feat(policy): Adding BTP support for UDP/TCPRoute

[alexwo]

What this PR does / why we need it:
Enables the application of BTP rules on gateway and TCP/UDP routes.
Modifications have been incorporated into the IR mapper and XDS translator.

Adds below BTP rules for tcp and tls routes:

• LoadBalancer
• Timeout
• TCPKeepalive
• CircuitBreaker
• HealthCheck
• ProxyProtcol

Adds below BTP rules for UDP routes:

• LoadBalancer
• Timeout

Which issue(s) this PR fixes:
#2880

[codecov]

Codecov Report

Attention: Patch coverage is 62.60870% with 43 lines in your changes are missing coverage. Please review.

Project coverage is 64.52%. Comparing base (d020ce7) to head (e047aee).

Files	Patch %	Lines
internal/ir/zz_generated.deepcopy.go	0.00%	28 Missing and 7 partials ⚠️
internal/gatewayapi/backendtrafficpolicy.go	84.61%	4 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3004      +/-   ##
==========================================
- Coverage   64.55%   64.52%   -0.04%     
==========================================
  Files         121      121              
  Lines       21235    21344     +109     
==========================================
+ Hits        13709    13772      +63     
- Misses       6672     6706      +34     
- Partials      854      866      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[alexwo]

/retest

[zhaohuabing]

Should we enforce BTP setting validation on TCP/UDP route and update the status?

For example, HTTP-related settings such as FaultInjection, Retries, etc., can't be set when the targeting xRoute is TCP/UDP route or the targeting gateway doesn't contain HTTPRoute.

[JuniorJPDJ]

Can I also please ask to add TLSRoute support too?

[alexwo]

Can I also please ask to add TLSRoute support too?
@JuniorJPDJ
This is already included in the current pull request. Once merged, It will be possible to apply BTP either to specific TLS routes or to the entire gateway.

[alexwo]

Should we enforce BTP setting validation on TCP/UDP route and update the status?

For example, HTTP-related settings such as FaultInjection, Retries, etc., can't be set when the targeting xRoute is TCP/UDP route or the targeting gateway doesn't contain HTTPRoute.

Sounds good to me. Alternatively, we could update the status of each route to indicate which policies from the BTP are in effect, providing clarity to the user on how their route is affected.

Since this functionality isn't available currently, it might be best to introduce it through a separate change.
WDYT?

[zhaohuabing]

Should we enforce BTP setting validation on TCP/UDP route and update the status?
For example, HTTP-related settings such as FaultInjection, Retries, etc., can't be set when the targeting xRoute is TCP/UDP route or the targeting gateway doesn't contain HTTPRoute.

Sounds good to me. Alternatively, we could update the status of each route to indicate which policies from the BTP are in effect, providing clarity to the user on how their route is affected.

Since this functionality isn't available currently, it might be best to introduce it through a separate change. WDYT?

Sounds good. Could you please raise an issue to track this?

[arkodg]

hey @zhaohuabing we can't enforce validation here, because if the policy is applied to the Gateway, they could apply to HTTPRoutes as well as TCPRoutes

[arkodg]

the test is for listener side keep alive, how did this config come here (cluster) ?

[alexwo]

The TCP keep-alive setting is specified in the IR, resulting in a keep-alive configuration for the TCP listener cluster. Typically, such settings are adjusted through a traffic policy, i'm not certain if this make sense in this context.

- name: "fourth-listener"
  address: "0.0.0.0"
  tcpKeepalive:
    probes: 10
  port: 10083
  destination:
    name: "tcp-route-dest"
    settings:
    - endpoints:
      - host: "1.2.3.4"
        port: 50000

[arkodg]

can you raise a follow up issue for this ?

[arkodg]

thanks for catching this

[arkodg]

you probably also need some code similar to L500-510

			// If any of the features are already set, it means that a more specific
			// policy(targeting xRoute) has already set it, so we skip it.
			// TODO: zhaohuabing group the features into a struct and check if all of them are set
			if r.RateLimit != nil || r.LoadBalancer != nil ||
				r.ProxyProtocol != nil || r.HealthCheck != nil ||
				r.CircuitBreaker != nil || r.FaultInjection != nil ||
				r.TCPKeepalive != nil || r.Retry != nil ||
				r.Timeout != nil {
				continue
			}

[alexwo]

fixed

[arkodg]

same as above comment

[alexwo]

fixed

[arkodg]

thanks for adding support for this @alexwo !

[zhaohuabing]

hey @zhaohuabing we can't enforce validation here, because if the policy is applied to the Gateway, they could apply to HTTPRoutes as well as TCPRoutes

Should we enforce validation when the target is a xRoute? It would be confusing if HTTP-related setting is configured for TCP/UDP route.

And it would be nice if we could allow users to know which settings in the BTP can be applied to which type of route. Probably add some comments to BTP settings?

[alexwo]

/retest

[alexwo]

/retest

[alexwo]

/retest

[alexwo]

/retest

[alexwo]

/retest

[alexwo]

/retest

[guydc]

LGTM, thanks for fixing the coverage check!

[alexwo]

/retest

[alexwo]

/retest

[guydc]

/retest

[JuniorJPDJ]

I just migrated to the latest commit and it works with TLSRoute! Thanks!