xDS has 2 phases.
+- The first phase, aggregating all the httproutes for a single gateway into a single gateway IR object with all the policies and routes inside it. This resolves delegation, and merges http routes based on the Gateway Api spec. The phases uses KRT to track the dependencies of the routes and gateways (like for example, ssl certs). recall that by the time we get here, policy attachment was already performed (i.e. policies will already be in the AttachedPolicies struct).
+- The second phase, translates the gateway IR to envoy configuration. It does not use KRT, as all the dependencies are resolved in the first phase, and everything needed for translation is in the gateway IR. At this phase the **policy plugins** are invoked.
+
+Having these 2 phases has these advantages:
+- The second phase is simple and fast, as all the dependencies are resolved in the previous phases.
+- We can create alternative translators for the gateway IR, for example, to translate a waypoint.
+
+
+In the begining of the transaltion of the gateway IR to xDS, we take all the contributed policies and allocate a `NewGatewayTranslationPass` for each of them. This will hold the state for the duration of the translation.
+
+This allows us for example translate a route, and in response to that hold state that tells us to add an http filter.
+
+When it translates GW-api route rules to envoy routes, it reads the `AttachedPolicies` and calls the appropriate function in the `ProxyTranslationPass` and passes in
+the attached policy IR. This let's the policy plugin code the modify the route or listener as needed, based on the policy IR (add filters, add filter route config, etc..).
+Then policy plugins are invoked with the attached policy IR, and can modify the envoy protbufs as needed
+
+# Diagram of the translation lifecycle
+
+
\ No newline at end of file
diff --git a/devel/architecture/kgateway/translation.svg b/devel/architecture/kgateway/translation.svg
new file mode 100644
index 00000000000..a2ba2783b58
--- /dev/null
+++ b/devel/architecture/kgateway/translation.svg
@@ -0,0 +1,2 @@
+
\ No newline at end of file
diff --git a/examples/plugin/main.go b/examples/plugin/main.go
new file mode 100644
index 00000000000..69811ec10b9
--- /dev/null
+++ b/examples/plugin/main.go
@@ -0,0 +1,246 @@
+package main
+
+import (
+ "context"
+ "time"
+
+ mutation_v3 "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3"
+ envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+ envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+ header_mutationv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_mutation/v3"
+ "google.golang.org/protobuf/proto"
+ "google.golang.org/protobuf/types/known/structpb"
+ "istio.io/istio/pkg/kube/kclient"
+ "istio.io/istio/pkg/kube/krt"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ gwv1 "sigs.k8s.io/gateway-api/apis/v1"
+
+ "github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/common"
+ extensionsplug "github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/plugin"
+ "github.com/kgateway-dev/kgateway/v2/internal/kgateway/ir"
+ "github.com/kgateway-dev/kgateway/v2/internal/kgateway/plugins"
+ "github.com/kgateway-dev/kgateway/v2/internal/kgateway/setup"
+)
+
+/******
+
+An example plugin, that uses a ConfigMap as a policy. We use a targetRef annotation to attach the
+policy to an HTTPRouter. We will then add the key value pairs in the ConfigMap to the metadata of
+the envoy route route.
+
+Exmaple ConfigMap:
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: my-configmap
+ annotations:
+ targetRef: my-http-route
+data:
+ key1: value1
+ key2: value2
+
+
+To test, use this example HTTPRoute that adds the metadata to a header:
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: my-http-route
+spec:
+ parentRefs:
+ - name: gw
+ rules:
+ - backendRefs:
+ - name: example-svc
+ port: 8080
+ filters:
+ - type: ResponseHeaderModifier
+ responseHeaderModifier:
+ add:
+ - name: my-header-name
+ value: %METADATA(ROUTE:example.plugin:key1)%
+
+*****/
+
+var (
+ configMapGK = schema.GroupKind{
+ Group: "",
+ Kind: "ConfigMap",
+ }
+)
+
+// Our policy IR.
+type configMapIr struct {
+ creationTime time.Time
+ metadata *structpb.Struct
+}
+
+var _ ir.PolicyIR = &configMapIr{}
+
+// in case multiple policies attached to the same resource, we sort by policy creation time.
+func (d *configMapIr) CreationTime() time.Time {
+ return d.creationTime
+}
+
+// Equals is needed because this is in KRT collection.
+func (d *configMapIr) Equals(in any) bool {
+ d2, ok := in.(*configMapIr)
+ if !ok {
+ return false
+ }
+ return d.creationTime == d2.creationTime && proto.Equal(d.metadata, d2.metadata)
+}
+
+// convert a configmap to our IR.
+func configMapToIr(cm *corev1.ConfigMap) *configMapIr {
+ // When converting to IR, we want to take the translation as close to envoy xDS as we can.
+ // That's why our IR intentionaly uses structpb.Struct and not map[string]string.
+
+ mdStruct := &structpb.Struct{
+ Fields: map[string]*structpb.Value{},
+ }
+ for k, v := range cm.Data {
+ mdStruct.Fields[k] = structpb.NewStringValue(v)
+ }
+
+ return &configMapIr{
+ creationTime: cm.CreationTimestamp.Time,
+ metadata: mdStruct,
+ }
+}
+
+// Configmaps don't have a target ref, so we extract it from the annotations.
+func extractTargetRefs(cm *corev1.ConfigMap) []ir.PolicyTargetRef {
+ return []ir.PolicyTargetRef{{
+ Group: gwv1.GroupName,
+ Kind: "HTTPRoute",
+ Name: cm.Annotations["targetRef"],
+ }}
+
+}
+
+// Create a collection of our policies. This will be done by converting a configmap collection
+// to our policy IR.
+func ourPolicies(commoncol *common.CommonCollections) krt.Collection[ir.PolicyWrapper] {
+ // We create 2 collections here - one for the source config maps, and one for the policy IR.
+ // Whenever creating a new krtCollection use commoncol.KrtOpts.ToOptions("") to provide the
+ // collection with common options and a name. It's important so that the collection appears in
+ // the krt debug page.
+
+ // get a configmap client going
+ configMapCol := krt.WrapClient(kclient.New[*corev1.ConfigMap](commoncol.Client), commoncol.KrtOpts.ToOptions("ConfigMaps")...)
+
+ // convertIt to policy IR
+ return krt.NewCollection(configMapCol, func(krtctx krt.HandlerContext, i *corev1.ConfigMap) *ir.PolicyWrapper {
+ if i.Annotations["targetRef"] == "" {
+ return nil
+ }
+
+ var pol = &ir.PolicyWrapper{
+ ObjectSource: ir.ObjectSource{
+ Group: configMapGK.Group,
+ Kind: configMapGK.Kind,
+ Namespace: i.Namespace,
+ Name: i.Name,
+ },
+ Policy: i,
+ PolicyIR: configMapToIr(i),
+ TargetRefs: extractTargetRefs(i),
+ }
+ return pol
+ }, commoncol.KrtOpts.ToOptions("MetadataPolicies")...)
+
+}
+
+// Our translation pass struct. This holds translation specific state.
+// In our case, we check if our policy was applied to a route and if so, we add a filter.
+type ourPolicyPass struct {
+ // Add the unimplemented pass so we don't have to implement all the methods.
+ ir.UnimplementedProxyTranslationPass
+
+ // We keep track of which filter chains need our filter.
+ filterNeeded map[string]bool
+}
+
+// ApplyForRoute is called when a an HTTPRouteRule is being translated to an envoy route.
+func (s *ourPolicyPass) ApplyForRoute(ctx context.Context, pCtx *ir.RouteContext, out *envoy_config_route_v3.Route) error {
+ // get our policy IR. Kgateway used the targetRef to attach the policy to the HTTPRoute. and now as it
+ // translates the HTTPRoute to xDS, it calls our plugin and passes the policy for the plugin's translation pass to do the
+ // policy to xDS translation.
+ cmIr, ok := pCtx.Policy.(*configMapIr)
+ if !ok {
+ // should never happen
+ return nil
+ }
+ // apply the metadata from our IR to envoy's route object
+ if out.Metadata == nil {
+ out.Metadata = &envoy_core_v3.Metadata{}
+ }
+ out.Metadata.FilterMetadata["example.plugin"] = cmIr.metadata
+
+ // mark that we need a filter for this filter chain.
+ if s.filterNeeded == nil {
+ s.filterNeeded = map[string]bool{}
+ }
+ s.filterNeeded[pCtx.FilterChainName] = true
+
+ return nil
+}
+
+func (s *ourPolicyPass) HttpFilters(ctx context.Context, fc ir.FilterChainCommon) ([]plugins.StagedHttpFilter, error) {
+ if !s.filterNeeded[fc.FilterChainName] {
+ return nil, nil
+ }
+ // Add an http filter to the chain that adds a header indicating metadata was added.
+ return []plugins.StagedHttpFilter{
+ plugins.MustNewStagedFilter("example_plugin",
+ &header_mutationv3.HeaderMutation{
+ Mutations: &header_mutationv3.Mutations{
+ ResponseMutations: []*mutation_v3.HeaderMutation{
+ {
+ Action: &mutation_v3.HeaderMutation_Append{
+ Append: &envoy_core_v3.HeaderValueOption{
+ Header: &envoy_core_v3.HeaderValue{
+ Key: "x-metadata-added",
+ Value: "true",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ plugins.BeforeStage(plugins.AcceptedStage))}, nil
+
+}
+
+// A function that initializes our plugins.
+func pluginFactory(ctx context.Context, commoncol *common.CommonCollections) []extensionsplug.Plugin {
+ return []extensionsplug.Plugin{
+ {
+ ContributesPolicies: extensionsplug.ContributesPolicies{
+ configMapGK: extensionsplug.PolicyPlugin{
+ Name: "metadataPolicy",
+ NewGatewayTranslationPass: func(ctx context.Context, tctx ir.GwTranslationCtx) ir.ProxyTranslationPass {
+ // Return a fresh new translation pass
+ return &ourPolicyPass{}
+ },
+ // Provide a collection of our policies in IR form.
+ Policies: ourPolicies(commoncol),
+ },
+ },
+ },
+ }
+}
+
+func main() {
+
+ // TODO: move setup.StartGGv2 from internal to public.
+ // Start Kgateway and provide our plugin.
+ // This demonstrates how to start Kgateway with a custom plugin.
+ // This binary is the control plane. normally it would be packaged in a docker image and run
+ // in a k8s cluster.
+ setup.StartGGv2(context.Background(), pluginFactory, nil)
+}
diff --git a/internal/kgateway/controller/start.go b/internal/kgateway/controller/start.go
index 424ffa8004c..7f178ef083a 100644
--- a/internal/kgateway/controller/start.go
+++ b/internal/kgateway/controller/start.go
@@ -65,7 +65,7 @@ type StartConfig struct {
RestConfig *rest.Config
// ExtensionsFactory is the factory function which will return an extensions.K8sGatewayExtensions
// This is responsible for producing the extension points that this controller requires
- ExtraPlugins []extensionsplug.Plugin
+ ExtraPlugins func(ctx context.Context, commoncol *common.CommonCollections) []extensionsplug.Plugin
Client istiokube.Client
@@ -174,11 +174,13 @@ func NewControllerBuilder(ctx context.Context, cfg StartConfig) (*ControllerBuil
}, nil
}
-func pluginFactoryWithBuiltin(extraPlugins []extensionsplug.Plugin) extensions2.K8sGatewayExtensionsFactory {
+func pluginFactoryWithBuiltin(extraPlugins func(ctx context.Context, commoncol *common.CommonCollections) []extensionsplug.Plugin) extensions2.K8sGatewayExtensionsFactory {
return func(ctx context.Context, commoncol *common.CommonCollections) extensionsplug.Plugin {
plugins := registry.Plugins(ctx, commoncol)
plugins = append(plugins, krtcollections.NewBuiltinPlugin(ctx))
- plugins = append(plugins, extraPlugins...)
+ if extraPlugins != nil {
+ plugins = append(plugins, extraPlugins(ctx, commoncol)...)
+ }
return registry.MergePlugins(plugins...)
}
}
diff --git a/internal/kgateway/extensions2/plugin/plugin.go b/internal/kgateway/extensions2/plugin/plugin.go
index 05ecfd53a05..7a4de36500d 100644
--- a/internal/kgateway/extensions2/plugin/plugin.go
+++ b/internal/kgateway/extensions2/plugin/plugin.go
@@ -83,7 +83,7 @@ type GwTranslatorFactory func(gw *gwv1.Gateway) KGwTranslator
type ContributesPolicies map[schema.GroupKind]PolicyPlugin
type Plugin struct {
- ContributesPolicies
+ ContributesPolicies ContributesPolicies
ContributesBackends map[schema.GroupKind]BackendPlugin
ContributesGwTranslator GwTranslatorFactory
// extra has sync beyong primary resources in the collections above
diff --git a/internal/kgateway/ir/iface.go b/internal/kgateway/ir/iface.go
index 7325211eef9..80ce70a42c6 100644
--- a/internal/kgateway/ir/iface.go
+++ b/internal/kgateway/ir/iface.go
@@ -49,14 +49,18 @@ func (r *RouteBackendContext) GetTypedConfig(key string) proto.Message {
}
type RouteContext struct {
- Policy PolicyIR
- In HttpRouteRuleMatchIR
+ FilterChainName string
+ Policy PolicyIR
+ In HttpRouteRuleMatchIR
}
type HcmContext struct {
Policy PolicyIR
}
+// ProxyTranslationPass represents a single translation pass for a gateway. It can hold state
+// for the duration of the translation.
+// Each of the functions here will be called in the order they appear in the interface.
type ProxyTranslationPass interface {
// Name() string
// called 1 time for each listener
@@ -65,12 +69,13 @@ type ProxyTranslationPass interface {
pCtx *ListenerContext,
out *envoy_config_listener_v3.Listener,
)
- // called 1 time per filter chain after listeners
+ // called 1 time per filter chain after listeners and allows tweaking HCM settings.
ApplyHCM(ctx context.Context,
pCtx *HcmContext,
out *envoy_hcm.HttpConnectionManager) error
- // called 1 time for all the routes in a filter chain.
+ // called 1 time for all the routes in a filter chain. Use this to set default PerFilterConfig
+ // No policy is provided here.
ApplyRouteConfigPlugin(
ctx context.Context,
pCtx *RouteConfigContext,
@@ -81,18 +86,16 @@ type ProxyTranslationPass interface {
pCtx *VirtualHostContext,
out *envoy_config_route_v3.VirtualHost,
)
- // called 0 or more times
+ // called 0 or more times (one for each route)
+ // Applies policy for an HTTPRoute that has a policy attached via a targetRef.
+ // The output configures the envoy_config_route_v3.Route
ApplyForRoute(
ctx context.Context,
pCtx *RouteContext,
out *envoy_config_route_v3.Route) error
- // runs for policy applied
- ApplyForRouteBackend(
- ctx context.Context,
- policy PolicyIR,
- pCtx *RouteBackendContext,
- ) error
- // no policy applied
+
+ // no policy applied - this is called for every backend in a route.
+ // For this to work the backend needs to register itself as a policy. TODO: rethink this.
ApplyForBackend(
ctx context.Context,
pCtx *RouteBackendContext,
@@ -100,13 +103,20 @@ type ProxyTranslationPass interface {
out *envoy_config_route_v3.Route,
) error
- // called 1 time per listener
- // if a plugin emits new filters, they must be with a plugin unique name.
- // any filter returned from route config must be disabled, so it doesnt impact other routes.
+ // Applies a policy attached to a specific Backend (via extensionRef on the BackendRef).
+ ApplyForRouteBackend(
+ ctx context.Context,
+ policy PolicyIR,
+ pCtx *RouteBackendContext,
+ ) error
+
+ // called 1 time per filter-chain.
+ // If a plugin emits new filters, they must be with a plugin unique name.
+ // filters added to impact specific routes should be disabled on the listener level, so they don't impact other routes.
HttpFilters(ctx context.Context, fc FilterChainCommon) ([]plugins.StagedHttpFilter, error)
NetworkFilters(ctx context.Context) ([]plugins.StagedNetworkFilter, error)
- // called 1 time (per envoy proxy). replaces GeneratedResources
+ // called 1 time (per envoy proxy). replaces GeneratedResources and allows adding clusters to the envoy.
ResourcesToAdd(ctx context.Context) Resources
}
@@ -157,18 +167,21 @@ type PolicyIR interface {
}
type PolicyWrapper struct {
+ // A reference to the original policy object
ObjectSource `json:",inline"`
- Policy metav1.Object
+ // The policy object itself. TODO: we can probably remove this
+ Policy metav1.Object
// Errors processing it for status.
// note: these errors are based on policy itself, regardless of whether it's attached to a resource.
// TODO: change for conditions
Errors []error
- // original object. ideally with structural errors removed.
+ // The IR of the policy objects. ideally with structural errors removed.
// Opaque to us other than metadata.
PolicyIR PolicyIR
+ // Where to attach the policy. This usually comes from the policy CRD.
TargetRefs []PolicyTargetRef
}
@@ -199,6 +212,8 @@ var (
)
type PolicyRun interface {
+ // Allocate state for single listener+rotue translation pass.
NewGatewayTranslationPass(ctx context.Context, tctx GwTranslationCtx) ProxyTranslationPass
+ // Process cluster for a backend
ProcessBackend(ctx context.Context, in BackendObjectIR, out *envoy_config_cluster_v3.Cluster) error
}
diff --git a/internal/kgateway/setup/ggv2setup.go b/internal/kgateway/setup/ggv2setup.go
index a205cf93ea1..f1432565475 100644
--- a/internal/kgateway/setup/ggv2setup.go
+++ b/internal/kgateway/setup/ggv2setup.go
@@ -21,6 +21,7 @@ import (
"github.com/kgateway-dev/kgateway/v2/internal/kgateway/admin"
"github.com/kgateway-dev/kgateway/v2/internal/kgateway/controller"
+ "github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/common"
extensionsplug "github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/plugin"
"github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/settings"
"github.com/kgateway-dev/kgateway/v2/internal/kgateway/krtcollections"
@@ -54,7 +55,7 @@ func createKubeClient(restConfig *rest.Config) (istiokube.Client, error) {
func StartGGv2(
ctx context.Context,
- extraPlugins []extensionsplug.Plugin,
+ extraPlugins func(ctx context.Context, commoncol *common.CommonCollections) []extensionsplug.Plugin,
extraGwClasses []string, // TODO: we can remove this and replace with something that watches all GW classes with our controller name
) error {
logger := contextutils.LoggerFrom(ctx)
@@ -99,7 +100,7 @@ func StartGGv2WithConfig(
setupOpts *controller.SetupOpts,
restConfig *rest.Config,
uccBuilder krtcollections.UniquelyConnectedClientsBulider,
- extraPlugins []extensionsplug.Plugin,
+ extraPlugins func(ctx context.Context, commoncol *common.CommonCollections) []extensionsplug.Plugin,
extraGwClasses []string, // TODO: we can remove this and replace with something that watches all GW classes with our controller name
) error {
ctx = contextutils.WithLogger(ctx, "k8s")
diff --git a/internal/kgateway/translator/irtranslator/route.go b/internal/kgateway/translator/irtranslator/route.go
index f181166db11..1fac102f102 100644
--- a/internal/kgateway/translator/irtranslator/route.go
+++ b/internal/kgateway/translator/irtranslator/route.go
@@ -201,8 +201,9 @@ func (h *httpRouteConfigurationTranslator) runRoutePlugins(ctx context.Context,
}
for _, pol := range pols {
pctx := &ir.RouteContext{
- Policy: pol.PolicyIr,
- In: in,
+ FilterChainName: h.fc.FilterChainName,
+ Policy: pol.PolicyIr,
+ In: in,
}
err := pass.ApplyForRoute(ctx, pctx, out)
if err != nil {