controller: finishes reconciliation result updates (envoyproxy#436)

**Commit Message**

This adds the status fields to BackendSecurityPolicy and
AIServiceBackend just like we already have for AIGatewayRoute since
envoyproxy#187.

The output will look like

```
$ k get aiservicebackends.aigateway.envoyproxy.io
NAME                                  STATUS
envoy-ai-gateway-basic-aws            Accepted
envoy-ai-gateway-basic-openai         Accepted
envoy-ai-gateway-basic-testupstream   Accepted

$ k get backendsecuritypolicies.aigateway.envoyproxy.io
NAME                                     STATUS
envoy-ai-gateway-basic-aws-credentials   Accepted
envoy-ai-gateway-basic-openai-apikey     Accepted

$ k get aigatewayroutes.aigateway.envoyproxy.io        
NAME                     STATUS
envoy-ai-gateway-basic   Accepted
```


**Related Issues/PRs (if applicable)**

Follow up on envoyproxy#187 and closes envoyproxy#130

---------

Signed-off-by: Takeshi Yoneda <[email protected]>

Author: mathetake

api/v1alpha1/api.go

@@ -13,9 +13,6 @@ import (
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-
 // AIGatewayRoute combines multiple AIServiceBackends and attaching them to Gateway(s) resources.
 //
 // This serves as a way to define a "unified" AI API for a Gateway which allows downstream
@@ -41,6 +38,10 @@ import (
 // detail subject to change. If you want to customize the default behavior of the Envoy AI Gateway, you can use these
 // resources as a reference and create your own resources. Alternatively, you can use EnvoyPatchPolicy API of the Envoy
 // Gateway to patch the generated resources. For example, you can insert a custom filter into the filter chain.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[-1:].type`
 type AIGatewayRoute struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -50,15 +51,9 @@ type AIGatewayRoute struct {
 	Status AIGatewayRouteStatus `json:"status,omitempty"`
 }
 
-// AIGatewayRouteStatus contains the conditions by the reconciliation result.
-type AIGatewayRouteStatus struct {
-	// Conditions is the list of conditions by the reconciliation result.
-	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-}
-
-// +kubebuilder:object:root=true
-
 // AIGatewayRouteList contains a list of AIGatewayRoute.
+//
+// +kubebuilder:object:root=true
 type AIGatewayRouteList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
@@ -296,8 +291,6 @@ type AIGatewayFilterConfigExternalProcessor struct {
 	// 	Not sure if it is worth it as we are migrating to dynamic modules.
 }
 
-// +kubebuilder:object:root=true
-
 // AIServiceBackend is a resource that represents a single backend for AIGatewayRoute.
 // A backend is a service that handles traffic with a concrete API specification.
 //
@@ -306,16 +299,22 @@ type AIGatewayFilterConfigExternalProcessor struct {
 // When a backend with an attached AIServiceBackend is used as a routing target in the AIGatewayRoute (more precisely, the
 // HTTPRouteSpec defined in the AIGatewayRoute), the ai-gateway will generate the necessary configuration to do
 // the backend specific logic in the final HTTPRoute.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[-1:].type`
 type AIServiceBackend struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// Spec defines the details of AIServiceBackend.
 	Spec AIServiceBackendSpec `json:"spec,omitempty"`
+	// Status defines the status details of the AIServiceBackend.
+	Status AIServiceBackendStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:object:root=true
-
 // AIServiceBackendList contains a list of AIServiceBackends.
+//
+// +kubebuilder:object:root=true
 type AIServiceBackendList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
@@ -403,14 +402,18 @@ const (
 	BackendSecurityPolicyTypeAzureCredentials BackendSecurityPolicyType = "AzureCredentials"
 )
 
-// +kubebuilder:object:root=true
-
 // BackendSecurityPolicy specifies configuration for authentication and authorization rules on the traffic
 // exiting the gateway to the backend.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[-1:].type`
 type BackendSecurityPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              BackendSecurityPolicySpec `json:"spec,omitempty"`
+	// Status defines the status details of the BackendSecurityPolicy.
+	Status BackendSecurityPolicyStatus `json:"status,omitempty"`
 }
 
 // BackendSecurityPolicySpec specifies authentication rules on access the provider from the Gateway.
@@ -440,9 +443,9 @@ type BackendSecurityPolicySpec struct {
 	AzureCredentials *BackendSecurityPolicyAzureCredentials `json:"azureCredentials,omitempty"`
 }
 
-// +kubebuilder:object:root=true
-
 // BackendSecurityPolicyList contains a list of BackendSecurityPolicy
+//
+// +kubebuilder:object:root=true
 type BackendSecurityPolicyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

api/v1alpha1/status.go

@@ -0,0 +1,44 @@
+// Copyright Envoy AI Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+const (
+	// ConditionTypeAccepted is a condition type for the reconciliation result
+	// where resources are accepted.
+	ConditionTypeAccepted = "Accepted"
+	// ConditionTypeNotAccepted is a condition type for the reconciliation result
+	// where resources are not accepted.
+	ConditionTypeNotAccepted = "NotAccepted"
+)
+
+// AIGatewayRouteStatus contains the conditions by the reconciliation result.
+type AIGatewayRouteStatus struct {
+	// Conditions is the list of conditions by the reconciliation result.
+	// Currently, at most one condition is set.
+	//
+	// Known .status.conditions.type are: "Accepted", "NotAccepted".
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// AIServiceBackendStatus contains the conditions by the reconciliation result.
+type AIServiceBackendStatus struct {
+	// Conditions is the list of conditions by the reconciliation result.
+	// Currently, at most one condition is set.
+	//
+	// Known .status.conditions.type are: "Accepted", "NotAccepted".
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// BackendSecurityPolicyStatus contains the conditions by the reconciliation result.
+type BackendSecurityPolicyStatus struct {
+	// Conditions is the list of conditions by the reconciliation result.
+	// Currently, at most one condition is set.
+	//
+	// Known .status.conditions.type are: "Accepted", "NotAccepted".
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -9,7 +9,6 @@ import (
 	"context"
 	"fmt"
 	"path"
-	"sort"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/go-logr/logr"
@@ -94,10 +93,10 @@ func (c *AIGatewayRouteController) Reconcile(ctx context.Context, req reconcile.
 
 	if err := c.syncAIGatewayRoute(ctx, &aiGatewayRoute); err != nil {
 		c.logger.Error(err, "failed to sync AIGatewayRoute")
-		c.updateAIGatewayRouteStatus(ctx, &aiGatewayRoute, false, err.Error())
+		c.updateAIGatewayRouteStatus(ctx, &aiGatewayRoute, aigv1a1.ConditionTypeNotAccepted, err.Error())
 		return ctrl.Result{}, err
 	}
-	c.updateAIGatewayRouteStatus(ctx, &aiGatewayRoute, true, "AI Gateway Route reconciled successfully")
+	c.updateAIGatewayRouteStatus(ctx, &aiGatewayRoute, aigv1a1.ConditionTypeAccepted, "AI Gateway Route reconciled successfully")
 	return reconcile.Result{}, nil
 }
 
@@ -670,43 +669,9 @@ func backendSecurityMountPath(backendSecurityPolicyKey string) string {
 	return fmt.Sprintf("%s/%s", mountedExtProcSecretPath, backendSecurityPolicyKey)
 }
 
-const (
-	aiGatewayRouteConditionTypeAccepted    = "Accepted"
-	aiGatewayRouteConditionTypeNotAccepted = "NotAccepted"
-)
-
 // updateAIGatewayRouteStatus updates the status of the AIGatewayRoute.
-func (c *AIGatewayRouteController) updateAIGatewayRouteStatus(ctx context.Context, route *aigv1a1.AIGatewayRoute, accepted bool, message string) {
-	route = route.DeepCopy()
-	condition := metav1.Condition{Message: message, LastTransitionTime: metav1.Now()}
-	if accepted {
-		condition.Type = aiGatewayRouteConditionTypeAccepted
-		condition.Reason = "ReconciliationSucceeded"
-		condition.Status = metav1.ConditionTrue
-	} else {
-		condition.Type = aiGatewayRouteConditionTypeNotAccepted
-		condition.Reason = "ReconciliationFailed"
-		condition.Status = metav1.ConditionFalse
-	}
-
-	// Search for the same Status condition and replace it, append if not found.
-	found := false
-	for i, cond := range route.Status.Conditions {
-		if cond.Type == condition.Type {
-			found = true
-			route.Status.Conditions[i] = condition
-			break
-		}
-	}
-
-	if !found {
-		route.Status.Conditions = append(route.Status.Conditions, condition)
-	}
-	// And sort the conditions by LastTransitionTime.
-	sort.Slice(route.Status.Conditions, func(i, j int) bool {
-		return route.Status.Conditions[i].LastTransitionTime.Before(&route.Status.Conditions[j].LastTransitionTime)
-	})
-
+func (c *AIGatewayRouteController) updateAIGatewayRouteStatus(ctx context.Context, route *aigv1a1.AIGatewayRoute, conditionType string, message string) {
+	route.Status.Conditions = newConditions(conditionType, message)
 	if err := c.client.Status().Update(ctx, route); err != nil {
 		c.logger.Error(err, "failed to update AIGatewayRoute status")
 	}