fix: r

ronething · ronething · commit 5cf5ec73a2a9 · 2025-04-14T23:43:46.000+08:00
Signed-off-by: ashing &lt;axingfly@gmail.com&gt;
diff --git a/internal/controller/consumer_controller.go b/internal/controller/consumer_controller.go
@@ -138,6 +138,17 @@ func (r *ConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	var statusErr error
 	tctx := provider.NewDefaultTranslateContext()
 
+	gateway, err := r.getGateway(ctx, consumer)
+	if err != nil {
+		r.Log.Error(err, "failed to get gateway", "consumer", consumer)
+		statusErr = err
+	}
+
+	if err := ProcessGatewayProxy(r.Client, tctx, gateway); err != nil {
+		r.Log.Error(err, "failed to process gateway proxy", "gateway", gateway)
+		statusErr = err
+	}
+
 	if err := r.processSpec(ctx, tctx, consumer); err != nil {
 		r.Log.Error(err, "failed to process consumer spec", "consumer", consumer)
 		statusErr = err
@@ -201,6 +212,22 @@ func (r *ConsumerReconciler) updateStatus(ctx context.Context, consumer *v1alpha
 	return nil
 }
 
+func (r *ConsumerReconciler) getGateway(ctx context.Context, consumer *v1alpha1.Consumer) (*gatewayv1.Gateway, error) {
+	ns := consumer.GetNamespace()
+	if consumer.Spec.GatewayRef.Namespace != nil {
+		ns = *consumer.Spec.GatewayRef.Namespace
+	}
+	gateway := &gatewayv1.Gateway{}
+	if err := r.Get(ctx, client.ObjectKey{
+		Name:      consumer.Spec.GatewayRef.Name,
+		Namespace: ns,
+	}, gateway); err != nil {
+		r.Log.Error(err, "failed to get gateway", "gateway", consumer.Spec.GatewayRef.Name)
+		return nil, err
+	}
+	return gateway, nil
+}
+
 func (r *ConsumerReconciler) checkGatewayRef(object client.Object) bool {
 	consumer, ok := object.(*v1alpha1.Consumer)
 	if !ok {
diff --git a/internal/controller/gateway_controller.go b/internal/controller/gateway_controller.go
@@ -267,60 +267,7 @@ func (r *GatewayReconciler) listGatewaysForHTTPRoute(_ context.Context, obj clie
 }
 
 func (r *GatewayReconciler) processInfrastructure(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) error {
-	infra := gateway.Spec.Infrastructure
-	if infra == nil || infra.ParametersRef == nil {
-		return nil
-	}
-
-	ns := gateway.GetNamespace()
-	paramRef := infra.ParametersRef
-	if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == "GatewayProxy" {
-		gatewayProxy := &v1alpha1.GatewayProxy{}
-		if err := r.Get(context.Background(), client.ObjectKey{
-			Namespace: ns,
-			Name:      paramRef.Name,
-		}, gatewayProxy); err != nil {
-			log.Error(err, "failed to get GatewayProxy", "namespace", ns, "name", paramRef.Name)
-			return err
-		} else {
-			log.Info("found GatewayProxy for Gateway", "gateway", gateway.Name, "gatewayproxy", gatewayProxy.Name)
-			tctx.GatewayProxy = gatewayProxy
-
-			// Process provider secrets if provider exists
-			if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane {
-				if gatewayProxy.Spec.Provider.ControlPlane != nil &&
-					gatewayProxy.Spec.Provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey &&
-					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey != nil &&
-					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom != nil &&
-					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
-
-					secretRef := gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
-					secret := &corev1.Secret{}
-					if err := r.Get(context.Background(), client.ObjectKey{
-						Namespace: ns,
-						Name:      secretRef.Name,
-					}, secret); err != nil {
-						log.Error(err, "failed to get secret for GatewayProxy provider",
-							"namespace", ns,
-							"name", secretRef.Name)
-						return err
-					}
-
-					log.Info("found secret for GatewayProxy provider",
-						"gateway", gateway.Name,
-						"gatewayproxy", gatewayProxy.Name,
-						"secret", secretRef.Name)
-
-					tctx.Secrets[types.NamespacedName{
-						Namespace: ns,
-						Name:      secretRef.Name,
-					}] = secret
-				}
-			}
-		}
-	}
-
-	return nil
+	return ProcessGatewayProxy(r.Client, tctx, gateway)
 }
 
 func (r *GatewayReconciler) processListenerConfig(tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) {
diff --git a/internal/controller/httproute_controller.go b/internal/controller/httproute_controller.go
@@ -114,6 +114,12 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	tctx := provider.NewDefaultTranslateContext()
 
+	for _, gateway := range gateways {
+		if err := ProcessGatewayProxy(r.Client, tctx, gateway.Gateway); err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	if err := r.processHTTPRoute(tctx, hr); err != nil {
 		acceptStatus.status = false
 		acceptStatus.msg = err.Error()
diff --git a/internal/controller/ingress_controller.go b/internal/controller/ingress_controller.go
@@ -548,7 +548,7 @@ func (r *IngressReconciler) processIngressClassParameters(ctx context.Context, t
 		}
 
 		r.Log.Info("found GatewayProxy for IngressClass", "ingressClass", ingressClass.Name, "gatewayproxy", gatewayProxy.Name)
-		tctx.GatewayProxy = gatewayProxy
+		tctx.GatewayProxies = append(tctx.GatewayProxies, *gatewayProxy)
 
 		// check if the provider field references a secret
 		if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane {
diff --git a/internal/controller/utils.go b/internal/controller/utils.go
@@ -5,12 +5,16 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
 	"github.com/api7/api7-ingress-controller/internal/controller/config"
+	"github.com/api7/api7-ingress-controller/internal/provider"
+	"github.com/api7/gopkg/pkg/log"
 	"github.com/samber/lo"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
@@ -759,3 +763,63 @@ func SplitMetaNamespaceKey(key string) (namespace, name string, err error) {
 
 	return "", "", fmt.Errorf("unexpected key format: %q", key)
 }
+
+func ProcessGatewayProxy(r client.Client, tctx *provider.TranslateContext, gateway *gatewayv1.Gateway) error {
+	if gateway == nil {
+		return nil
+	}
+	infra := gateway.Spec.Infrastructure
+	if infra == nil || infra.ParametersRef == nil {
+		return nil
+	}
+
+	ns := gateway.GetNamespace()
+	paramRef := infra.ParametersRef
+	if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == "GatewayProxy" {
+		gatewayProxy := &v1alpha1.GatewayProxy{}
+		if err := r.Get(context.Background(), client.ObjectKey{
+			Namespace: ns,
+			Name:      paramRef.Name,
+		}, gatewayProxy); err != nil {
+			log.Error(err, "failed to get GatewayProxy", "namespace", ns, "name", paramRef.Name)
+			return err
+		} else {
+			log.Info("found GatewayProxy for Gateway", "gateway", gateway.Name, "gatewayproxy", gatewayProxy.Name)
+			tctx.GatewayProxies = append(tctx.GatewayProxies, *gatewayProxy)
+
+			// Process provider secrets if provider exists
+			if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane {
+				if gatewayProxy.Spec.Provider.ControlPlane != nil &&
+					gatewayProxy.Spec.Provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey &&
+					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey != nil &&
+					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom != nil &&
+					gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+
+					secretRef := gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
+					secret := &corev1.Secret{}
+					if err := r.Get(context.Background(), client.ObjectKey{
+						Namespace: ns,
+						Name:      secretRef.Name,
+					}, secret); err != nil {
+						log.Error(err, "failed to get secret for GatewayProxy provider",
+							"namespace", ns,
+							"name", secretRef.Name)
+						return err
+					}
+
+					log.Info("found secret for GatewayProxy provider",
+						"gateway", gateway.Name,
+						"gatewayproxy", gatewayProxy.Name,
+						"secret", secretRef.Name)
+
+					tctx.Secrets[types.NamespacedName{
+						Namespace: ns,
+						Name:      secretRef.Name,
+					}] = secret
+				}
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/internal/provider/adc/adc.go b/internal/provider/adc/adc.go
@@ -20,6 +20,7 @@ import (
 	"github.com/api7/api7-ingress-controller/internal/provider"
 	"github.com/api7/api7-ingress-controller/internal/provider/adc/translator"
 	"github.com/api7/gopkg/pkg/log"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 type ResourceKind struct {
@@ -64,22 +65,64 @@ func (d *adcClient) getConfigs(rk ResourceKind) []adcConfig {
 	return d.configs[rk]
 }
 
-func (d *adcClient) updateGatewayConfigs(rk ResourceKind, tctx *provider.TranslateContext) ([]adcConfig, error) {
-	// get gateway proxy from tctx
-	return nil, nil
-}
+func (d *adcClient) getConfigsForGatewayProxy(rk ResourceKind, tctx *provider.TranslateContext, gatewayProxy *v1alpha1.GatewayProxy) (*adcConfig, error) {
+	if gatewayProxy == nil || gatewayProxy.Spec.Provider == nil {
+		return nil, nil
+	}
 
-func (d *adcClient) updateIngressConfigs(rk ResourceKind, tctx *provider.TranslateContext) ([]adcConfig, error) {
-	// get gateway proxy from tctx
-	return nil, nil
-}
+	provider := gatewayProxy.Spec.Provider
+	if provider.Type != v1alpha1.ProviderTypeControlPlane || provider.ControlPlane == nil {
+		return nil, nil
+	}
+
+	endpoints := provider.ControlPlane.Endpoints
+	if len(endpoints) == 0 {
+		return nil, errors.New("no endpoints found")
+	}
+
+	endpoint := endpoints[0]
+	config := adcConfig{
+		ServerAddr: endpoint,
+	}
+
+	if provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey && provider.ControlPlane.Auth.AdminKey != nil {
+		if provider.ControlPlane.Auth.AdminKey.ValueFrom != nil && provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+			secretRef := provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
+			secret, ok := tctx.Secrets[types.NamespacedName{
+				Namespace: rk.Namespace,
+				Name:      secretRef.Name,
+			}]
+			if ok {
+				if token, ok := secret.Data[secretRef.Key]; ok {
+					config.Token = string(token)
+				}
+			}
+		} else if provider.ControlPlane.Auth.AdminKey.Value != "" {
+			config.Token = provider.ControlPlane.Auth.AdminKey.Value
+		}
+	}
 
-func (d *adcClient) updateHTTPRouteConfigs(rk ResourceKind, tctx *provider.TranslateContext) ([]adcConfig, error) {
-	return nil, nil
+	if config.Token == "" {
+		return nil, errors.New("no token found")
+	}
+
+	return &config, nil
 }
 
-func (d *adcClient) updateConsumerConfigs(rk ResourceKind, tctx *provider.TranslateContext) ([]adcConfig, error) {
-	return nil, nil
+func (d *adcClient) updateConfigs(rk ResourceKind, tctx *provider.TranslateContext) error {
+	var configs []adcConfig
+	for _, gatewayProxy := range tctx.GatewayProxies {
+		config, err := d.getConfigsForGatewayProxy(rk, tctx, &gatewayProxy)
+		if err != nil {
+			return err
+		}
+		if config != nil {
+			configs = append(configs, *config)
+		}
+	}
+
+	d.configs[rk] = configs
+	return nil
 }
 
 func (d *adcClient) Update(ctx context.Context, tctx *provider.TranslateContext, obj client.Object) error {
@@ -90,60 +133,47 @@ func (d *adcClient) Update(ctx context.Context, tctx *provider.TranslateContext,
 		err           error
 	)
 
-	var configs []adcConfig
-
-	rk := ResourceKind{
-		Kind:      obj.GetObjectKind().GroupVersionKind().Kind,
-		Namespace: obj.GetNamespace(),
-		Name:      obj.GetName(),
-	}
-
 	switch t := obj.(type) {
 	case *gatewayv1.HTTPRoute:
 		result, err = d.translator.TranslateHTTPRoute(tctx, t.DeepCopy())
-		if err != nil {
-			return err
-		}
 		resourceTypes = append(resourceTypes, "service")
-		configs, err = d.updateHTTPRouteConfigs(rk, tctx)
-		if err != nil {
-			return err
-		}
 	case *gatewayv1.Gateway:
 		result, err = d.translator.TranslateGateway(tctx, t.DeepCopy())
 		if err != nil {
 			return err
 		}
 		resourceTypes = append(resourceTypes, "global_rule", "ssl", "plugin_metadata")
-		configs, err = d.updateGatewayConfigs(rk, tctx)
-		if err != nil {
-			return err
-		}
 	case *networkingv1.Ingress:
 		result, err = d.translator.TranslateIngress(tctx, t.DeepCopy())
 		if err != nil {
 			return err
 		}
 		resourceTypes = append(resourceTypes, "service", "ssl")
-		configs, err = d.updateIngressConfigs(rk, tctx)
-		if err != nil {
-			return err
-		}
 	case *v1alpha1.Consumer:
 		result, err = d.translator.TranslateConsumerV1alpha1(tctx, t.DeepCopy())
 		if err != nil {
 			return err
 		}
 		resourceTypes = append(resourceTypes, "consumer")
-		configs, err = d.updateConsumerConfigs(rk, tctx)
-		if err != nil {
-			return err
-		}
+	}
+	if err != nil {
+		return err
 	}
 	if result == nil {
 		return nil
 	}
 
+	// update adc configs
+	rk := ResourceKind{
+		Kind:      obj.GetObjectKind().GroupVersionKind().Kind,
+		Namespace: obj.GetNamespace(),
+		Name:      obj.GetName(),
+	}
+	if err := d.updateConfigs(rk, tctx); err != nil {
+		return err
+	}
+	configs := d.getConfigs(rk)
+
 	return d.sync(Task{
 		Name:   obj.GetName(),
 		Labels: label.GenLabel(obj),
diff --git a/internal/provider/adc/translator/gateway.go b/internal/provider/adc/translator/gateway.go
@@ -32,14 +32,18 @@ func (t *Translator) TranslateGateway(tctx *provider.TranslateContext, obj *gate
 			result.SSL = append(result.SSL, ssl...)
 		}
 	}
-	if tctx.GatewayProxy != nil {
+	var gatewayProxy *v1alpha1.GatewayProxy
+	if len(tctx.GatewayProxies) > 0 {
+		gatewayProxy = &tctx.GatewayProxies[0]
+	}
+	if gatewayProxy != nil {
 		var (
 			globalRules    = adctypes.Plugins{}
 			pluginMetadata = adctypes.Plugins{}
 		)
 		// apply plugins from GatewayProxy to global rules
-		t.fillPluginsFromGatewayProxy(globalRules, tctx.GatewayProxy)
-		t.fillPluginMetadataFromGatewayProxy(pluginMetadata, tctx.GatewayProxy)
+		t.fillPluginsFromGatewayProxy(globalRules, gatewayProxy)
+		t.fillPluginMetadataFromGatewayProxy(pluginMetadata, gatewayProxy)
 		result.GlobalRules = globalRules
 		result.PluginMetadata = pluginMetadata
 	}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -20,7 +20,7 @@ type Provider interface {
 type TranslateContext struct {
 	BackendRefs      []gatewayv1.BackendRef
 	GatewayTLSConfig []gatewayv1.GatewayTLSConfig
-	GatewayProxy     *v1alpha1.GatewayProxy
+	GatewayProxies   []v1alpha1.GatewayProxy
 	Credentials      []v1alpha1.Credential
 	Gateways         []gatewayv1.Gateway
 	EndpointSlices   map[types.NamespacedName][]discoveryv1.EndpointSlice

Original file line number	Diff line number	Diff line change
`@@ -548,7 +548,7 @@ func (r *IngressReconciler) processIngressClassParameters(ctx context.Context, t`
`548`	`548`	`}`
`549`	`549`
`550`	`550`	`r.Log.Info("found GatewayProxy for IngressClass", "ingressClass", ingressClass.Name, "gatewayproxy", gatewayProxy.Name)`
`551`		`- tctx.GatewayProxy = gatewayProxy`
	`551`	`+ tctx.GatewayProxies = append(tctx.GatewayProxies, *gatewayProxy)`
`552`	`552`
`553`	`553`	`// check if the provider field references a secret`
`554`	`554`	`if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane {`
Original file line number	Diff line number	Diff line change
`@@ -32,14 +32,18 @@ func (t Translator) TranslateGateway(tctx provider.TranslateContext, obj *gate`
`32`	`32`	`result.SSL = append(result.SSL, ssl...)`
`33`	`33`	`}`
`34`	`34`	`}`
`35`		`- if tctx.GatewayProxy != nil {`
	`35`	`+ var gatewayProxy *v1alpha1.GatewayProxy`
	`36`	`+ if len(tctx.GatewayProxies) > 0 {`
	`37`	`+ gatewayProxy = &tctx.GatewayProxies[0]`
	`38`	`+ }`
	`39`	`+ if gatewayProxy != nil {`
`36`	`40`	`var (`
`37`	`41`	`globalRules = adctypes.Plugins{}`
`38`	`42`	`pluginMetadata = adctypes.Plugins{}`
`39`	`43`	`)`
`40`	`44`	`// apply plugins from GatewayProxy to global rules`
`41`		`- t.fillPluginsFromGatewayProxy(globalRules, tctx.GatewayProxy)`
`42`		`- t.fillPluginMetadataFromGatewayProxy(pluginMetadata, tctx.GatewayProxy)`
	`45`	`+ t.fillPluginsFromGatewayProxy(globalRules, gatewayProxy)`
	`46`	`+ t.fillPluginMetadataFromGatewayProxy(pluginMetadata, gatewayProxy)`
`43`	`47`	`result.GlobalRules = globalRules`
`44`	`48`	`result.PluginMetadata = pluginMetadata`
`45`	`49`	`}`