Tls Passthrough support (#643)

* TLS_PASSTHROUGH Support

Author: zijun726911

.gitignore

@@ -17,5 +17,7 @@ go.work*
 # gomock generated prog.go
 pkg/aws/services/gomock_reflect_*
 
+pkg/**/prog.*
+
 # Image build tarballed bundles
 *.tgz

Makefile

@@ -66,7 +66,7 @@ vet: ## Vet the code and dependencies
 		if [ "${CI}" = true ]; then\
 			exit 1;\
 		fi;}
-	cd test && go vet ./...
+	cd test && go mod tidy && go vet ./...
 
 
 .PHONY: lint
@@ -131,8 +131,8 @@ e2e-test: ## Run e2e tests against cluster pointed to by ~/.kube/config
 .PHONY: e2e-clean
 e2e-clean: ## Delete eks resources created in the e2e test namespace
 	@echo -n "Cleaning up e2e tests... "
-	@kubectl delete namespace $(e2e-test-namespace) > /dev/null 2>&1
-	@kubectl create namespace $(e2e-test-namespace) > /dev/null 2>&1
+	-@kubectl delete namespace $(e2e-test-namespace)
+	@kubectl create namespace $(e2e-test-namespace)
 	@echo "Done!"
 
 .PHONY: api-reference

config/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml

@@ -82,7 +82,7 @@ spec:
                     type: string
                   protocolVersion:
                     description: The protocol version used when performing health
-                      checks on targets. Defaults to HTTP/1.
+                      checks on targets.
                     enum:
                     - HTTP1
                     - HTTP2
@@ -108,15 +108,16 @@ spec:
                 type: object
               protocol:
                 description: "The protocol to use for routing traffic to the targets.
-                  Supported values are HTTP (default) and HTTPS. \n Changes to this
-                  value results in a replacement of VPC Lattice target group."
+                  Supported values are HTTP (default), HTTPS and TCP. \n Changes to
+                  this value results in a replacement of VPC Lattice target group."
                 type: string
               protocolVersion:
                 description: "The protocol version to use. Supported values are HTTP1
-                  (default) and HTTP2. When a policy is behind GRPCRoute, this field
-                  value will be ignored as GRPC is only supported through HTTP/2.
-                  \n Changes to this value results in a replacement of VPC Lattice
-                  target group."
+                  (default) and HTTP2. When a policy Protocol is TCP, you should not
+                  set this field. Otherwise, the whole TargetGroupPolicy will not
+                  take effect. When a policy is behind GRPCRoute, this field value
+                  will be ignored as GRPC is only supported through HTTP/2. \n Changes
+                  to this value results in a replacement of VPC Lattice target group."
                 type: string
               targetRef:
                 description: "TargetRef points to the kubernetes Service resource

config/crds/bases/gateway.networking.k8s.io_tlsroutes.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - bases/k8s-gateway-v0.6.1.yaml
+  - bases/gateway.networking.k8s.io_tlsroutes.yaml
   - bases/externaldns.k8s.io_dnsendpoints.yaml
   - bases/application-networking.k8s.aws_serviceexports.yaml
   - bases/application-networking.k8s.aws_serviceimports.yaml

config/crds/kustomization.yaml

@@ -232,6 +232,32 @@ rules:
     - get
     - patch
     - update
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes/status
+  verbs:
+    - get
+    - patch
+    - update
 - apiGroups:
   - application-networking.k8s.aws
   resources:

config/rbac/cluster-role-controller.yaml

@@ -3,7 +3,7 @@ module github.com/aws/aws-application-networking-k8s
 go 1.20
 
 require (
-	github.com/aws/aws-sdk-go v1.50.3
+	github.com/aws/aws-sdk-go v1.53.7
 	github.com/go-logr/zapr v1.2.4
 	github.com/golang/mock v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7

go.mod

@@ -1,5 +1,5 @@
-github.com/aws/aws-sdk-go v1.50.3 h1:NnXC/ukOakZbBwQcwAzkAXYEB4SbWboP9TFx9vvhIrE=
-github.com/aws/aws-sdk-go v1.50.3/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.53.7 h1:ZSsRYHLRxsbO2rJR2oPMz0SUkJLnBkN+1meT95B6Ixs=
+github.com/aws/aws-sdk-go v1.53.7/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=

go.sum

@@ -82,7 +82,7 @@ spec:
                     type: string
                   protocolVersion:
                     description: The protocol version used when performing health
-                      checks on targets. Defaults to HTTP/1.
+                      checks on targets.
                     enum:
                     - HTTP1
                     - HTTP2
@@ -108,15 +108,16 @@ spec:
                 type: object
               protocol:
                 description: "The protocol to use for routing traffic to the targets.
-                  Supported values are HTTP (default) and HTTPS. \n Changes to this
-                  value results in a replacement of VPC Lattice target group."
+                  Supported values are HTTP (default), HTTPS and TCP. \n Changes to
+                  this value results in a replacement of VPC Lattice target group."
                 type: string
               protocolVersion:
                 description: "The protocol version to use. Supported values are HTTP1
-                  (default) and HTTP2. When a policy is behind GRPCRoute, this field
-                  value will be ignored as GRPC is only supported through HTTP/2.
-                  \n Changes to this value results in a replacement of VPC Lattice
-                  target group."
+                  (default) and HTTP2. When a policy Protocol is TCP, you should not
+                  set this field. Otherwise, the whole TargetGroupPolicy will not
+                  take effect. When a policy is behind GRPCRoute, this field value
+                  will be ignored as GRPC is only supported through HTTP/2. \n Changes
+                  to this value results in a replacement of VPC Lattice target group."
                 type: string
               targetRef:
                 description: "TargetRef points to the kubernetes Service resource

helm/crds/application-networking.k8s.aws_targetgrouppolicies.yaml

@@ -229,6 +229,32 @@ rules:
     - get
     - patch
     - update
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - gateway.networking.k8s.io
+  resources:
+    - tlsroutes/status
+  verbs:
+    - get
+    - patch
+    - update
 - apiGroups:
     - gateway.networking.k8s.io
   resources: