envoyproxy · siddharth1036 · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025
@@ -16,3 +16,4 @@ ignore:
   - "**/*.pb.go"
   - "**/zz_generated.*.go"
   - "api/**/*_types.go"
+  - "pkg/client/**"
@@ -29,6 +29,8 @@ const (
 	AppProtocolTypeWSS AppProtocolType = "gateway.envoyproxy.io/wss"
 )
 
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Backend allows the user to configure the endpoints of a backend and
 // the behavior of the connection from Envoy Proxy to the backend.
 //
@@ -281,6 +283,7 @@ type BackendStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // BackendList contains a list of Backend resources.
 //
 // +kubebuilder:object:root=true
@@ -291,5 +294,5 @@ type BackendList struct {
 }
 
 func init() {
-	SchemeBuilder.Register(&Backend{}, &BackendList{})
+	localSchemeBuilder.Register(&Backend{}, &BackendList{})
 }
@@ -23,6 +23,8 @@ const (
 // +kubebuilder:resource:categories=envoy-gateway,shortName=btp
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type BackendTrafficPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -165,12 +167,13 @@ type RequestBuffer struct {
 // BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
 //
 // +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type BackendTrafficPolicyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []BackendTrafficPolicy `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{})
+	localSchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{})
 }
@@ -22,6 +22,8 @@ const (
 
 // ClientTrafficPolicy allows the user to configure the behavior of the connection
 // between the downstream client and Envoy Proxy listener.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ClientTrafficPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -396,12 +398,13 @@ type ProxyProtocolSettings struct {
 //+kubebuilder:object:root=true
 
 // ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ClientTrafficPolicyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []ClientTrafficPolicy `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&ClientTrafficPolicy{}, &ClientTrafficPolicyList{})
+	localSchemeBuilder.Register(&ClientTrafficPolicy{}, &ClientTrafficPolicyList{})
 }
@@ -6,6 +6,7 @@
 // Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io
 // API group.
 //
-// +kubebuilder:object:generate=true
+// +k8s:deepcopy-gen=package
 // +groupName=gateway.envoyproxy.io
+// +kubebuilder:object:generate=true
 package v1alpha1
@@ -21,6 +21,8 @@ const (
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
 
 // EnvoyExtensionPolicy allows the user to configure various envoy extensibility options for the Gateway.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyExtensionPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -68,12 +70,13 @@ type EnvoyExtensionPolicySpec struct {
 //+kubebuilder:object:root=true
 
 // EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyExtensionPolicyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []EnvoyExtensionPolicy `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&EnvoyExtensionPolicy{}, &EnvoyExtensionPolicyList{})
+	localSchemeBuilder.Register(&EnvoyExtensionPolicy{}, &EnvoyExtensionPolicyList{})
 }
@@ -852,5 +852,5 @@ type EnvoyGatewayTopologyInjector struct {
 }
 
 func init() {
-	SchemeBuilder.Register(&EnvoyGateway{})
+	localSchemeBuilder.Register(&EnvoyGateway{})
 }
@@ -24,6 +24,8 @@ const (
 
 // EnvoyPatchPolicy allows the user to modify the generated Envoy xDS
 // resources by Envoy Gateway using this patch API
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyPatchPolicy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -169,12 +171,13 @@ const (
 //+kubebuilder:object:root=true
 
 // EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyPatchPolicyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []EnvoyPatchPolicy `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&EnvoyPatchPolicy{}, &EnvoyPatchPolicyList{})
+	localSchemeBuilder.Register(&EnvoyPatchPolicy{}, &EnvoyPatchPolicyList{})
 }
@@ -20,6 +20,8 @@ const (
 // +kubebuilder:subresource:status
 
 // EnvoyProxy is the schema for the envoyproxies API.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyProxy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -549,6 +551,7 @@ type EnvoyProxyStatus struct {
 // +kubebuilder:object:root=true
 
 // EnvoyProxyList contains a list of EnvoyProxy
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type EnvoyProxyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
@@ -570,5 +573,5 @@ const (
 )
 
 func init() {
-	SchemeBuilder.Register(&EnvoyProxy{}, &EnvoyProxyList{})
+	localSchemeBuilder.Register(&EnvoyProxy{}, &EnvoyProxyList{})
 }
@@ -6,20 +6,56 @@
 package v1alpha1
 
 import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
 
 const GroupName = "gateway.envoyproxy.io"
 
 var (
-
 	// GroupVersion is group version used to register these objects
 	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
 
+	// SchemeGroupVersion is an alias for GroupVersion for code-generator compatibility
+	SchemeGroupVersion = GroupVersion
+
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
-	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+
+	// localSchemeBuilder is used for controller-runtime compatibility
+	localSchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
 
 	// AddToScheme adds the types in this group-version to the given scheme.
 	AddToScheme = SchemeBuilder.AddToScheme
 )
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return GroupVersion.WithResource(resource).GroupResource()
+}
+
+// addKnownTypes adds the set of types defined in this package to the supplied scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(GroupVersion,
+		&Backend{},
+		&BackendList{},
+		&BackendTrafficPolicy{},
+		&BackendTrafficPolicyList{},
+		&ClientTrafficPolicy{},
+		&ClientTrafficPolicyList{},
+		&EnvoyExtensionPolicy{},
+		&EnvoyExtensionPolicyList{},
+		&EnvoyPatchPolicy{},
+		&EnvoyPatchPolicyList{},
+		&EnvoyProxy{},
+		&EnvoyProxyList{},
+		&HTTPRouteFilter{},
+		&HTTPRouteFilterList{},
+		&SecurityPolicy{},
+		&SecurityPolicyList{},
+	)
+	metav1.AddToGroupVersion(scheme, GroupVersion)
+	return nil
+}
@@ -24,6 +24,9 @@ const (
 
 // HTTPRouteFilter is a custom Envoy Gateway HTTPRouteFilter which provides extended
 // traffic processing options such as path regex rewrite, direct response and more.
+// +genclient
+// +genclient:noStatus
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type HTTPRouteFilter struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -188,12 +191,13 @@ type InjectedCredential struct {
 //+kubebuilder:object:root=true
 
 // HTTPRouteFilterList contains a list of HTTPRouteFilter resources.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type HTTPRouteFilterList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []HTTPRouteFilter `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&HTTPRouteFilter{}, &HTTPRouteFilterList{})
+	localSchemeBuilder.Register(&HTTPRouteFilter{}, &HTTPRouteFilterList{})
 }
@@ -15,6 +15,8 @@ const (
 	KindSecurityPolicy = "SecurityPolicy"
 )
 
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:categories=envoy-gateway,shortName=sp
 // +kubebuilder:subresource:status
@@ -86,7 +88,8 @@ type SecurityPolicySpec struct {
 	Authorization *Authorization `json:"authorization,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
 
 // SecurityPolicyList contains a list of SecurityPolicy resources.
 type SecurityPolicyList struct {
@@ -96,5 +99,5 @@ type SecurityPolicyList struct {
 }
 
 func init() {
-	SchemeBuilder.Register(&SecurityPolicy{}, &SecurityPolicyList{})
+	localSchemeBuilder.Register(&SecurityPolicy{}, &SecurityPolicyList{})
 }
@@ -7,20 +7,17 @@ package egctl
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/types"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 
-	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
-	"github.com/envoyproxy/gateway/internal/envoygateway"
+	"github.com/envoyproxy/gateway/internal/envoygateway/config"
 	"github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/ratelimit"
 	"github.com/envoyproxy/gateway/internal/kubernetes"
 )
@@ -168,28 +165,16 @@ func checkEnableGlobalRateLimit(cli kubernetes.CLIClient) (bool, error) {
 		return false, err
 	}
 
-	config, ok := cm.Data[defaultConfigMapKey]
+	configData, ok := cm.Data[defaultConfigMapKey]
 	if !ok {
 		return false, fmt.Errorf("failed to get envoy-gateway configuration")
 	}
 
-	decoder := serializer.NewCodecFactory(envoygateway.GetScheme()).UniversalDeserializer()
-	obj, gvk, err := decoder.Decode([]byte(config), nil, nil)
+	eg, err := config.DecodeBytes([]byte(configData))
 	if err != nil {
 		return false, err
 	}
 
-	if gvk.Group != egv1a1.GroupVersion.Group ||
-		gvk.Version != egv1a1.GroupVersion.Version ||
-		gvk.Kind != egv1a1.KindEnvoyGateway {
-		return false, errors.New("failed to decode unmatched resource type")
-	}
-
-	eg, ok := obj.(*egv1a1.EnvoyGateway)
-	if !ok {
-		return false, errors.New("failed to convert object to EnvoyGateway type")
-	}
-
 	if eg.RateLimit == nil || eg.RateLimit.Backend.Redis == nil {
 		return false, nil
 	}

@@ -9,20 +9,35 @@ import (
 	"errors"
 	"os"
 
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
-	"github.com/envoyproxy/gateway/internal/envoygateway"
 )
 
+// configScheme is a dedicated scheme for decoding EnvoyGateway configuration.
+// EnvoyGateway is a configuration type loaded from files/ConfigMaps, not a CRD,
+// so it should not be added to the main CRD scheme.
+var configScheme = runtime.NewScheme()
+
+func init() {
+	// Register only the EnvoyGateway configuration type
+	configScheme.AddKnownTypes(egv1a1.GroupVersion, &egv1a1.EnvoyGateway{})
+}
+
 func Decode(cfgPath string) (*egv1a1.EnvoyGateway, error) {
 	data, err := os.ReadFile(cfgPath)
 	if err != nil {
 		return nil, err
 	}
 
-	// Decode the config file.
-	decoder := serializer.NewCodecFactory(envoygateway.GetScheme()).UniversalDeserializer()
+	return DecodeBytes(data)
+}
+
+// DecodeBytes decodes an EnvoyGateway configuration from bytes.
+func DecodeBytes(data []byte) (*egv1a1.EnvoyGateway, error) {
+	// Decode the config using the dedicated config scheme.
+	decoder := serializer.NewCodecFactory(configScheme).UniversalDeserializer()
 	obj, gvk, err := decoder.Decode(data, nil, nil)
 	if err != nil {
 		return nil, err