Current Behavior

When creating a hybrid Gateway with a malformed GatewayConfiguration (e.g., reference to a non-existent KonnectAPIAuthConfiguration), the DataPlane gets provisioned without the required KonnectExtension. This results in a misconfigured self-managed DataPlane.

Expected Behavior

When creating a hybrid Gateway, the controller provisions a DataPlane and a KonnectExtension. In order to be effectively configured, the DataPlane needs the KonnectExtension to be in place to be able to properly reference it. We need to change the current behavior and ensure that the DataPlane gets created only once the KonnectGatewayControlPlane and the KonnectExtension are in place.

Steps To Reproduce

Deploy the following manifests WITHOUT having the references KonnectAPIAuthConfiguration resource in place.

kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v2beta1
metadata:
  name: jw-gwc
  namespace: default
spec:
  konnect:
    authRef:
      name: konnect-api-auth
  dataPlaneOptions:
    deployment:
      podTemplateSpec:
        spec:
          containers:
          - name: proxy
            image: kong/kong-gateway:3.12
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: kong-v2beta1
spec:
  controllerName: konghq.com/gateway-operator
  parametersRef:
    group: gateway-operator.konghq.com
    kind: GatewayConfiguration
    name: jw-gwc
    namespace: default
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: jw-gw
  namespace: default
spec:
  gatewayClassName: kong-v2beta1
  listeners:
  - name: http
    protocol: HTTP
    port: 80

Operator Version

main