This is an automated email from the ASF dual-hosted git repository. ronething pushed a commit to branch fix/ssl_id in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
commit 18b1bde95c9bf8bc3e8a39f05d85549a281f2220 Author: Ashing Zheng <[email protected]> AuthorDate: Thu Oct 9 16:42:52 2025 +0800 fix: ssl id generate logic Signed-off-by: Ashing Zheng <[email protected]> --- internal/adc/translator/apisixtls.go | 2 +- internal/adc/translator/gateway.go | 5 ++--- internal/adc/translator/ingress.go | 8 ++++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/internal/adc/translator/apisixtls.go b/internal/adc/translator/apisixtls.go index 2f05facf..ccbb47bc 100644 --- a/internal/adc/translator/apisixtls.go +++ b/internal/adc/translator/apisixtls.go @@ -57,7 +57,7 @@ func (t *Translator) TranslateApisixTls(tctx *provider.TranslateContext, tls *ap // Create SSL object ssl := &adctypes.SSL{ Metadata: adctypes.Metadata{ - ID: id.GenID(tls.Namespace + "_" + tls.Name), + ID: id.GenID("ApisixTls_" + tls.Namespace + "_" + tls.Name), Labels: label.GenLabel(tls), }, Certificates: []adctypes.Certificate{ diff --git a/internal/adc/translator/gateway.go b/internal/adc/translator/gateway.go index 43fc765f..2d83da7e 100644 --- a/internal/adc/translator/gateway.go +++ b/internal/adc/translator/gateway.go @@ -82,7 +82,7 @@ func (t *Translator) translateSecret(tctx *provider.TranslateContext, listener g sslObjs := make([]*adctypes.SSL, 0) switch *listener.TLS.Mode { case gatewayv1.TLSModeTerminate: - for _, ref := range listener.TLS.CertificateRefs { + for refIndex, ref := range listener.TLS.CertificateRefs { ns := obj.GetNamespace() if ref.Namespace != nil { ns = string(*ref.Namespace) @@ -123,8 +123,7 @@ func (t *Translator) translateSecret(tctx *provider.TranslateContext, listener g } sslObj.Snis = append(sslObj.Snis, hosts...) } - // Note: use cert as id to avoid duplicate certificate across ssl objects - sslObj.ID = id.GenID(string(cert)) + sslObj.ID = id.GenID(fmt.Sprintf("Gateway_%s_%s_%s_%d", obj.Namespace, obj.Name, listener.Name, refIndex)) log.Debugw("generated ssl id", zap.String("ssl id", sslObj.ID), zap.String("secret", secret.Namespace+"/"+secret.Name)) sslObj.Labels = label.GenLabel(obj) sslObjs = append(sslObjs, sslObj) diff --git a/internal/adc/translator/ingress.go b/internal/adc/translator/ingress.go index f17b159f..69936de4 100644 --- a/internal/adc/translator/ingress.go +++ b/internal/adc/translator/ingress.go @@ -33,7 +33,7 @@ import ( internaltypes "github.com/apache/apisix-ingress-controller/internal/types" ) -func (t *Translator) translateIngressTLS(ingressTLS *networkingv1.IngressTLS, secret *corev1.Secret, labels map[string]string) (*adctypes.SSL, error) { +func (t *Translator) translateIngressTLS(namespace, name string, tlsIndex int, ingressTLS *networkingv1.IngressTLS, secret *corev1.Secret, labels map[string]string) (*adctypes.SSL, error) { // extract the key pair from the secret cert, key, err := extractKeyPair(secret, true) if err != nil { @@ -64,7 +64,7 @@ func (t *Translator) translateIngressTLS(ingressTLS *networkingv1.IngressTLS, se }, Snis: hosts, } - ssl.ID = id.GenID(string(cert)) + ssl.ID = id.GenID(fmt.Sprintf("Ingress_%s_%s_%d", namespace, name, tlsIndex)) return ssl, nil } @@ -75,7 +75,7 @@ func (t *Translator) TranslateIngress(tctx *provider.TranslateContext, obj *netw labels := label.GenLabel(obj) // handle TLS configuration, convert to SSL objects - for _, tls := range obj.Spec.TLS { + for tlsIndex, tls := range obj.Spec.TLS { if tls.SecretName == "" { continue } @@ -86,7 +86,7 @@ func (t *Translator) TranslateIngress(tctx *provider.TranslateContext, obj *netw if secret == nil { continue } - ssl, err := t.translateIngressTLS(&tls, secret, labels) + ssl, err := t.translateIngressTLS(obj.Namespace, obj.Name, tlsIndex, &tls, secret, labels) if err != nil { return nil, err }
