Merge pull request #4621 from shuqz/i2g-init

[feat i2g]setup cli and framework

Author: k8s-ci-robot

.gitignore

@@ -8,6 +8,7 @@
 *.dylib
 bin
 build
+lbc-migrate
 
 # mkdocs generated live docs
 site

Makefile

@@ -52,6 +52,14 @@ fast-unit-test:
 controller: generate fmt vet
 	go build -o bin/controller main.go
 
+# Build lbc-migrate binary
+lbc-migrate: fmt vet
+	go build -o bin/lbc-migrate ./cmd/lbc-migrate
+
+# Install lbc-migrate to $GOBIN (symlink so rebuilds are picked up automatically)
+install-lbc-migrate: lbc-migrate
+	ln -sf $(MAKEFILE_PATH)bin/lbc-migrate $(GOBIN)/lbc-migrate
+
 # Run against the configured Kubernetes cluster in ~/.kube/config
 run: generate fmt vet manifests
 	go run ./main.go

cmd/lbc-migrate/main.go

@@ -0,0 +1,125 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress2gateway"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress2gateway/reader"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress2gateway/warnings"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress2gateway/writer"
+)
+
+const defaultOutputDir = "./gateway-output"
+
+func main() {
+	rootCmd := newRootCommand()
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func newRootCommand() *cobra.Command {
+	opts := &ingress2gateway.MigrateOptions{}
+
+	cmd := &cobra.Command{
+		Use:   "lbc-migrate",
+		Short: "Migrate AWS Load Balancer Controller Ingress resources to Gateway API",
+		Long: `lbc-migrate translates Ingress, Service, IngressClass, and IngressClassParams
+resources into Gateway API equivalents (Gateway, HTTPRoute, LoadBalancerConfiguration,
+TargetGroupConfiguration, ListenerRuleConfiguration etc).
+
+Input can come from YAML/JSON files, a directory of manifest files, or a live Kubernetes cluster.`,
+		SilenceUsage: true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if err := validateFlags(opts); err != nil {
+				return err
+			}
+			return runMigrate(cmd.Context(), opts)
+		},
+	}
+
+	// Input flags
+	cmd.Flags().StringSliceVarP(&opts.Files, "file", "f", nil,
+		"Comma-separated input YAML/JSON file paths (e.g. -f file1.yaml,file2.yaml)")
+	cmd.Flags().StringVar(&opts.InputDir, "input-dir", "",
+		"Directory containing YAML/JSON files to read")
+	cmd.Flags().BoolVar(&opts.FromCluster, "from-cluster", false,
+		"Read resources from a live Kubernetes cluster")
+
+	// Cluster flags
+	cmd.Flags().StringVar(&opts.Namespace, "namespace", "",
+		"Namespace to read from (only with --from-cluster)")
+	cmd.Flags().BoolVar(&opts.AllNamespaces, "all-namespaces", false,
+		"Read from all namespaces (only with --from-cluster)")
+	cmd.Flags().StringVar(&opts.Kubeconfig, "kubeconfig", "",
+		"Path to kubeconfig file (only with --from-cluster, defaults to $KUBECONFIG or ~/.kube/config)")
+
+	// Output flags
+	cmd.Flags().StringVar(&opts.OutputDir, "output-dir", defaultOutputDir,
+		"Directory to write output manifests")
+	cmd.Flags().StringVar(&opts.OutputFormat, "output-format", "yaml",
+		"Output format: yaml or json")
+
+	return cmd
+}
+
+func validateFlags(opts *ingress2gateway.MigrateOptions) error {
+	hasFiles := len(opts.Files) > 0
+	hasInputDir := opts.InputDir != ""
+	hasFileInput := hasFiles || hasInputDir
+
+	// Must provide at least one input mode
+	if !opts.FromCluster && !hasFileInput {
+		return fmt.Errorf("must specify at least one of: --file (-f), --input-dir, or --from-cluster")
+	}
+
+	// --from-cluster is mutually exclusive with file-based input
+	if opts.FromCluster && hasFileInput {
+		return fmt.Errorf("--from-cluster cannot be used with --file or --input-dir")
+	}
+
+	// Cluster-only flags
+	if !opts.FromCluster {
+		if opts.Namespace != "" {
+			return fmt.Errorf("--namespace can only be used with --from-cluster")
+		}
+		if opts.AllNamespaces {
+			return fmt.Errorf("--all-namespaces can only be used with --from-cluster")
+		}
+		if opts.Kubeconfig != "" {
+			return fmt.Errorf("--kubeconfig can only be used with --from-cluster")
+		}
+	}
+
+	// --namespace and --all-namespaces are mutually exclusive
+	if opts.Namespace != "" && opts.AllNamespaces {
+		return fmt.Errorf("--namespace and --all-namespaces are mutually exclusive")
+	}
+
+	// Validate output format
+	if opts.OutputFormat != "yaml" && opts.OutputFormat != "json" {
+		return fmt.Errorf("--output-format must be yaml or json, got %q", opts.OutputFormat)
+	}
+
+	return nil
+}
+
+func runMigrate(ctx context.Context, opts *ingress2gateway.MigrateOptions) error {
+	readFunc := func(ctx context.Context, o ingress2gateway.MigrateOptions) (*ingress2gateway.InputResources, error) {
+		resources, err := reader.Read(ctx, o)
+		if err != nil {
+			return nil, err
+		}
+		if !o.FromCluster {
+			warnings.CheckMissingResources(resources, os.Stderr)
+		}
+		return resources, nil
+	}
+
+	writeFunc := writer.Write
+
+	return ingress2gateway.Migrate(ctx, *opts, readFunc, writeFunc)
+}

docs/guide/gateway/migrate_from_ingress.md

@@ -0,0 +1,131 @@
+# Migrate from Ingress
+
+!!! warning "Under Development"
+    This tool is under active development and is not ready for production use.
+    Features may change, and annotation translation is not yet implemented.
+    Do not use this tool for production migrations at this time.
+
+`lbc-migrate` is a CLI tool that helps migrate AWS Load Balancer Controller (LBC) Ingress resources to Gateway API equivalents. It reads Ingress, Service, IngressClass, and IngressClassParams resources from YAML/JSON files or a live Kubernetes cluster, and writes them to an output directory.
+
+## Installation
+
+Build from source (requires Go):
+```bash
+# From the root of the aws-load-balancer-controller repo
+make lbc-migrate
+```
+
+The binary will be at `bin/lbc-migrate`. To install it on your PATH (creates a symlink, so future `make lbc-migrate` rebuilds are picked up automatically):
+```bash
+make install-lbc-migrate
+```
+
+Alternatively, use `go run` directly without building:
+```bash
+go run ./cmd/lbc-migrate/ [flags]
+```
+
+## Usage
+
+```
+lbc-migrate [flags]
+```
+
+### Input Modes
+
+The tool supports three input modes. You must provide at least one.
+
+#### Option 1: Individual files
+```bash
+lbc-migrate -f ingress1.yaml,ingress2.yaml
+```
+
+#### Option 2: Directory of files
+```bash
+lbc-migrate --input-dir ./my-manifests/
+```
+
+#### Option 3: Read from a live cluster
+
+!!! note "Read-only access"
+    The `--from-cluster` mode only performs read operations (list/get). It never creates, updates, or deletes any cluster resources. We recommend using a user or service account with read-only RBAC permissions (e.g. a ClusterRole with only `get` and `list` verbs on Ingress, Service, IngressClass, and IngressClassParams resources).
+
+```bash
+lbc-migrate --from-cluster --all-namespaces
+lbc-migrate --from-cluster --namespace production
+```
+
+You can combine `-f` and `--input-dir`, but `--from-cluster` cannot be used with file-based input.
+
+### Flags
+
+| Flag | Required | Description | Default |
+|------|----------|-------------|---------|
+| `-f, --file` | One of `-f`, `--input-dir`, or `--from-cluster` is required | Comma-separated input YAML/JSON file paths (e.g. `-f file1.yaml,file2.yaml`) | |
+| `--input-dir` | One of `-f`, `--input-dir`, or `--from-cluster` is required | Directory containing YAML/JSON files | |
+| `--from-cluster` | One of `-f`, `--input-dir`, or `--from-cluster` is required | Read resources from a live Kubernetes cluster | |
+| `--namespace` | Optional | Namespace to read from. Only valid with `--from-cluster`. Mutually exclusive with `--all-namespaces` | Current kubeconfig context namespace |
+| `--all-namespaces` | Optional | Read from all namespaces. Only valid with `--from-cluster`. Mutually exclusive with `--namespace` | |
+| `--kubeconfig` | Optional | Path to kubeconfig file. Only valid with `--from-cluster` | `$KUBECONFIG` or `~/.kube/config` |
+| `--output-dir` | Optional | Directory to write output manifests | `./gateway-output` |
+| `--output-format` | Optional | Output format: `yaml` or `json` | `yaml` |
+
+### Supported Input Formats
+
+Both YAML and JSON Kubernetes manifests are supported. Multi-document YAML files (separated by `---`) are handled automatically. The tool recognizes the following resource types:
+
+- `networking.k8s.io/v1` Ingress
+- `networking.k8s.io/v1` IngressClass
+- `v1` Service
+- `elbv2.k8s.aws/v1beta1` IngressClassParams
+
+Unrecognized resource types in the input are silently skipped.
+
+## Examples
+
+### Basic: single Ingress file
+```bash
+lbc-migrate -f ingress.yaml --output-dir ./gateway-output/
+```
+
+### Directory of manifests
+```bash
+lbc-migrate --input-dir ./k8s-manifests/ --output-dir ./gateway-output/
+```
+
+### From a live cluster (all namespaces)
+```bash
+lbc-migrate --from-cluster --all-namespaces --output-dir ./gateway-output/
+```
+
+### From a live cluster (specific namespace)
+```bash
+lbc-migrate --from-cluster --namespace production --output-dir ./gateway-output/
+```
+
+### Custom kubeconfig
+```bash
+lbc-migrate --from-cluster --all-namespaces --kubeconfig ~/.kube/staging-config --output-dir ./gateway-output/
+```
+
+### JSON output format
+```bash
+lbc-migrate -f ingress.yaml --output-dir ./gateway-output/ --output-format json
+```
+
+## Missing Resource Warnings
+
+When using file-based input (`-f` or `--input-dir`), the tool checks for missing referenced resources and emits warnings to stderr. For example, if an Ingress references a Service that was not provided in the input files:
+
+```
+WARNING: Ingress "default/my-ingress" references Service "api-service"
+  but it was not provided. Service-level annotation overrides may be missing.
+
+WARNING: Ingress "default/my-ingress" uses IngressClass "alb"
+  but it was not provided. IngressClassParams overrides may be missing.
+
+Tip: Use --from-cluster to automatically read all referenced resources,
+     or include Service/IngressClass/IngressClassParams files in your input.
+```
+
+These warnings are informational — the tool still generates output. For the most accurate results, use `--from-cluster` which automatically fetches all referenced resources.

pkg/ingress2gateway/migrate.go

@@ -0,0 +1,41 @@
+package ingress2gateway
+
+import (
+	"context"
+	"fmt"
+	"os"
+)
+
+// Migrate is the top-level orchestrator that reads input resources,
+// checks for missing references, and writes output.
+// The translate step (annotation mapping) will be added later.
+func Migrate(ctx context.Context, opts MigrateOptions, readFunc ReadFunc, writeFunc WriteFunc) error {
+	resources, err := readFunc(ctx, opts)
+	if err != nil {
+		return fmt.Errorf("failed to read input resources: %w", err)
+	}
+
+	if len(resources.Ingresses) == 0 {
+		fmt.Fprintln(os.Stderr, "No Ingress resources found in input.")
+		return nil
+	}
+
+	fmt.Fprintf(os.Stderr, "Found %d Ingress(es), %d Service(s), %d IngressClass(es), %d IngressClassParams\n",
+		len(resources.Ingresses), len(resources.Services),
+		len(resources.IngressClasses), len(resources.IngressClassParams))
+
+	// TODO: translate InputResources → OutputResources (Gateway API manifests)
+	// For now, we pass through the input resources as-is.
+
+	if err := writeFunc(resources, opts.OutputDir, opts.OutputFormat); err != nil {
+		return fmt.Errorf("failed to write output: %w", err)
+	}
+
+	return nil
+}
+
+// ReadFunc is the signature for reading input resources.
+type ReadFunc func(ctx context.Context, opts MigrateOptions) (*InputResources, error)
+
+// WriteFunc is the signature for writing output resources.
+type WriteFunc func(resources *InputResources, outputDir string, format string) error