Add support for Cilium-based Gateway API

Author: TheAifam5

cilium.tf

@@ -29,6 +29,22 @@ locals {
       keys = base64encode(local.cilium_ipsec_key_config.format)
     }
   } : null
+
+  # Cilium integration with Gateway API
+  cilium_gateway_api_manifest = var.gateway_api_enabled ? {
+    apiVersion = "gateway.networking.k8s.io/v1"
+    kind       = "GatewayClass"
+    metadata = {
+      name      = "cilium"
+      namespace = "kube-system"
+    }
+    spec = {
+      gatewayClassName = "cilium"
+      infrastructure = {
+        annotations = local.ingress_load_balancer_annotations
+      }
+    }
+  } : null
 }
 
 # Generate random key when IPSec is enabled
@@ -94,6 +110,11 @@ data "helm_template" "cilium" {
       loadBalancer = {
         acceleration = "native"
       }
+      gatewayAPI = {
+        enabled = var.gateway_api_enabled
+        enableProxyProtocol = true
+        externalTrafficPolicy = var.ingress_service_external_traffic_policy
+      }
       hubble = {
         enabled = var.cilium_hubble_enabled
         relay   = { enabled = var.cilium_hubble_relay_enabled }
@@ -151,6 +172,8 @@ locals {
       ${yamlencode(local.cilium_ipsec_keys_manifest)}
       ---
       ${data.helm_template.cilium.manifest}
+      ---
+      ${yamlencode(local.cilium_gateway_api_manifest)}
     EOF
   } : null
 }

talos_config.tf

@@ -28,6 +28,7 @@ locals {
   talos_manifests = concat(
     var.talos_ccm_enabled ? ["https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/${var.talos_ccm_version}/docs/deploy/cloud-controller-manager-daemonset.yml"] : [],
     var.prometheus_operator_crds_enabled ? ["https://github.com/prometheus-operator/prometheus-operator/releases/download/${var.prometheus_operator_crds_version}/stripped-down-crds.yaml"] : [],
+    var.gateway_api_enabled ? ["https://github.com/kubernetes-sigs/gateway-api/releases/download/${var.gateway_api_version}/${var.gateway_api_experimental_enabled ? "experimental" : "standard"}-install.yaml"] : [],
     var.talos_extra_remote_manifests != null ? var.talos_extra_remote_manifests : []
   )
 

variables.tf

@@ -1661,3 +1661,27 @@ variable "prometheus_operator_crds_version" {
   default     = "v0.86.1" # https://github.com/prometheus-operator/prometheus-operator
   description = "Specifies the version of the Prometheus Operator Custom Resource Definitions (CRDs) to deploy."
 }
+
+# Gateway API
+variable "gateway_api_enabled" {
+  type        = bool
+  default     = false
+  description = "Enables the Gateway API Custom Resource Definitions (CRDs) deployment."
+}
+
+variable "gateway_api_version" {
+  type        = string
+  default     = "v1.3.0" # https://github.com/kubernetes-sigs/gateway-api
+  description = "Specifies the version of the Gateway API Custom Resource Definitions (CRDs) to deploy."
+
+  validation {
+    condition     = var.ingress_controller_type != "cilium" || (var.cilium_helm_version == "v1.18.2" && var.gateway_api_version == "v1.3.0")
+    error_message = "When ingress_controller_type is 'cilium', cilium_helm_version must be 'v1.18.2' and gateway_api_version must be 'v1.3.0'."
+  }
+}
+
+variable "gateway_api_experimental_enabled" {
+  type        = bool
+  default     = false
+  description = "Enables the experimental Gateway API features. These features are not yet part of the official Gateway API specification and may change in future releases."
+}