This is an automated email from the ASF dual-hosted git repository.
lingsamuel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new e2f19b56 feat: support ApisixTls v2 (#967)
e2f19b56 is described below
commit e2f19b563e672f21f9bc72c3890ed74908ddc9cc
Author: Sarasa Kisaragi <[email protected]>
AuthorDate: Wed May 11 14:58:27 2022 +0800
feat: support ApisixTls v2 (#967)
Co-authored-by: Jintao Zhang <[email protected]>
---
Makefile | 8 ++
cmd/ingress/ingress.go | 1 +
pkg/config/config.go | 6 ++
pkg/config/config_test.go | 2 +
pkg/ingress/apisix_tls.go | 185 ++++++++++++++++++++++++---------
pkg/ingress/compare.go | 4 +-
pkg/ingress/controller.go | 21 +++-
pkg/ingress/secret.go | 127 +++++++++++++++++++---
pkg/ingress/status.go | 18 ++++
pkg/kube/apisix_tls.go | 167 +++++++++++++++++++++++++++++
pkg/kube/translation/apisix_ssl.go | 45 +++++++-
pkg/kube/translation/ingress.go | 12 +--
pkg/kube/translation/translator.go | 6 +-
test/e2e/scaffold/scaffold.go | 6 ++
test/e2e/suite-features/global_rule.go | 2 +-
test/e2e/suite-ingress/ingress.go | 2 +-
16 files changed, 534 insertions(+), 78 deletions(-)
diff --git a/Makefile b/Makefile
index 7ab1d8ce..9c3d586e 100644
--- a/Makefile
+++ b/Makefile
@@ -84,6 +84,14 @@ ifeq ("$(wildcard $(GINKGO))", "")
exit 1
endif
+
+### push-ingress-images: Build and push Ingress image used in e2e test suites
to kind or custom registry.
+.PHONY: push-ingress-images
+push-ingress-images:
+ docker build -t apache/apisix-ingress-controller:$(IMAGE_TAG)
--build-arg ENABLE_PROXY=$(ENABLE_PROXY) .
+ docker tag apache/apisix-ingress-controller:$(IMAGE_TAG)
$(REGISTRY)/apache/apisix-ingress-controller:$(IMAGE_TAG)
+ docker push $(REGISTRY)/apache/apisix-ingress-controller:$(IMAGE_TAG)
+
### push-images: Push images used in e2e test suites to kind or custom
registry.
.PHONY: push-images
push-images:
diff --git a/cmd/ingress/ingress.go b/cmd/ingress/ingress.go
index ed4b2df8..a4d6cbf9 100644
--- a/cmd/ingress/ingress.go
+++ b/cmd/ingress/ingress.go
@@ -162,6 +162,7 @@ For example, no available LB exists in the bare metal
environment.`)
cmd.PersistentFlags().StringVar(&cfg.Kubernetes.ElectionID,
"election-id", config.IngressAPISIXLeader, "election id used for campaign the
controller leader")
cmd.PersistentFlags().StringVar(&cfg.Kubernetes.IngressVersion,
"ingress-version", config.IngressNetworkingV1, "the supported ingress api group
version, can be \"networking/v1beta1\", \"networking/v1\" (for Kubernetes
version v1.19.0 or higher) and \"extensions/v1beta1\"")
cmd.PersistentFlags().StringVar(&cfg.Kubernetes.ApisixRouteVersion,
"apisix-route-version", config.ApisixRouteV2beta3, "the supported apisixroute
api group version, can be \"apisix.apache.org/v2beta2\" or
\"apisix.apache.org/v2beta3\"")
+ cmd.PersistentFlags().StringVar(&cfg.Kubernetes.ApisixTlsVersion,
"apisix-tls-version", config.ApisixV2beta3, "the supported apisixtls api group
version, can be \"apisix.apache.org/v2beta3\" or \"apisix.apache.org/v2\"")
cmd.PersistentFlags().BoolVar(&cfg.Kubernetes.WatchEndpointSlices,
"watch-endpointslices", false, "whether to watch endpointslices rather than
endpoints")
cmd.PersistentFlags().BoolVar(&cfg.Kubernetes.EnableGatewayAPI,
"enable-gateway-api", false, "whether to enable support for Gateway API")
cmd.PersistentFlags().StringVar(&cfg.APISIX.DefaultClusterBaseURL,
"default-apisix-cluster-base-url", "", "the base URL of admin api / manager api
for the default APISIX cluster")
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 99695fcd..0d41f406 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -57,6 +57,10 @@ const (
ApisixRouteV2beta3 = "apisix.apache.org/v2beta3"
// ApisixRouteV2 represents apisixroute.apisix.apache.org/v2
ApisixRouteV2 = "apisix.apache.org/v2"
+ // ApisixV2beta3 represents apisix.apache.org/v2beta3
+ ApisixV2beta3 = "apisix.apache.org/v2beta3"
+ // ApisixV2 represents apisix.apache.org/v2
+ ApisixV2 = "apisix.apache.org/v2"
_minimalResyncInterval = 30 * time.Second
@@ -92,6 +96,7 @@ type KubernetesConfig struct {
IngressVersion string `json:"ingress_version"
yaml:"ingress_version"`
WatchEndpointSlices bool `json:"watch_endpoint_slices"
yaml:"watch_endpoint_slices"`
ApisixRouteVersion string `json:"apisix_route_version"
yaml:"apisix_route_version"`
+ ApisixTlsVersion string `json:"apisix_tls_version"
yaml:"apisix_tls_version"`
EnableGatewayAPI bool `json:"enable_gateway_api"
yaml:"enable_gateway_api"`
}
@@ -127,6 +132,7 @@ func NewDefaultConfig() *Config {
IngressClass: IngressClass,
IngressVersion: IngressNetworkingV1,
ApisixRouteVersion: ApisixRouteV2beta3,
+ ApisixTlsVersion: ApisixV2beta3,
WatchEndpointSlices: false,
EnableGatewayAPI: false,
},
diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
index 17b55052..112ebd83 100644
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@@ -45,6 +45,7 @@ func TestNewConfigFromFile(t *testing.T) {
IngressClass: IngressClass,
IngressVersion: IngressNetworkingV1,
ApisixRouteVersion: ApisixRouteV2beta3,
+ ApisixTlsVersion: ApisixV2beta3,
},
APISIX: APISIXConfig{
DefaultClusterName: "default",
@@ -126,6 +127,7 @@ func TestConfigWithEnvVar(t *testing.T) {
IngressClass: IngressClass,
IngressVersion: IngressNetworkingV1,
ApisixRouteVersion: ApisixRouteV2beta3,
+ ApisixTlsVersion: ApisixV2beta3,
},
APISIX: APISIXConfig{
DefaultClusterName: "default",
diff --git a/pkg/ingress/apisix_tls.go b/pkg/ingress/apisix_tls.go
index cf08ca27..66bc8442 100644
--- a/pkg/ingress/apisix_tls.go
+++ b/pkg/ingress/apisix_tls.go
@@ -16,6 +16,7 @@ package ingress
import (
"context"
+ "fmt"
"sync"
"time"
@@ -26,7 +27,8 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/util/workqueue"
- configv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta3"
+ "github.com/apache/apisix-ingress-controller/pkg/config"
+ "github.com/apache/apisix-ingress-controller/pkg/kube"
"github.com/apache/apisix-ingress-controller/pkg/log"
"github.com/apache/apisix-ingress-controller/pkg/types"
v1 "github.com/apache/apisix-ingress-controller/pkg/types/apisix/v1"
@@ -83,72 +85,133 @@ func (c *apisixTlsController) runWorker(ctx
context.Context) {
}
func (c *apisixTlsController) sync(ctx context.Context, ev *types.Event) error
{
- key := ev.Object.(string)
+ event := ev.Object.(kube.ApisixTlsEvent)
+ key := event.Key
namespace, name, err := cache.SplitMetaNamespaceKey(key)
if err != nil {
log.Errorf("found ApisixTls resource with invalid meta
namespace key %s: %s", key, err)
return err
}
- tls, err :=
c.controller.apisixTlsLister.ApisixTlses(namespace).Get(name)
+ var multiVersionedTls kube.ApisixTls
+ switch event.GroupVersion {
+ case config.ApisixV2beta3:
+ multiVersionedTls, err =
c.controller.apisixTlsLister.V2beta3(namespace, name)
+ case config.ApisixV2:
+ multiVersionedTls, err =
c.controller.apisixTlsLister.V2(namespace, name)
+ default:
+ return fmt.Errorf("unsupported ApisixTls group version %s",
event.GroupVersion)
+ }
+
if err != nil {
if !k8serrors.IsNotFound(err) {
- log.Errorf("failed to get ApisixTls %s: %s", key, err)
+ log.Errorw("failed to get ApisixTls",
+ zap.Error(err),
+ zap.String("key", key),
+ zap.String("version", event.GroupVersion),
+ )
return err
}
if ev.Type != types.EventDelete {
- log.Warnf("ApisixTls %s was deleted before it can be
delivered", key)
+ log.Warnw("ApisixTls %s was deleted before it can be
delivered",
+ zap.String("key", key),
+ zap.String("version", event.GroupVersion),
+ )
// Don't need to retry.
return nil
}
}
if ev.Type == types.EventDelete {
- if tls != nil {
+ if multiVersionedTls != nil {
// We still find the resource while we are processing
the DELETE event,
// that means object with same namespace and name was
created, discarding
// this stale DELETE event.
log.Warnf("discard the stale ApisixTls delete event
since the %s exists", key)
return nil
}
- tls = ev.Tombstone.(*configv2beta3.ApisixTls)
+ multiVersionedTls = ev.Tombstone.(kube.ApisixTls)
}
- ssl, err := c.controller.translator.TranslateSSL(tls)
- if err != nil {
- log.Errorw("failed to translate ApisixTls",
- zap.Error(err),
+ switch event.GroupVersion {
+ case config.ApisixV2beta3:
+ tls := multiVersionedTls.V2beta3()
+ ssl, err := c.controller.translator.TranslateSSLV2Beta3(tls)
+ if err != nil {
+ log.Errorw("failed to translate ApisixTls",
+ zap.Error(err),
+ zap.Any("ApisixTls", tls),
+ )
+ c.controller.recorderEvent(tls,
corev1.EventTypeWarning, _resourceSyncAborted, err)
+ c.controller.recordStatus(tls, _resourceSyncAborted,
err, metav1.ConditionFalse, tls.GetGeneration())
+ return err
+ }
+ log.Debugw("got SSL object from ApisixTls",
+ zap.Any("ssl", ssl),
zap.Any("ApisixTls", tls),
)
- c.controller.recorderEvent(tls, corev1.EventTypeWarning,
_resourceSyncAborted, err)
- c.controller.recordStatus(tls, _resourceSyncAborted, err,
metav1.ConditionFalse, tls.GetGeneration())
- return err
- }
- log.Debugw("got SSL object from ApisixTls",
- zap.Any("ssl", ssl),
- zap.Any("ApisixTls", tls),
- )
- secretKey := tls.Spec.Secret.Namespace + "_" + tls.Spec.Secret.Name
- c.syncSecretSSL(secretKey, key, ssl, ev.Type)
- if tls.Spec.Client != nil {
- caSecretKey := tls.Spec.Client.CASecret.Namespace + "_" +
tls.Spec.Client.CASecret.Name
- if caSecretKey != secretKey {
- c.syncSecretSSL(caSecretKey, key, ssl, ev.Type)
+ secretKey := tls.Spec.Secret.Namespace + "_" +
tls.Spec.Secret.Name
+ c.syncSecretSSL(secretKey, key, ssl, ev.Type)
+ if tls.Spec.Client != nil {
+ caSecretKey := tls.Spec.Client.CASecret.Namespace + "_"
+ tls.Spec.Client.CASecret.Name
+ if caSecretKey != secretKey {
+ c.syncSecretSSL(caSecretKey, key, ssl, ev.Type)
+ }
}
- }
- if err := c.controller.syncSSL(ctx, ssl, ev.Type); err != nil {
- log.Errorw("failed to sync SSL to APISIX",
- zap.Error(err),
+ if err := c.controller.syncSSL(ctx, ssl, ev.Type); err != nil {
+ log.Errorw("failed to sync SSL to APISIX",
+ zap.Error(err),
+ zap.Any("ssl", ssl),
+ )
+ c.controller.recorderEvent(tls,
corev1.EventTypeWarning, _resourceSyncAborted, err)
+ c.controller.recordStatus(tls, _resourceSyncAborted,
err, metav1.ConditionFalse, tls.GetGeneration())
+ return err
+ }
+ c.controller.recorderEvent(tls, corev1.EventTypeNormal,
_resourceSynced, nil)
+ c.controller.recordStatus(tls, _resourceSynced, nil,
metav1.ConditionTrue, tls.GetGeneration())
+ return err
+ case config.ApisixV2:
+ tls := multiVersionedTls.V2()
+ ssl, err := c.controller.translator.TranslateSSLV2(tls)
+ if err != nil {
+ log.Errorw("failed to translate ApisixTls",
+ zap.Error(err),
+ zap.Any("ApisixTls", tls),
+ )
+ c.controller.recorderEvent(tls,
corev1.EventTypeWarning, _resourceSyncAborted, err)
+ c.controller.recordStatus(tls, _resourceSyncAborted,
err, metav1.ConditionFalse, tls.GetGeneration())
+ return err
+ }
+ log.Debugw("got SSL object from ApisixTls",
zap.Any("ssl", ssl),
+ zap.Any("ApisixTls", tls),
)
- c.controller.recorderEvent(tls, corev1.EventTypeWarning,
_resourceSyncAborted, err)
- c.controller.recordStatus(tls, _resourceSyncAborted, err,
metav1.ConditionFalse, tls.GetGeneration())
+
+ secretKey := tls.Spec.Secret.Namespace + "_" +
tls.Spec.Secret.Name
+ c.syncSecretSSL(secretKey, key, ssl, ev.Type)
+ if tls.Spec.Client != nil {
+ caSecretKey := tls.Spec.Client.CASecret.Namespace + "_"
+ tls.Spec.Client.CASecret.Name
+ if caSecretKey != secretKey {
+ c.syncSecretSSL(caSecretKey, key, ssl, ev.Type)
+ }
+ }
+
+ if err := c.controller.syncSSL(ctx, ssl, ev.Type); err != nil {
+ log.Errorw("failed to sync SSL to APISIX",
+ zap.Error(err),
+ zap.Any("ssl", ssl),
+ )
+ c.controller.recorderEvent(tls,
corev1.EventTypeWarning, _resourceSyncAborted, err)
+ c.controller.recordStatus(tls, _resourceSyncAborted,
err, metav1.ConditionFalse, tls.GetGeneration())
+ return err
+ }
+ c.controller.recorderEvent(tls, corev1.EventTypeNormal,
_resourceSynced, nil)
+ c.controller.recordStatus(tls, _resourceSynced, nil,
metav1.ConditionTrue, tls.GetGeneration())
return err
+ default:
+ return fmt.Errorf("unsupported ApisixTls group version %s",
event.GroupVersion)
}
- c.controller.recorderEvent(tls, corev1.EventTypeNormal,
_resourceSynced, nil)
- c.controller.recordStatus(tls, _resourceSynced, nil,
metav1.ConditionTrue, tls.GetGeneration())
- return err
}
func (c *apisixTlsController) syncSecretSSL(secretKey string, apisixTlsKey
string, ssl *v1.Ssl, event types.EventType) {
@@ -177,10 +240,12 @@ func (c *apisixTlsController) handleSyncErr(obj
interface{}, err error) {
}
event := obj.(*types.Event)
+ ev := event.Object.(kube.ApisixTlsEvent)
if k8serrors.IsNotFound(err) && event.Type != types.EventDelete {
log.Infow("sync ApisixTls but not found, ignore",
zap.String("event_type", event.Type.String()),
- zap.String("ApisixTls", event.Object.(string)),
+ zap.String("ApisixTls", ev.Key),
+ zap.String("version", ev.GroupVersion),
)
c.workqueue.Forget(event)
return
@@ -194,6 +259,11 @@ func (c *apisixTlsController) handleSyncErr(obj
interface{}, err error) {
}
func (c *apisixTlsController) onAdd(obj interface{}) {
+ tls, err := kube.NewApisixTls(obj)
+ if err != nil {
+ log.Errorw("found ApisixTls resource with bad type",
zap.Error(err))
+ return
+ }
key, err := cache.MetaNamespaceKeyFunc(obj)
if err != nil {
log.Errorf("found ApisixTls object with bad namespace/name: %s,
ignore it", err)
@@ -206,17 +276,28 @@ func (c *apisixTlsController) onAdd(obj interface{}) {
zap.Any("object", obj),
)
c.workqueue.Add(&types.Event{
- Type: types.EventAdd,
- Object: key,
+ Type: types.EventAdd,
+ Object: kube.ApisixTlsEvent{
+ Key: key,
+ GroupVersion: tls.GroupVersion(),
+ },
})
c.controller.MetricsCollector.IncrEvents("TLS", "add")
}
func (c *apisixTlsController) onUpdate(prev, curr interface{}) {
- oldTls := prev.(*configv2beta3.ApisixTls)
- newTls := curr.(*configv2beta3.ApisixTls)
- if oldTls.GetResourceVersion() >= newTls.GetResourceVersion() {
+ oldTls, err := kube.NewApisixTls(prev)
+ if err != nil {
+ log.Errorw("found ApisixTls resource with bad type",
zap.Error(err))
+ return
+ }
+ newTls, err := kube.NewApisixTls(curr)
+ if err != nil {
+ log.Errorw("found ApisixTls resource with bad type",
zap.Error(err))
+ return
+ }
+ if oldTls.ResourceVersion() >= newTls.ResourceVersion() {
return
}
key, err := cache.MetaNamespaceKeyFunc(curr)
@@ -232,22 +313,27 @@ func (c *apisixTlsController) onUpdate(prev, curr
interface{}) {
zap.Any("old object", prev),
)
c.workqueue.Add(&types.Event{
- Type: types.EventUpdate,
- Object: key,
+ Type: types.EventUpdate,
+ Object: kube.ApisixTlsEvent{
+ Key: key,
+ OldObject: oldTls,
+ GroupVersion: newTls.GroupVersion(),
+ },
})
c.controller.MetricsCollector.IncrEvents("TLS", "update")
}
func (c *apisixTlsController) onDelete(obj interface{}) {
- tls, ok := obj.(*configv2beta3.ApisixTls)
- if !ok {
+ tls, err := kube.NewApisixTls(obj)
+ if err != nil {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok {
return
}
- tls, ok = tombstone.Obj.(*configv2beta3.ApisixTls)
- if !ok {
+ tls, err = kube.NewApisixTls(tombstone)
+ if err != nil {
+ log.Errorw("found ApisixTls resource with bad type",
zap.Error(err))
return
}
}
@@ -263,8 +349,11 @@ func (c *apisixTlsController) onDelete(obj interface{}) {
zap.Any("final state", obj),
)
c.workqueue.Add(&types.Event{
- Type: types.EventDelete,
- Object: key,
+ Type: types.EventDelete,
+ Object: kube.ApisixTlsEvent{
+ Key: key,
+ GroupVersion: tls.GroupVersion(),
+ },
Tombstone: tls,
})
diff --git a/pkg/ingress/compare.go b/pkg/ingress/compare.go
index c689e917..6d2f560d 100644
--- a/pkg/ingress/compare.go
+++ b/pkg/ingress/compare.go
@@ -107,14 +107,14 @@ func (c *Controller) CompareResources(ctx
context.Context) error {
// todo ApisixUpstream and ApisixPluginConfig
// ApisixUpstream and ApisixPluginConfig should be
synced with ApisixRoute resource
- // ApisixSSL
+ // ApisixSSL TODO: Support v2?
retSSL, err :=
c.kubeClient.APISIXClient.ApisixV2beta3().ApisixTlses(ns).List(ctx, opts)
if err != nil {
log.Error(err.Error())
ctx.Done()
} else {
for _, s := range retSSL.Items {
- ssl, err :=
c.translator.TranslateSSL(&s)
+ ssl, err :=
c.translator.TranslateSSLV2Beta3(&s)
if err != nil {
log.Error(err.Error())
ctx.Done()
diff --git a/pkg/ingress/controller.go b/pkg/ingress/controller.go
index 8721d3be..6755dc51 100644
--- a/pkg/ingress/controller.go
+++ b/pkg/ingress/controller.go
@@ -109,7 +109,7 @@ type Controller struct {
apisixUpstreamLister listersv2beta3.ApisixUpstreamLister
apisixRouteLister kube.ApisixRouteLister
apisixRouteInformer cache.SharedIndexInformer
- apisixTlsLister listersv2beta3.ApisixTlsLister
+ apisixTlsLister kube.ApisixTlsLister
apisixTlsInformer cache.SharedIndexInformer
apisixClusterConfigLister listersv2beta3.ApisixClusterConfigLister
apisixClusterConfigInformer cache.SharedIndexInformer
@@ -202,6 +202,7 @@ func (c *Controller) initWhenStartLeading() {
var (
ingressInformer cache.SharedIndexInformer
apisixRouteInformer cache.SharedIndexInformer
+ apisixTlsInformer cache.SharedIndexInformer
)
kubeFactory := c.kubeClient.NewSharedIndexInformerFactory()
@@ -224,7 +225,10 @@ func (c *Controller) initWhenStartLeading() {
apisixFactory.Apisix().V2().ApisixRoutes().Lister(),
)
c.apisixUpstreamLister =
apisixFactory.Apisix().V2beta3().ApisixUpstreams().Lister()
- c.apisixTlsLister =
apisixFactory.Apisix().V2beta3().ApisixTlses().Lister()
+ c.apisixTlsLister = kube.NewApisixTlsLister(
+ apisixFactory.Apisix().V2beta3().ApisixTlses().Lister(),
+ apisixFactory.Apisix().V2().ApisixTlses().Lister(),
+ )
c.apisixClusterConfigLister =
apisixFactory.Apisix().V2beta3().ApisixClusterConfigs().Lister()
c.apisixConsumerLister =
apisixFactory.Apisix().V2beta3().ApisixConsumers().Lister()
c.apisixPluginConfigLister = kube.NewApisixPluginConfigLister(
@@ -259,6 +263,17 @@ func (c *Controller) initWhenStartLeading() {
apisixRouteInformer =
apisixFactory.Apisix().V2beta3().ApisixRoutes().Informer()
case config.ApisixRouteV2:
apisixRouteInformer =
apisixFactory.Apisix().V2().ApisixRoutes().Informer()
+ default:
+ panic(fmt.Errorf("unsupported ApisixRoute version %s",
c.cfg.Kubernetes.ApisixRouteVersion))
+ }
+
+ switch c.cfg.Kubernetes.ApisixTlsVersion {
+ case config.ApisixV2beta3:
+ apisixTlsInformer =
apisixFactory.Apisix().V2beta3().ApisixTlses().Informer()
+ case config.ApisixV2:
+ apisixTlsInformer =
apisixFactory.Apisix().V2().ApisixTlses().Informer()
+ default:
+ panic(fmt.Errorf("unsupported ApisixTls version %s",
c.cfg.Kubernetes.ApisixTlsVersion))
}
c.namespaceInformer = kubeFactory.Core().V1().Namespaces().Informer()
@@ -269,7 +284,7 @@ func (c *Controller) initWhenStartLeading() {
c.apisixUpstreamInformer =
apisixFactory.Apisix().V2beta3().ApisixUpstreams().Informer()
c.apisixClusterConfigInformer =
apisixFactory.Apisix().V2beta3().ApisixClusterConfigs().Informer()
c.secretInformer = kubeFactory.Core().V1().Secrets().Informer()
- c.apisixTlsInformer =
apisixFactory.Apisix().V2beta3().ApisixTlses().Informer()
+ c.apisixTlsInformer = apisixTlsInformer
c.apisixConsumerInformer =
apisixFactory.Apisix().V2beta3().ApisixConsumers().Informer()
c.apisixPluginConfigInformer =
apisixFactory.Apisix().V2beta3().ApisixPluginConfigs().Informer()
diff --git a/pkg/ingress/secret.go b/pkg/ingress/secret.go
index 85db804c..9e1227cb 100644
--- a/pkg/ingress/secret.go
+++ b/pkg/ingress/secret.go
@@ -28,6 +28,8 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/util/workqueue"
+ "github.com/apache/apisix-ingress-controller/pkg/config"
+ configv2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2"
configv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta3"
"github.com/apache/apisix-ingress-controller/pkg/log"
"github.com/apache/apisix-ingress-controller/pkg/types"
@@ -132,7 +134,18 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
return nil
}
sslMap := ssls.(*sync.Map)
- sslMap.Range(func(k, v interface{}) bool {
+
+ switch c.controller.cfg.Kubernetes.ApisixTlsVersion {
+ case config.ApisixV2beta3:
+ sslMap.Range(c.syncV2Beta3Handler(ctx, ev, sec, key))
+ case config.ApisixV2:
+ sslMap.Range(c.syncV2Handler(ctx, ev, sec, key))
+ }
+ return err
+}
+
+func (c *secretController) syncV2Beta3Handler(ctx context.Context, ev
*types.Event, secret *corev1.Secret, secretKey string) func(k, v interface{})
bool {
+ return func(k, v interface{}) bool {
ssl := v.(*apisixv1.Ssl)
tlsMetaKey := k.(string)
tlsNamespace, tlsName, err :=
cache.SplitMetaNamespaceKey(tlsMetaKey)
@@ -140,17 +153,19 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
log.Errorf("invalid cached ApisixTls key: %s",
tlsMetaKey)
return true
}
- tls, err :=
c.controller.apisixTlsLister.ApisixTlses(tlsNamespace).Get(tlsName)
+
+ multiVersioned, err :=
c.controller.apisixTlsLister.V2beta3(tlsNamespace, tlsName)
if err != nil {
log.Warnw("secret related ApisixTls resource not found,
skip",
zap.String("ApisixTls", tlsMetaKey),
)
return true
}
+ tls := multiVersioned.V2beta3()
// We don't expect a secret to be used as both SSL and mTLS in
ApisixTls
- if tls.Spec.Secret.Namespace == sec.Namespace &&
tls.Spec.Secret.Name == sec.Name {
- cert, pkey, err :=
c.controller.translator.ExtractKeyPair(sec, true)
+ if tls.Spec.Secret.Namespace == secret.Namespace &&
tls.Spec.Secret.Name == secret.Name {
+ cert, pkey, err :=
c.controller.translator.ExtractKeyPair(secret, true)
if err != nil {
log.Errorw("secret required by ApisixTls
invalid",
zap.String("ApisixTls", tlsMetaKey),
@@ -158,7 +173,7 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
)
go func(tls *configv2beta3.ApisixTls) {
c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
- fmt.Sprintf("sync from secret
%s changes failed, error: %s", key, err.Error()))
+ fmt.Sprintf("sync from secret
%s changes failed, error: %s", secretKey, err.Error()))
c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
}(tls)
return true
@@ -167,8 +182,8 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
ssl.Cert = string(cert)
ssl.Key = string(pkey)
} else if tls.Spec.Client != nil &&
- tls.Spec.Client.CASecret.Namespace == sec.Namespace &&
tls.Spec.Client.CASecret.Name == sec.Name {
- ca, _, err :=
c.controller.translator.ExtractKeyPair(sec, false)
+ tls.Spec.Client.CASecret.Namespace == secret.Namespace
&& tls.Spec.Client.CASecret.Name == secret.Name {
+ ca, _, err :=
c.controller.translator.ExtractKeyPair(secret, false)
if err != nil {
log.Errorw("ca secret required by ApisixTls
invalid",
zap.String("ApisixTls", tlsMetaKey),
@@ -176,7 +191,7 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
)
go func(tls *configv2beta3.ApisixTls) {
c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
- fmt.Sprintf("sync from ca
secret %s changes failed, error: %s", key, err.Error()))
+ fmt.Sprintf("sync from ca
secret %s changes failed, error: %s", secretKey, err.Error()))
c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
}(tls)
return true
@@ -187,7 +202,7 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
} else {
log.Warnw("stale secret cache, ApisixTls doesn't
requires target secret",
zap.String("ApisixTls", tlsMetaKey),
- zap.String("secret", key),
+ zap.String("secret", secretKey),
)
return true
}
@@ -199,20 +214,104 @@ func (c *secretController) sync(ctx context.Context, ev
*types.Event) error {
log.Errorw("failed to sync ssl to APISIX",
zap.Error(err),
zap.Any("ssl", ssl),
- zap.Any("secret", sec),
+ zap.Any("secret", secret),
)
c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
- fmt.Sprintf("sync from secret %s
changes failed, error: %s", key, err.Error()))
+ fmt.Sprintf("sync from secret %s
changes failed, error: %s", secretKey, err.Error()))
c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
} else {
c.controller.recorderEventS(tls,
corev1.EventTypeNormal, _resourceSynced,
- fmt.Sprintf("sync from secret %s
changes", key))
+ fmt.Sprintf("sync from secret %s
changes", secretKey))
c.controller.recordStatus(tls, _resourceSynced,
nil, metav1.ConditionTrue, tls.GetGeneration())
}
}(ssl, tls)
return true
- })
- return err
+ }
+}
+
+func (c *secretController) syncV2Handler(ctx context.Context, ev *types.Event,
secret *corev1.Secret, secretKey string) func(k, v interface{}) bool {
+ return func(k, v interface{}) bool {
+ ssl := v.(*apisixv1.Ssl)
+ tlsMetaKey := k.(string)
+ tlsNamespace, tlsName, err :=
cache.SplitMetaNamespaceKey(tlsMetaKey)
+ if err != nil {
+ log.Errorf("invalid cached ApisixTls key: %s",
tlsMetaKey)
+ return true
+ }
+
+ multiVersioned, err :=
c.controller.apisixTlsLister.V2(tlsNamespace, tlsName)
+ if err != nil {
+ log.Warnw("secret related ApisixTls resource not found,
skip",
+ zap.String("ApisixTls", tlsMetaKey),
+ )
+ return true
+ }
+ tls := multiVersioned.V2()
+
+ // We don't expect a secret to be used as both SSL and mTLS in
ApisixTls
+ if tls.Spec.Secret.Namespace == secret.Namespace &&
tls.Spec.Secret.Name == secret.Name {
+ cert, pkey, err :=
c.controller.translator.ExtractKeyPair(secret, true)
+ if err != nil {
+ log.Errorw("secret required by ApisixTls
invalid",
+ zap.String("ApisixTls", tlsMetaKey),
+ zap.Error(err),
+ )
+ go func(tls *configv2.ApisixTls) {
+ c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
+ fmt.Sprintf("sync from secret
%s changes failed, error: %s", secretKey, err.Error()))
+ c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
+ }(tls)
+ return true
+ }
+ // sync ssl
+ ssl.Cert = string(cert)
+ ssl.Key = string(pkey)
+ } else if tls.Spec.Client != nil &&
+ tls.Spec.Client.CASecret.Namespace == secret.Namespace
&& tls.Spec.Client.CASecret.Name == secret.Name {
+ ca, _, err :=
c.controller.translator.ExtractKeyPair(secret, false)
+ if err != nil {
+ log.Errorw("ca secret required by ApisixTls
invalid",
+ zap.String("ApisixTls", tlsMetaKey),
+ zap.Error(err),
+ )
+ go func(tls *configv2.ApisixTls) {
+ c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
+ fmt.Sprintf("sync from ca
secret %s changes failed, error: %s", secretKey, err.Error()))
+ c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
+ }(tls)
+ return true
+ }
+ ssl.Client = &apisixv1.MutualTLSClientConfig{
+ CA: string(ca),
+ }
+ } else {
+ log.Warnw("stale secret cache, ApisixTls doesn't
requires target secret",
+ zap.String("ApisixTls", tlsMetaKey),
+ zap.String("secret", secretKey),
+ )
+ return true
+ }
+ // Use another goroutine to send requests, to avoid
+ // long time lock occupying.
+ go func(ssl *apisixv1.Ssl, tls *configv2.ApisixTls) {
+ err := c.controller.syncSSL(ctx, ssl, ev.Type)
+ if err != nil {
+ log.Errorw("failed to sync ssl to APISIX",
+ zap.Error(err),
+ zap.Any("ssl", ssl),
+ zap.Any("secret", secret),
+ )
+ c.controller.recorderEventS(tls,
corev1.EventTypeWarning, _resourceSyncAborted,
+ fmt.Sprintf("sync from secret %s
changes failed, error: %s", secretKey, err.Error()))
+ c.controller.recordStatus(tls,
_resourceSyncAborted, err, metav1.ConditionFalse, tls.GetGeneration())
+ } else {
+ c.controller.recorderEventS(tls,
corev1.EventTypeNormal, _resourceSynced,
+ fmt.Sprintf("sync from secret %s
changes", secretKey))
+ c.controller.recordStatus(tls, _resourceSynced,
nil, metav1.ConditionTrue, tls.GetGeneration())
+ }
+ }(ssl, tls)
+ return true
+ }
}
func (c *secretController) handleSyncErr(obj interface{}, err error) {
diff --git a/pkg/ingress/status.go b/pkg/ingress/status.go
index 67c00f55..db9c4cf2 100644
--- a/pkg/ingress/status.go
+++ b/pkg/ingress/status.go
@@ -32,6 +32,7 @@ import (
"k8s.io/client-go/tools/cache"
gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+ configv2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2"
configv2beta2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta2"
configv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta3"
"github.com/apache/apisix-ingress-controller/pkg/log"
@@ -91,6 +92,23 @@ func (c *Controller) recordStatus(at interface{}, reason
string, err error, stat
)
}
}
+ case *configv2.ApisixTls:
+ // set to status
+ if v.Status.Conditions == nil {
+ conditions := make([]metav1.Condition, 0)
+ v.Status.Conditions = conditions
+ }
+ if c.verifyGeneration(&v.Status.Conditions, condition) {
+ meta.SetStatusCondition(&v.Status.Conditions, condition)
+ if _, errRecord :=
client.ApisixV2().ApisixTlses(v.Namespace).
+ UpdateStatus(context.TODO(), v,
metav1.UpdateOptions{}); errRecord != nil {
+ log.Errorw("failed to record status change for
ApisixTls",
+ zap.Error(errRecord),
+ zap.String("name", v.Name),
+ zap.String("namespace", v.Namespace),
+ )
+ }
+ }
case *configv2beta3.ApisixUpstream:
// set to status
if v.Status.Conditions == nil {
diff --git a/pkg/kube/apisix_tls.go b/pkg/kube/apisix_tls.go
new file mode 100644
index 00000000..a3938748
--- /dev/null
+++ b/pkg/kube/apisix_tls.go
@@ -0,0 +1,167 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package kube
+
+import (
+ "fmt"
+
+ "github.com/apache/apisix-ingress-controller/pkg/config"
+ configv2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2"
+ configv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta3"
+ listersv2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/client/listers/config/v2"
+ listersv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/client/listers/config/v2beta3"
+)
+
+// ApisixTlsLister is an encapsulation for the lister of ApisixTls,
+// it aims at to be compatible with different ApisixTls versions.
+type ApisixTlsLister interface {
+ // V2beta3 gets the ApisixTls in apisix.apache.org/v2beta3.
+ V2beta3(string, string) (ApisixTls, error)
+ // V2 gets the ApisixTls in apisix.apache.org/v2.
+ V2(string, string) (ApisixTls, error)
+}
+
+// ApisixTlsInformer is an encapsulation for the informer of ApisixTls,
+// it aims at to be compatible with different ApisixTls versions.
+type ApisixTlsInformer interface {
+ Run(chan struct{})
+}
+
+// ApisixTls is an encapsulation for ApisixTls resource with different
+// versions, for now, they are apisix.apache.org/v1 and
apisix.apache.org/v2alpha1
+type ApisixTls interface {
+ // GroupVersion returns the api group version of the
+ // real ApisixTls.
+ GroupVersion() string
+ // V2beta3 returns the ApisixTls in apisix.apache.org/v2beta3, the real
+ // ApisixTls must be in this group version, otherwise will panic.
+ V2beta3() *configv2beta3.ApisixTls
+ // V2 returns the ApisixTls in apisix.apache.org/v2, the real
+ // ApisixTls must be in this group version, otherwise will panic.
+ V2() *configv2.ApisixTls
+ // ResourceVersion returns the the resource version field inside
+ // the real ApisixTls.
+ ResourceVersion() string
+}
+
+// ApisixTlsEvent contains the ApisixTls key (namespace/name)
+// and the group version message.
+type ApisixTlsEvent struct {
+ Key string
+ OldObject ApisixTls
+ GroupVersion string
+}
+
+type apisixTls struct {
+ groupVersion string
+ v2beta3 *configv2beta3.ApisixTls
+ v2 *configv2.ApisixTls
+}
+
+func (atls *apisixTls) V2beta3() *configv2beta3.ApisixTls {
+ if atls.groupVersion != config.ApisixV2beta3 {
+ panic("not a apisix.apache.org/v2beta3 ApisixTls")
+ }
+ return atls.v2beta3
+}
+func (atls *apisixTls) V2() *configv2.ApisixTls {
+ if atls.groupVersion != config.ApisixV2 {
+ panic("not a apisix.apache.org/v2 ApisixTls")
+ }
+ return atls.v2
+}
+
+func (atls *apisixTls) GroupVersion() string {
+ return atls.groupVersion
+}
+
+func (atls *apisixTls) ResourceVersion() string {
+ if atls.groupVersion == config.ApisixV2beta3 {
+ return atls.V2beta3().ResourceVersion
+ }
+ return atls.V2().ResourceVersion
+}
+
+type apisixTlsLister struct {
+ v2beta3Lister listersv2beta3.ApisixTlsLister
+ v2Lister listersv2.ApisixTlsLister
+}
+
+func (l *apisixTlsLister) V2beta3(namespace, name string) (ApisixTls, error) {
+ ar, err := l.v2beta3Lister.ApisixTlses(namespace).Get(name)
+ if err != nil {
+ return nil, err
+ }
+ return &apisixTls{
+ groupVersion: config.ApisixV2beta3,
+ v2beta3: ar,
+ }, nil
+}
+func (l *apisixTlsLister) V2(namespace, name string) (ApisixTls, error) {
+ ar, err := l.v2Lister.ApisixTlses(namespace).Get(name)
+ if err != nil {
+ return nil, err
+ }
+ return &apisixTls{
+ groupVersion: config.ApisixV2,
+ v2: ar,
+ }, nil
+}
+
+// MustNewApisixTls creates a kube.ApisixTls object according to the
+// type of obj.
+func MustNewApisixTls(obj interface{}) ApisixTls {
+ switch ar := obj.(type) {
+ case *configv2beta3.ApisixTls:
+ return &apisixTls{
+ groupVersion: config.ApisixV2beta3,
+ v2beta3: ar,
+ }
+ case *configv2.ApisixTls:
+ return &apisixTls{
+ groupVersion: config.ApisixV2,
+ v2: ar,
+ }
+ default:
+ panic("invalid ApisixTls type")
+ }
+}
+
+// NewApisixTls creates a kube.ApisixTls object according to the
+// type of obj. It returns nil and the error reason when the
+// type assertion fails.
+func NewApisixTls(obj interface{}) (ApisixTls, error) {
+ switch ar := obj.(type) {
+ case *configv2beta3.ApisixTls:
+ return &apisixTls{
+ groupVersion: config.ApisixV2beta3,
+ v2beta3: ar,
+ }, nil
+ case *configv2.ApisixTls:
+ return &apisixTls{
+ groupVersion: config.ApisixV2,
+ v2: ar,
+ }, nil
+ default:
+ return nil, fmt.Errorf("invalid ApisixTls type %T", ar)
+ }
+}
+
+func NewApisixTlsLister(v2beta3 listersv2beta3.ApisixTlsLister, v2
listersv2.ApisixTlsLister) ApisixTlsLister {
+ return &apisixTlsLister{
+ v2beta3Lister: v2beta3,
+ v2Lister: v2,
+ }
+}
diff --git a/pkg/kube/translation/apisix_ssl.go
b/pkg/kube/translation/apisix_ssl.go
index 87894e75..60450fa0 100644
--- a/pkg/kube/translation/apisix_ssl.go
+++ b/pkg/kube/translation/apisix_ssl.go
@@ -20,6 +20,7 @@ import (
v1 "k8s.io/api/core/v1"
"github.com/apache/apisix-ingress-controller/pkg/id"
+ configv2
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2"
configv2beta3
"github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v2beta3"
apisixv1
"github.com/apache/apisix-ingress-controller/pkg/types/apisix/v1"
)
@@ -33,7 +34,49 @@ var (
ErrEmptyPrivKey = errors.New("missing key field")
)
-func (t *translator) TranslateSSL(tls *configv2beta3.ApisixTls)
(*apisixv1.Ssl, error) {
+func (t *translator) TranslateSSLV2Beta3(tls *configv2beta3.ApisixTls)
(*apisixv1.Ssl, error) {
+ s, err :=
t.SecretLister.Secrets(tls.Spec.Secret.Namespace).Get(tls.Spec.Secret.Name)
+ if err != nil {
+ return nil, err
+ }
+ cert, key, err := t.ExtractKeyPair(s, true)
+ if err != nil {
+ return nil, err
+ }
+
+ var snis []string
+ for _, host := range tls.Spec.Hosts {
+ snis = append(snis, string(host))
+ }
+ ssl := &apisixv1.Ssl{
+ ID: id.GenID(tls.Namespace + "_" + tls.Name),
+ Snis: snis,
+ Cert: string(cert),
+ Key: string(key),
+ Status: 1,
+ Labels: map[string]string{
+ "managed-by": "apisix-ingress-controller",
+ },
+ }
+ if tls.Spec.Client != nil {
+ caSecret, err :=
t.SecretLister.Secrets(tls.Spec.Client.CASecret.Namespace).Get(tls.Spec.Client.CASecret.Name)
+ if err != nil {
+ return nil, err
+ }
+ ca, _, err := t.ExtractKeyPair(caSecret, false)
+ if err != nil {
+ return nil, err
+ }
+ ssl.Client = &apisixv1.MutualTLSClientConfig{
+ CA: string(ca),
+ Depth: tls.Spec.Client.Depth,
+ }
+ }
+
+ return ssl, nil
+}
+
+func (t *translator) TranslateSSLV2(tls *configv2.ApisixTls) (*apisixv1.Ssl,
error) {
s, err :=
t.SecretLister.Secrets(tls.Spec.Secret.Namespace).Get(tls.Spec.Secret.Name)
if err != nil {
return nil, err
diff --git a/pkg/kube/translation/ingress.go b/pkg/kube/translation/ingress.go
index 1e406261..3724981b 100644
--- a/pkg/kube/translation/ingress.go
+++ b/pkg/kube/translation/ingress.go
@@ -46,7 +46,7 @@ func (t *translator) translateIngressV1(ing
*networkingv1.Ingress) (*TranslateCo
useRegex :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix + "use-regex")
// add https
for _, tls := range ing.Spec.TLS {
- apisixTls := kubev2beta3.ApisixTls{
+ apisixTls := kubev2.ApisixTls{
TypeMeta: metav1.TypeMeta{
Kind: "ApisixTls",
APIVersion: "apisix.apache.org/v1",
@@ -55,16 +55,16 @@ func (t *translator) translateIngressV1(ing
*networkingv1.Ingress) (*TranslateCo
Name: fmt.Sprintf("%v-%v", ing.Name,
"tls"),
Namespace: ing.Namespace,
},
- Spec: &kubev2beta3.ApisixTlsSpec{},
+ Spec: &kubev2.ApisixTlsSpec{},
}
for _, host := range tls.Hosts {
- apisixTls.Spec.Hosts = append(apisixTls.Spec.Hosts,
kubev2beta3.HostType(host))
+ apisixTls.Spec.Hosts = append(apisixTls.Spec.Hosts,
kubev2.HostType(host))
}
- apisixTls.Spec.Secret = kubev2beta3.ApisixSecret{
+ apisixTls.Spec.Secret = kubev2.ApisixSecret{
Name: tls.SecretName,
Namespace: ing.Namespace,
}
- ssl, err := t.TranslateSSL(&apisixTls)
+ ssl, err := t.TranslateSSLV2(&apisixTls)
if err != nil {
log.Errorw("failed to translate ingress tls to apisix
tls",
zap.Error(err),
@@ -181,7 +181,7 @@ func (t *translator) translateIngressV1beta1(ing
*networkingv1beta1.Ingress) (*T
Name: tls.SecretName,
Namespace: ing.Namespace,
}
- ssl, err := t.TranslateSSL(&apisixTls)
+ ssl, err := t.TranslateSSLV2Beta3(&apisixTls)
if err != nil {
log.Errorw("failed to translate ingress tls to apisix
tls",
zap.Error(err),
diff --git a/pkg/kube/translation/translator.go
b/pkg/kube/translation/translator.go
index 69aeb31c..c5217aa3 100644
--- a/pkg/kube/translation/translator.go
+++ b/pkg/kube/translation/translator.go
@@ -83,8 +83,10 @@ type Translator interface {
// TranslateRouteV2NotStrictly translates the configv2.ApisixRoute
object into several Route,
// Upstream and PluginConfig resources not strictly, only used for
delete event.
TranslateRouteV2NotStrictly(*configv2.ApisixRoute) (*TranslateContext,
error)
- // TranslateSSL translates the configv2beta3.ApisixTls object into the
APISIX SSL resource.
- TranslateSSL(*configv2beta3.ApisixTls) (*apisixv1.Ssl, error)
+ // TranslateSSLV2Beta3 translates the configv2beta3.ApisixTls object
into the APISIX SSL resource.
+ TranslateSSLV2Beta3(*configv2beta3.ApisixTls) (*apisixv1.Ssl, error)
+ // TranslateSSLV2 translates the configv2.ApisixTls object into the
APISIX SSL resource.
+ TranslateSSLV2(*configv2.ApisixTls) (*apisixv1.Ssl, error)
// TranslateClusterConfig translates the
configv2beta3.ApisixClusterConfig object into the APISIX
// Global Rule resource.
TranslateClusterConfig(*configv2beta3.ApisixClusterConfig)
(*apisixv1.GlobalRule, error)
diff --git a/test/e2e/scaffold/scaffold.go b/test/e2e/scaffold/scaffold.go
index 3aa2b678..3dfa86bf 100644
--- a/test/e2e/scaffold/scaffold.go
+++ b/test/e2e/scaffold/scaffold.go
@@ -32,6 +32,7 @@ import (
"text/template"
"time"
+ "github.com/apache/apisix-ingress-controller/pkg/config"
"github.com/apache/apisix-ingress-controller/pkg/kube"
"github.com/gavv/httpexpect/v2"
"github.com/gruntwork-io/terratest/modules/k8s"
@@ -50,6 +51,7 @@ type Options struct {
IngressAPISIXReplicas int
HTTPBinServicePort int
APISIXRouteVersion string
+ APISIXTlsVersion string
APISIXAdminAPIKey string
EnableWebhooks bool
APISIXPublishAddress string
@@ -104,6 +106,9 @@ func NewScaffold(o *Options) *Scaffold {
if o.APISIXRouteVersion == "" {
o.APISIXRouteVersion = kube.ApisixRouteV2beta3
}
+ if o.APISIXTlsVersion == "" {
+ o.APISIXTlsVersion = config.ApisixV2beta3
+ }
if o.APISIXAdminAPIKey == "" {
o.APISIXAdminAPIKey = "edd1c9f034335f136f87ad84b625c8f1"
}
@@ -129,6 +134,7 @@ func NewDefaultScaffold() *Scaffold {
IngressAPISIXReplicas: 1,
HTTPBinServicePort: 80,
APISIXRouteVersion: kube.ApisixRouteV2beta3,
+ APISIXTlsVersion: config.ApisixV2beta3,
EnableWebhooks: false,
APISIXPublishAddress: "",
}
diff --git a/test/e2e/suite-features/global_rule.go
b/test/e2e/suite-features/global_rule.go
index 773e19b8..4e977410 100644
--- a/test/e2e/suite-features/global_rule.go
+++ b/test/e2e/suite-features/global_rule.go
@@ -19,10 +19,10 @@ import (
"net/http"
"time"
+ "github.com/apache/apisix-ingress-controller/pkg/id"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
- "github.com/apache/apisix-ingress-controller/pkg/id"
"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
)
diff --git a/test/e2e/suite-ingress/ingress.go
b/test/e2e/suite-ingress/ingress.go
index 33ebfca1..aa8ad33a 100644
--- a/test/e2e/suite-ingress/ingress.go
+++ b/test/e2e/suite-ingress/ingress.go
@@ -21,11 +21,11 @@ import (
"net/http"
"time"
+ "github.com/apache/apisix-ingress-controller/pkg/id"
"github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
- "github.com/apache/apisix-ingress-controller/pkg/id"
"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
)
