feat(gateway): configure DNS records for Gateway API Route resources

- Reconcile DNS records for HTTPRoute/TLSRoute resources via the Gateway
  controller using VPCNetworkConfiguration allowed DNS zones
- Implement missing controller-runtime v0.23.3 interface methods in mock
  implementations for cache.Informer and manager.Manager

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: wenyingd

cmd/main.go

@@ -23,10 +23,12 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	"github.com/vmware-tanzu/nsx-operator/pkg/apis/legacy/v1alpha1"
 	crdv1alpha1 "github.com/vmware-tanzu/nsx-operator/pkg/apis/vpc/v1alpha1"
 	"github.com/vmware-tanzu/nsx-operator/pkg/config"
+	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/gateway"
 	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/inventory"
 	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/ipaddressallocation"
 	namespacecontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/namespace"
@@ -83,6 +85,7 @@ func init() {
 	utilruntime.Must(crdv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
 	utilruntime.Must(vmv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(gatewayv1.Install(scheme))
 	config.AddFlags()
 
 	cf, err = config.NewNSXOperatorConfigFromFile()
@@ -248,6 +251,7 @@ func startServiceController(mgr manager.Manager, nsxClient *nsx.Client) {
 			pod.NewPodReconciler(mgr, subnetPortService, subnetService, vpcService, nodeService),
 			networkpolicycontroller.NewNetworkPolicyReconciler(mgr, commonService, vpcService),
 			service.NewServiceLbReconciler(mgr, commonService, dnsRecordService),
+			gateway.NewGatewayReconciler(mgr, dnsRecordService),
 			subnetbindingcontroller.NewReconciler(mgr, subnetService, subnetBindingService),
 			subnetipreservationcontroller.NewReconciler(mgr, subnetIPReservationService, subnetService),
 		)

go.mod

@@ -56,6 +56,7 @@ require (
 	github.com/gofrs/uuid v4.4.0+incompatible
 	go.openly.dev/pointy v1.3.0
 	go.uber.org/mock v0.6.0
+	sigs.k8s.io/gateway-api v1.5.0
 )
 
 require (
@@ -64,7 +65,6 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.13.0 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.1 // indirect
@@ -97,7 +97,6 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/onsi/ginkgo/v2 v2.28.1 // indirect
-	github.com/onsi/gomega v1.39.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.67.5 // indirect

go.sum

@@ -23,8 +23,8 @@ github.com/deckarep/golang-set v1.8.0 h1:sk9/l/KqpunDwP7pSjUg0keiOOLEnOBHzykLrsP
 github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS383rP6+o6qqo=
 github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes=
 github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
-github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k=
+github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
 github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
@@ -293,6 +293,8 @@ k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0x
 k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
 sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80=
 sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0=
+sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA=
+sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=

pkg/controllers/common/types.go

@@ -25,6 +25,7 @@ const (
 	MetricResTypeNode                       = "node"
 	MetricResTypeServiceLb                  = "servicelb"
 	MetricResTypeStatefulSet                = "statefulset"
+	MetricResTypeGateway                    = "gateway"
 	MaxConcurrentReconciles                 = 8
 	NSXOperatorError                        = "nsx-op/error"
 	//sync the error with NCP side
@@ -35,6 +36,9 @@ const (
 
 	LabelK8sMasterRole  = "node-role.kubernetes.io/master"
 	LabelK8sControlRole = "node-role.kubernetes.io/control-plane"
+
+	ManagedK8sGatewayClassIstio = "istio"
+	ManagedK8sGatewayClassAviLB = "avi-lb"
 )
 
 var (

pkg/controllers/gateway/dns_owner_endpoints.go

@@ -0,0 +1,54 @@
+/* Copyright © 2026 Broadcom, Inc. All Rights Reserved.
+   SPDX-License-Identifier: Apache-2.0 */
+
+package gateway
+
+import (
+	"k8s.io/apimachinery/pkg/types"
+
+	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/dns"
+	extdns "github.com/vmware-tanzu/nsx-operator/pkg/third_party/externaldns/endpoint"
+)
+
+// Route DNS: hostnames + ipCache → extdns.Endpoint.
+// Gateway annotation-hostname DNS (collectGatewayEndpointsByAnnotation / buildEndpointsFromAnnotations)
+// was moved to dns-networkinfo-hostname to separate the hostname-conflict-resolution feature.
+
+type parentGatewayMatch struct {
+	nn     types.NamespacedName
+	filter string
+	ips    extdns.Targets
+}
+
+func mergeTargetsUnion(a, b extdns.Targets) extdns.Targets {
+	return extdns.NewTargets(append(append([]string(nil), a...), b...)...)
+}
+
+// buildRouteDNSMergedEndpoints builds owner-scoped Route DNS rows (Gateway or ListenerSet→root Gateway, same rules as aggregation).
+func (a routeReconcilerAdapter[PT, T]) buildRouteDNSMergedEndpoints(route PT) (*dns.AggregatedDNSEndpoints, map[string]string, error) {
+	owner := route.GetResourceRef()
+	eps, allowed, err := a.reconciler.buildRouteDNSEndpointsForAggregation(route.GetNamespace(), owner, route.GetParentRefs(), route.GetRouteParentStatus(), route.GetObjectMeta(), route.GetSpecHostnames())
+	if err != nil || len(eps) == 0 {
+		return nil, allowed, err
+	}
+	return dns.NewOwnerScopedAggregatedRouteDNS(owner, eps), allowed, nil
+}
+
+// buildEndpoints appends extdns endpoints per hostname; sets EndpointLabelParentGateway to gatewayLabel (comma-separated if merged).
+func buildEndpoints(out *[]*extdns.Endpoint, hostnames []string, targets extdns.Targets, parentGatewayLabel string) {
+	ttl := extdns.TTL(0)
+	for _, h := range hostnames {
+		if h == "" {
+			continue
+		}
+		for _, ep := range extdns.EndpointsForHostname(h, targets, ttl) {
+			if ep == nil {
+				continue
+			}
+			if parentGatewayLabel != "" {
+				ep.WithLabel(dns.EndpointLabelParentGateway, parentGatewayLabel)
+			}
+			*out = append(*out, ep)
+		}
+	}
+}