Add Gateway listener labels and *Route parentRefs[].sectionSelector for dynamic composition

[iAnomaly]

What would you like to be added:
Field spec.listeners[].labels to Gateway type
Field parentRefs[].sectionSelector to *Route types (HTTP, GRCP, etc.)

Why this is needed:
Consider the following Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
...
spec:
  ...
  listeners:
    - name: http
      port: 80
      protocol: HTTP
      allowedRoutes:
        namespaces:
          from: All
    - name: https
      hostname: << inputs.cluster.domain | quote >>
      port: 443
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All
    - name: https-wildcard
      hostname: << printf "*.%s" inputs.cluster.domain | quote >>
      port: 443
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All
    - name: otel-grpc
      hostname: << inputs.cluster.domain | quote >>
      port: 4317
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All
    - name: otel-https
      hostname: << inputs.cluster.domain | quote >>
      port: 4318
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All
    - name: otel-grpc-wildcard
      hostname: << printf "*.%s" inputs.cluster.domain | quote >>
      port: 4317
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All
    - name: otel-https-wildcard
      hostname: << printf "*.%s" inputs.cluster.domain | quote >>
      port: 4318
      protocol: HTTPS
      tls:
        certificateRefs:
          - name: ingress-cert
        mode: Terminate
      allowedRoutes:
        namespaces:
          from: All

Then consider at some future date the Cluster Operator(s) add a new listener:

...
    - name: otel-http2
      hostname: << printf "*.%s" inputs.cluster.domain | quote >>
      port: 34317
      protocol: HTTP
      allowedRoutes:
        namespaces:
          from: All

First consider one must already reference 2x parentRefs for every listener that defines an exact and wildcard hostname pair via sectionName.

Now in spite of the Gateway API's admirable goal of separating Cluster Operator and Application Developer concerns, any HTTPRoute that desires its existing rules that match a new listener, an additional parentRef with appropriate sectionName: must be added everywhere. Of course there are out-of-band solutions to this problem such as mutating webhooks, etc.

However, if support is added for Gateway labels and Route sectionSelector Cluster Operators and Application Developers can form an implicit contract/interface using key/values such as protocol: https and/or appProtocol: otel such that any future listener that is added and conforms to the agreed upon contract would automatically be resolved by the parentRefs[].sectionSelector This addition would also reduce the need for 2x parentRefs[].sectionName for each exact and wildcard hostname listener.

Thoughts?

[robscott]

Thanks for writing this up! Have you looked into ListenerSet? It provides a way to group similar listeners together and is targeting GA in our next release of the API (February). That would allow Route owners to attach to all Listeners in a ListenerSet instead of selecting a subset of listeners in a top level Gateway object.