Merge branch 'release-v2-dev' into docs/update-crd

Author: kayx23

Makefile

@@ -29,7 +29,7 @@ KIND_NAME ?= apisix-ingress-cluster
 
 GATEAY_API_VERSION ?= v1.2.0
 DASHBOARD_VERSION ?= dev
-ADC_VERSION ?= 0.19.0
+ADC_VERSION ?= 0.20.0
 
 TEST_TIMEOUT ?= 80m
 TEST_DIR ?= ./test/e2e/

api/v1alpha1/gatewayproxy_types.go

@@ -22,9 +22,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // GatewayProxySpec defines the desired state of GatewayProxy.
 type GatewayProxySpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
@@ -116,9 +113,10 @@ type ControlPlaneAuth struct {
 }
 
 // ControlPlaneProvider defines configuration for control plane provider.
+// +kubebuilder:validation:XValidation:rule="has(self.endpoints) != has(self.service)"
 type ControlPlaneProvider struct {
 	// Endpoints specifies the list of control plane endpoints.
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	// +kubebuilder:validation:MinItems=1
 	Endpoints []string `json:"endpoints"`
 

config/crd/bases/apisix.apache.org_gatewayproxies.yaml

@@ -140,8 +140,9 @@ spec:
                         type: boolean
                     required:
                     - auth
-                    - endpoints
                     type: object
+                    x-kubernetes-validations:
+                    - rule: has(self.endpoints) != has(self.service)
                   type:
                     description: Type specifies the type of provider. Can only be
                       `ControlPlane`.

internal/controller/gatewayclass_congroller.go

@@ -43,9 +43,6 @@ const (
 	FinalizerGatewayClassProtection = "apisix.apache.org/gc-protection"
 )
 
-// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses,verbs=get;list;watch;update
-// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses/status,verbs=get;update
-
 // GatewayClassReconciler reconciles a GatewayClass object.
 type GatewayClassReconciler struct { //nolint:revive
 	client.Client

internal/controller/gatewayproxy_controller.go

@@ -0,0 +1,179 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package controller
+
+import (
+	"context"
+	"errors"
+
+	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	discoveryv1 "k8s.io/api/discovery/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+
+	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
+	"github.com/apache/apisix-ingress-controller/internal/controller/indexer"
+	"github.com/apache/apisix-ingress-controller/internal/provider"
+	"github.com/apache/apisix-ingress-controller/internal/utils"
+)
+
+// GatewayProxyController reconciles a GatewayProxy object.
+type GatewayProxyController struct {
+	client.Client
+
+	Scheme   *runtime.Scheme
+	Log      logr.Logger
+	Provider provider.Provider
+}
+
+func (r *GatewayProxyController) SetupWithManager(mrg ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mrg).
+		For(&v1alpha1.GatewayProxy{}).
+		Watches(&corev1.Service{},
+			handler.EnqueueRequestsFromMapFunc(r.listGatewayProxiesForProviderService),
+		).
+		Watches(&discoveryv1.EndpointSlice{},
+			handler.EnqueueRequestsFromMapFunc(r.listGatewayProxiesForProviderEndpointSlice),
+		).
+		Watches(&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(r.listGatewayProxiesForSecret),
+		).
+		Complete(r)
+}
+
+func (r *GatewayProxyController) Reconcile(ctx context.Context, req ctrl.Request) (reconcile.Result, error) {
+	var tctx = provider.NewDefaultTranslateContext(ctx)
+
+	var gp v1alpha1.GatewayProxy
+	if err := r.Get(ctx, req.NamespacedName, &gp); err != nil {
+		if client.IgnoreNotFound(err) == nil {
+			gp.Namespace = req.Namespace
+			gp.Name = req.Name
+			err = r.Provider.Update(ctx, tctx, &gp)
+		}
+		return ctrl.Result{}, err
+	}
+
+	// if there is no provider, update with empty translate context
+	if gp.Spec.Provider == nil || gp.Spec.Provider.ControlPlane == nil {
+		return reconcile.Result{}, r.Provider.Update(ctx, tctx, &gp)
+	}
+
+	// process endpoints for provider service
+	providerService := gp.Spec.Provider.ControlPlane.Service
+	if providerService == nil {
+		tctx.EndpointSlices[req.NamespacedName] = nil
+	} else {
+		if err := addProviderEndpointsToTranslateContext(tctx, r.Client, types.NamespacedName{
+			Namespace: gp.Namespace,
+			Name:      providerService.Name,
+		}); err != nil {
+			return reconcile.Result{}, err
+		}
+	}
+
+	// process secret for provider auth
+	auth := gp.Spec.Provider.ControlPlane.Auth
+	if auth.AdminKey != nil && auth.AdminKey.ValueFrom != nil && auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+		var (
+			secret   corev1.Secret
+			secretNN = types.NamespacedName{
+				Namespace: gp.GetNamespace(),
+				Name:      auth.AdminKey.ValueFrom.SecretKeyRef.Name,
+			}
+		)
+		if err := r.Get(ctx, secretNN, &secret); err != nil {
+			r.Log.Error(err, "failed to get secret", "secret", secretNN)
+			return reconcile.Result{}, err
+		}
+		tctx.Secrets[secretNN] = &secret
+	}
+
+	// list Gateways that reference the GatewayProxy
+	var (
+		gatewayList      gatewayv1.GatewayList
+		ingressClassList networkingv1.IngressClassList
+		indexKey         = indexer.GenIndexKey(gp.GetNamespace(), gp.GetName())
+	)
+	if err := r.List(ctx, &gatewayList, client.MatchingFields{indexer.ParametersRef: indexKey}); err != nil {
+		r.Log.Error(err, "failed to list GatewayList")
+		return ctrl.Result{}, nil
+	}
+
+	// list IngressClasses that reference the GatewayProxy
+	if err := r.List(ctx, &ingressClassList, client.MatchingFields{indexer.IngressClassParametersRef: indexKey}); err != nil {
+		r.Log.Error(err, "failed to list IngressClassList")
+		return reconcile.Result{}, err
+	}
+
+	// append referrers to translate context
+	for _, item := range gatewayList.Items {
+		tctx.GatewayProxyReferrers[req.NamespacedName] = append(tctx.GatewayProxyReferrers[req.NamespacedName], utils.NamespacedNameKind(&item))
+	}
+	for _, item := range ingressClassList.Items {
+		tctx.GatewayProxyReferrers[req.NamespacedName] = append(tctx.GatewayProxyReferrers[req.NamespacedName], utils.NamespacedNameKind(&item))
+	}
+
+	if err := r.Provider.Update(ctx, tctx, &gp); err != nil {
+		return reconcile.Result{}, err
+	}
+
+	return reconcile.Result{}, nil
+}
+
+func (r *GatewayProxyController) listGatewayProxiesForProviderService(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
+	service, ok := obj.(*corev1.Service)
+	if !ok {
+		r.Log.Error(errors.New("unexpected object type"), "failed to convert object to Service")
+		return nil
+	}
+
+	return ListRequests(ctx, r.Client, r.Log, &v1alpha1.GatewayProxyList{}, client.MatchingFields{
+		indexer.ServiceIndexRef: indexer.GenIndexKey(service.GetNamespace(), service.GetName()),
+	})
+}
+
+func (r *GatewayProxyController) listGatewayProxiesForProviderEndpointSlice(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
+	endpointSlice, ok := obj.(*discoveryv1.EndpointSlice)
+	if !ok {
+		r.Log.Error(errors.New("unexpected object type"), "failed to convert object to EndpointSlice")
+		return nil
+	}
+
+	return ListRequests(ctx, r.Client, r.Log, &v1alpha1.GatewayProxyList{}, client.MatchingFields{
+		indexer.ServiceIndexRef: indexer.GenIndexKey(endpointSlice.GetNamespace(), endpointSlice.Labels[discoveryv1.LabelServiceName]),
+	})
+}
+
+func (r *GatewayProxyController) listGatewayProxiesForSecret(ctx context.Context, object client.Object) []reconcile.Request {
+	secret, ok := object.(*corev1.Secret)
+	if !ok {
+		r.Log.Error(errors.New("unexpected object type"), "failed to convert object to Secret")
+		return nil
+	}
+	return ListRequests(ctx, r.Client, r.Log, &v1alpha1.GatewayProxyList{}, client.MatchingFields{
+		indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
+	})
+}

internal/controller/indexer/indexer.go

@@ -241,6 +241,15 @@ func setupIngressClassIndexer(mgr ctrl.Manager) error {
 }
 
 func setupGatewayProxyIndexer(mgr ctrl.Manager) error {
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&v1alpha1.GatewayProxy{},
+		ServiceIndexRef,
+		GatewayProxyServiceIndexFunc,
+	); err != nil {
+		return err
+	}
+
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
 		&v1alpha1.GatewayProxy{},
@@ -272,6 +281,17 @@ func setupGatewayClassIndexer(mgr ctrl.Manager) error {
 	)
 }
 
+func GatewayProxyServiceIndexFunc(rawObj client.Object) []string {
+	gatewayProxy := rawObj.(*v1alpha1.GatewayProxy)
+	if gatewayProxy.Spec.Provider != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Service != nil {
+		service := gatewayProxy.Spec.Provider.ControlPlane.Service
+		return []string{GenIndexKey(gatewayProxy.GetNamespace(), service.Name)}
+	}
+	return nil
+}
+
 func GatewayProxySecretIndexFunc(rawObj client.Object) []string {
 	gatewayProxy := rawObj.(*v1alpha1.GatewayProxy)
 	secretKeys := make([]string, 0)

internal/controller/ingressclass_controller.go

@@ -27,6 +27,7 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -229,6 +230,15 @@ func (r *IngressClassReconciler) processInfrastructure(tctx *provider.TranslateC
 		}
 	}
 
+	if service := gatewayProxy.Spec.Provider.ControlPlane.Service; service != nil {
+		if err := addProviderEndpointsToTranslateContext(tctx, r.Client, types.NamespacedName{
+			Namespace: gatewayProxy.GetNamespace(),
+			Name:      service.Name,
+		}); err != nil {
+			return err
+		}
+	}
+
 	_, ok := tctx.GatewayProxies[rk]
 	if !ok {
 		return fmt.Errorf("no gateway proxy found for ingress class")