aws · Jun 2, 2025 · May 27, 2025 · May 27, 2025 · May 28, 2025 · May 28, 2025
diff --git a/.github/workflows/validate-merge-queue-e2e-test.yaml b/.github/workflows/validate-merge-queue-e2e-test.yaml
@@ -75,6 +75,16 @@ jobs:
       - name: Install Gateway API v1.2 CRDs
         run: |
           kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.0" | kubectl apply -f -
+      - name: Install latest custom CRDs
+        run: |
+          kubectl apply -f config/crds/bases/externaldns.k8s.io_dnsendpoints.yaml
+          kubectl apply -f config/crds/bases/gateway.networking.k8s.io_tlsroutes.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceimports.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_vpcassociationpolicies.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_accesslogpolicies.yaml
+          kubectl apply -f config/crds/bases/application-networking.k8s.aws_iamauthpolicies.yaml
       - name: Create Lattice GatewayClass
         run: |
           kubectl apply -f files/controller-installation/gatewayclass.yaml

diff --git a/Makefile b/Makefile
@@ -125,6 +125,7 @@ e2e-test: ## Run e2e tests against cluster pointed to by ~/.kube/config
 		./suites/integration/... \
 		--ginkgo.focus="${FOCUS}" \
 		--ginkgo.skip="${SKIP}" \
+		--ginkgo.timeout=90m \
 		--ginkgo.v
 
 .SILENT:

diff --git a/config/crds/bases/application-networking.k8s.aws_serviceexports.yaml b/config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
@@ -38,6 +38,37 @@ spec:
             type: string
           metadata:
             type: object
+          spec:
+            description: spec defines the desired state of ServiceExport
+            properties:
+              exportedPorts:
+                description: |-
+                  exportedPorts defines which ports of the service should be exported and what route types they should be used with.
+                  If not specified, the controller will use the port from the annotation "application-networking.k8s.aws/port"
+                  and create HTTP target groups for backward compatibility.
+                items:
+                  description: ExportedPort defines a port to be exported and the
+                    route type it should be used with
+                  properties:
+                    port:
+                      description: port is the port number to export
+                      format: int32
+                      type: integer
+                    routeType:
+                      description: |-
+                        routeType is the type of route this port should be used with
+                        Valid values are "HTTP", "GRPC", "TLS"
+                      enum:
+                      - HTTP
+                      - GRPC
+                      - TLS
+                      type: string
+                  required:
+                  - port
+                  - routeType
+                  type: object
+                type: array
+            type: object
           status:
             description: |-
               status describes the current state of an exported service.

diff --git a/docs/api-types/service-export.md b/docs/api-types/service-export.md
@@ -12,21 +12,34 @@ for example, using target groups in the VPC Lattice setup outside Kubernetes.
 Note that ServiceExport is not the implementation of Kubernetes [Multicluster Service APIs](https://multicluster.sigs.k8s.io/concepts/multicluster-services-api/);
 instead AWS Gateway API Controller uses its own version of the resource for the purpose of Gateway API integration.
 
-
-### Limitations
-* The exported Service can only be used in HTTPRoutes. GRPCRoute is currently not supported.
-* Limited to one ServiceExport per Service. If you need multiple exports representing each port,
-  you should create multiple Service-ServiceExport pairs.
-
-### Annotations
+### Annotations (Legacy Method)
 
 * `application-networking.k8s.aws/port`  
   Represents which port of the exported Service will be used.
   When a comma-separated list of ports is provided, the traffic will be distributed to all ports in the list.
+
+  **Note:** This annotation is supported for backward compatibility. For new deployments, it's recommended to use the `spec.exportedPorts` field instead.
+
+## Spec Fields
+
+### exportedPorts
+
+The `exportedPorts` field allows you to explicitly define which ports of the service should be exported and what route types they should be used with. This is useful when you have a service with multiple ports serving different protocols.
 
-## Example Configuration
+Each exported port has the following fields:
+* `port`: The port number to export
+* `routeType`: The type of route this port should be used with. Valid values are:
+  * `HTTP`: For HTTP traffic
+  * `GRPC`: For gRPC traffic
+  * `TLS`: For TLS traffic
 
-The following yaml will create a ServiceExport for a Service named `service-1`:
+If `exportedPorts` is not specified, the controller will use the port from the annotation "application-networking.k8s.aws/port" and create HTTP target groups for backward compatibility.
+
+## Example Configurations
+
+### Legacy Configuration (Using Annotations)
+
+The following yaml will create a ServiceExport for a Service named `service-1` using the legacy annotation method:
 ```yaml
 apiVersion: application-networking.k8s.aws/v1alpha1
 kind: ServiceExport
@@ -36,3 +49,23 @@ metadata:
     application-networking.k8s.aws/port: "9200"
 spec: {}
 ```
+
+### Using exportedPorts
+
+The following yaml will create a ServiceExport for a Service named `service-1` with multiple ports for different route types:
+```yaml
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceExport
+metadata:
+  name: service-1
+spec:
+  exportedPorts:
+  - port: 80
+    routeType: HTTP
+  - port: 8081
+    routeType: GRPC
+```
+
+This configuration will:
+1. Export port 80 to be used with HTTP routes
+2. Export port 8081 to be used with gRPC routes
diff --git a/files/examples/inventory-ver2-export.yaml b/files/examples/inventory-ver2-export.yaml
@@ -4,3 +4,7 @@ metadata:
   name: inventory-ver2
   annotations:
     application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+spec:
+  exportedPorts:
+  - port: 80
+    routeType: HTTP
diff --git a/files/examples/multi-protocol-service-export.yaml b/files/examples/multi-protocol-service-export.yaml
@@ -0,0 +1,14 @@
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceExport
+metadata:
+  name: multi-protocol-service
+  annotations:
+    application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+spec:
+  exportedPorts:
+  - port: 80
+    routeType: HTTP
+  - port: 8081
+    routeType: GRPC
+  - port: 443
+    routeType: TLS
diff --git a/files/examples/service-1-export.yaml b/files/examples/service-1-export.yaml
@@ -4,3 +4,7 @@ metadata:
   name: service-1
   annotations:
     application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+spec:
+  exportedPorts:
+  - port: 80
+    routeType: HTTP
diff --git a/files/examples/service-2-export.yaml b/files/examples/service-2-export.yaml
@@ -4,3 +4,7 @@ metadata:
   name: service-2
   annotations:
     application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+spec:
+  exportedPorts:
+  - port: 80
+    routeType: HTTP
diff --git a/files/examples/tls-rate2-export.yaml b/files/examples/tls-rate2-export.yaml
@@ -3,4 +3,8 @@ kind: ServiceExport
 metadata:
   name: tls-rate2
   annotations:
-    application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+    application-networking.k8s.aws/federation: "amazon-vpc-lattice"
+spec:
+  exportedPorts:
+  - port: 443
+    routeType: TLS
diff --git a/helm/crds/application-networking.k8s.aws_serviceexports.yaml b/helm/crds/application-networking.k8s.aws_serviceexports.yaml
@@ -38,6 +38,37 @@ spec:
             type: string
           metadata:
             type: object
+          spec:
+            description: spec defines the desired state of ServiceExport
+            properties:
+              exportedPorts:
+                description: |-
+                  exportedPorts defines which ports of the service should be exported and what route types they should be used with.
+                  If not specified, the controller will use the port from the annotation "application-networking.k8s.aws/port"
+                  and create HTTP target groups for backward compatibility.
+                items:
+                  description: ExportedPort defines a port to be exported and the
+                    route type it should be used with
+                  properties:
+                    port:
+                      description: port is the port number to export
+                      format: int32
+                      type: integer
+                    routeType:
+                      description: |-
+                        routeType is the type of route this port should be used with
+                        Valid values are "HTTP", "GRPC", "TLS"
+                      enum:
+                      - HTTP
+                      - GRPC
+                      - TLS
+                      type: string
+                  required:
+                  - port
+                  - routeType
+                  type: object
+                type: array
+            type: object
           status:
             description: |-
               status describes the current state of an exported service.

diff --git a/pkg/apis/applicationnetworking/v1alpha1/serviceexport_types.go b/pkg/apis/applicationnetworking/v1alpha1/serviceexport_types.go
@@ -30,6 +30,9 @@ type ServiceExport struct {
 	apimachineryv1.TypeMeta `json:",inline"`
 	// +optional
 	apimachineryv1.ObjectMeta `json:"metadata,omitempty"`
+	// spec defines the desired state of ServiceExport
+	// +optional
+	Spec ServiceExportSpec `json:"spec,omitempty"`
 	// status describes the current state of an exported service.
 	// Service configuration comes from the Service that had the same
 	// name and namespace as this ServiceExport.
@@ -38,6 +41,25 @@ type ServiceExport struct {
 	Status ServiceExportStatus `json:"status,omitempty"`
 }
 
+// ServiceExportSpec defines the desired state of ServiceExport
+type ServiceExportSpec struct {
+	// exportedPorts defines which ports of the service should be exported and what route types they should be used with.
+	// If not specified, the controller will use the port from the annotation "application-networking.k8s.aws/port"
+	// and create HTTP target groups for backward compatibility.
+	// +optional
+	ExportedPorts []ExportedPort `json:"exportedPorts,omitempty"`
+}
+
+// ExportedPort defines a port to be exported and the route type it should be used with
+type ExportedPort struct {
+	// port is the port number to export
+	Port int32 `json:"port"`
+	// routeType is the type of route this port should be used with
+	// Valid values are "HTTP", "GRPC", "TLS"
+	// +kubebuilder:validation:Enum=HTTP;GRPC;TLS
+	RouteType string `json:"routeType"`
+}
+
 // ServiceExportStatus contains the current status of an export.
 type ServiceExportStatus struct {
 	// +optional

diff --git a/pkg/apis/applicationnetworking/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/applicationnetworking/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/controllers/suite_test.go b/pkg/controllers/suite_test.go
@@ -67,7 +67,7 @@ var _ = BeforeSuite(func() {
 	Expect(err).NotTo(HaveOccurred())
 	Expect(k8sClient).NotTo(BeNil())
 
-}, 60)
+}, 5400)
 
 var _ = AfterSuite(func() {
 	By("tearing down the test environment")