feat(konnect): add index for KongSNI on referenced certificate name

Kong · Sep 30, 2024 · aef6e66 · aef6e66
1 parent ebb335e
commit aef6e66
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 12 deletions.
diff --git a/controller/konnect/index.go b/controller/konnect/index.go
@@ -33,6 +33,8 @@ func ReconciliationIndexOptionsForEntity[
 		return IndexOptionsForCredentialsBasicAuth()
 	case *configurationv1.KongConsumer:
 		return IndexOptionsForKongConsumer()
+	case *configurationv1alpha1.KongSNI:
+		return IndexOptionsForKongSNI()
 	}
 	return nil
 }
diff --git a/controller/konnect/index_sni.go b/controller/konnect/index_sni.go
@@ -0,0 +1,31 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldKongSNIOnCertificateRefNmae is the index field for KongSNI -> Certificate.
+	IndexFieldKongSNIOnCertificateRefNmae = "kongSNICertificateRefName"
+)
+
+// IndexOptionsForKongSNI returns required Index options for KongSNI reconciler.
+func IndexOptionsForKongSNI() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongSNI{},
+			IndexField:   IndexFieldKongSNIOnCertificateRefNmae,
+			ExtractValue: kongSNIReferencesCertificate,
+		},
+	}
+}
+
+func kongSNIReferencesCertificate(object client.Object) []string {
+	sni, ok := object.(*configurationv1alpha1.KongSNI)
+	if !ok {
+		return nil
+	}
+	return []string{sni.Spec.CertificateRef.Name}
+}
diff --git a/controller/konnect/watch_kongsni.go b/controller/konnect/watch_kongsni.go
@@ -38,7 +38,8 @@ func KongSNIReconciliationWatchOptions(cl client.Client,
 }
 
 func kongSNIRefersToKonnectGatewayControlPlane(
-	cl client.Client) func(client.Object) bool {
+	cl client.Client,
+) func(client.Object) bool {
 	return func(obj client.Object) bool {
 		sni, ok := obj.(*configurationv1alpha1.KongSNI)
 		if !ok {
@@ -59,7 +60,8 @@ func kongSNIRefersToKonnectGatewayControlPlane(
 }
 
 func enqueueKongSNIForKongCertificate(
-	cl client.Client) func(context.Context, client.Object) []reconcile.Request {
+	cl client.Client,
+) func(context.Context, client.Object) []reconcile.Request {
 	return func(ctx context.Context, obj client.Object) []reconcile.Request {
 		cert, ok := obj.(*configurationv1alpha1.KongCertificate)
 		if !ok {
@@ -72,20 +74,22 @@ func enqueueKongSNIForKongCertificate(
 		}
 
 		sniList := configurationv1alpha1.KongSNIList{}
-		if err := cl.List(ctx, &sniList, client.InNamespace(cert.Namespace)); err != nil {
+		if err := cl.List(ctx, &sniList, client.InNamespace(cert.Namespace),
+			client.MatchingFields{
+				IndexFieldKongPluginBindingKongServiceReference: cert.Name,
+			},
+		); err != nil {
 			return nil
 		}
 
-		var ret []reconcile.Request
+		ret := make([]reconcile.Request, 0, len(sniList.Items))
 		for _, sni := range sniList.Items {
-			if sni.Spec.CertificateRef.Name == cert.Name {
-				ret = append(ret, reconcile.Request{
-					NamespacedName: types.NamespacedName{
-						Namespace: sni.Namespace,
-						Name:      sni.Name,
-					},
-				})
-			}
+			ret = append(ret, reconcile.Request{
+				NamespacedName: types.NamespacedName{
+					Namespace: sni.Namespace,
+					Name:      sni.Name,
+				},
+			})
 		}
 		return ret
 	}

diff --git a/modules/manager/controller_setup.go b/modules/manager/controller_setup.go
@@ -569,6 +569,9 @@ func SetupCacheIndicesForKonnectTypes(ctx context.Context, mgr manager.Manager,
 	if err := setupCacheIndicesForKonnectType[configurationv1alpha1.KongRoute](ctx, mgr, developmentMode); err != nil {
 		return err
 	}
+	if err := setupCacheIndicesForKonnectType[configurationv1alpha1.KongSNI](ctx, mgr, developmentMode); err != nil {
+		return err
+	}
 	return nil
 }