feat: add support for TCPRoute (#2564) (#289)

Signed-off-by: Ashing Zheng <[email protected]>
Co-authored-by: Ashish Tiwari <[email protected]>
Co-authored-by: Ashing Zheng <[email protected]>

Author: 3 people

config/rbac/role.yaml

@@ -93,6 +93,7 @@ rules:
   - grpcroutes/status
   - httproutes/status
   - referencegrants/status
+  - tcproutes/status
   verbs:
   - get
   - update
@@ -102,6 +103,7 @@ rules:
   - gateways
   - grpcroutes
   - httproutes
+  - tcproutes
   - referencegrants
   verbs:
   - get

docs/en/latest/concepts/gateway-api.md

@@ -51,7 +51,7 @@ By supporting Gateway API, the APISIX Ingress controller can realize richer func
 | GRPCRoute        | Supported           | Supported              | Not supported                         | v1          |
 | ReferenceGrant   | Supported           | Not supported          | Not supported                         | v1beta1     |
 | TLSRoute         | Not supported       | Not supported          | Not supported                         | v1alpha2    |
-| TCPRoute         | Not supported       | Not supported          | Not supported                         | v1alpha2    |
+| TCPRoute         | Supported           | Supported              | Not supported                         | v1alpha2    |
 | UDPRoute         | Not supported       | Not supported          | Not supported                         | v1alpha2    |
 | BackendTLSPolicy | Not supported       | Not supported          | Not supported                         | v1alpha3    |
 

examples/httpbin/tcproute.yaml

@@ -0,0 +1,75 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: apisix
+spec:
+  controllerName: "apisix.apache.org/apisix-ingress-controller"
+
+---
+
+apiVersion: apisix.apache.org/v1alpha1
+kind: GatewayProxy
+metadata:
+  name: apisix-proxy-config
+spec:
+  provider:
+    type: ControlPlane
+    controlPlane:
+      endpoints:
+        - ${ADMIN_ENDPOINT}   # https://127.0.0.1:7443
+      auth:
+        type: AdminKey
+        adminKey:
+          value: "${ADMIN_KEY}"
+
+---
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: apisix
+spec:
+  gatewayClassName: apisix
+  listeners:
+    - name: foo
+      protocol: TCP
+      port: 80
+      allowedRoutes:
+        kinds:
+          - kind: TCPRoute
+  infrastructure:
+    parametersRef:
+      group: apisix.apache.org
+      kind: GatewayProxy
+      name: apisix-proxy-config
+---
+
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+  name: tcp-app-1
+spec:
+  parentRefs:
+    - name: apisix
+      sectionName: foo
+  rules:
+    - backendRefs:
+        - name: httpbin
+          port: 80

internal/adc/translator/tcproute.go

@@ -0,0 +1,163 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package translator
+
+import (
+	"fmt"
+
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
+	"github.com/apache/apisix-ingress-controller/internal/controller/label"
+	"github.com/apache/apisix-ingress-controller/internal/id"
+	"github.com/apache/apisix-ingress-controller/internal/provider"
+	"github.com/apache/apisix-ingress-controller/internal/types"
+)
+
+func newDefaultUpstreamWithoutScheme() *adctypes.Upstream {
+	return &adctypes.Upstream{
+		Metadata: adctypes.Metadata{
+			Labels: map[string]string{
+				"managed-by": "apisix-ingress-controller",
+			},
+		},
+		Nodes: make(adctypes.UpstreamNodes, 0),
+	}
+}
+
+func (t *Translator) TranslateTCPRoute(tctx *provider.TranslateContext, tcpRoute *gatewayv1alpha2.TCPRoute) (*TranslateResult, error) {
+	result := &TranslateResult{}
+	rules := tcpRoute.Spec.Rules
+	labels := label.GenLabel(tcpRoute)
+	for ruleIndex, rule := range rules {
+		service := adctypes.NewDefaultService()
+		service.Labels = labels
+		service.Name = adctypes.ComposeServiceNameWithStream(tcpRoute.Namespace, tcpRoute.Name, fmt.Sprintf("%d", ruleIndex))
+		service.ID = id.GenID(service.Name)
+		var (
+			upstreams         = make([]*adctypes.Upstream, 0)
+			weightedUpstreams = make([]adctypes.TrafficSplitConfigRuleWeightedUpstream, 0)
+		)
+		for _, backend := range rule.BackendRefs {
+			if backend.Namespace == nil {
+				namespace := gatewayv1.Namespace(tcpRoute.Namespace)
+				backend.Namespace = &namespace
+			}
+			upstream := newDefaultUpstreamWithoutScheme()
+			upNodes, err := t.translateBackendRef(tctx, backend, DefaultEndpointFilter)
+			if err != nil {
+				continue
+			}
+			if len(upNodes) == 0 {
+				continue
+			}
+			// TODO: Confirm BackendTrafficPolicy attachment with e2e test case.
+			t.AttachBackendTrafficPolicyToUpstream(backend, tctx.BackendTrafficPolicies, upstream)
+			upstream.Nodes = upNodes
+			var (
+				kind string
+				port int32
+			)
+			if backend.Kind == nil {
+				kind = types.KindService
+			} else {
+				kind = string(*backend.Kind)
+			}
+			if backend.Port != nil {
+				port = int32(*backend.Port)
+			}
+			namespace := string(*backend.Namespace)
+			name := string(backend.Name)
+			upstreamName := adctypes.ComposeUpstreamNameForBackendRef(kind, namespace, name, port)
+			upstream.Name = upstreamName
+			upstream.ID = id.GenID(upstreamName)
+			upstreams = append(upstreams, upstream)
+		}
+
+		// Handle multiple backends with traffic-split plugin
+		if len(upstreams) == 0 {
+			// Create a default upstream if no valid backends
+			upstream := adctypes.NewDefaultUpstream()
+			service.Upstream = upstream
+		} else if len(upstreams) == 1 {
+			// Single backend - use directly as service upstream
+			service.Upstream = upstreams[0]
+			// remove the id and name of the service.upstream, adc schema does not need id and name for it
+			service.Upstream.ID = ""
+			service.Upstream.Name = ""
+		} else {
+			// Multiple backends - use traffic-split plugin
+			service.Upstream = upstreams[0]
+			// remove the id and name of the service.upstream, adc schema does not need id and name for it
+			service.Upstream.ID = ""
+			service.Upstream.Name = ""
+
+			upstreams = upstreams[1:]
+
+			if len(upstreams) > 0 {
+				service.Upstreams = upstreams
+			}
+
+			// Set weight in traffic-split for the default upstream
+			weight := apiv2.DefaultWeight
+			if rule.BackendRefs[0].Weight != nil {
+				weight = int(*rule.BackendRefs[0].Weight)
+			}
+			weightedUpstreams = append(weightedUpstreams, adctypes.TrafficSplitConfigRuleWeightedUpstream{
+				Weight: weight,
+			})
+
+			// Set other upstreams in traffic-split using upstream_id
+			for i, upstream := range upstreams {
+				weight := apiv2.DefaultWeight
+				// get weight from the backend refs starting from the second backend
+				if i+1 < len(rule.BackendRefs) && rule.BackendRefs[i+1].Weight != nil {
+					weight = int(*rule.BackendRefs[i+1].Weight)
+				}
+				weightedUpstreams = append(weightedUpstreams, adctypes.TrafficSplitConfigRuleWeightedUpstream{
+					UpstreamID: upstream.ID,
+					Weight:     weight,
+				})
+			}
+
+			if len(weightedUpstreams) > 0 {
+				if service.Plugins == nil {
+					service.Plugins = make(map[string]any)
+				}
+				service.Plugins["traffic-split"] = &adctypes.TrafficSplitConfig{
+					Rules: []adctypes.TrafficSplitConfigRule{
+						{
+							WeightedUpstreams: weightedUpstreams,
+						},
+					},
+				}
+			}
+		}
+		streamRoute := adctypes.NewDefaultStreamRoute()
+		streamRouteName := adctypes.ComposeStreamRouteName(tcpRoute.Namespace, tcpRoute.Name, fmt.Sprintf("%d", ruleIndex))
+		streamRoute.Name = streamRouteName
+		streamRoute.ID = id.GenID(streamRouteName)
+		streamRoute.Labels = labels
+		// TODO: support remote_addr, server_addr, sni, server_port
+		service.StreamRoutes = append(service.StreamRoutes, streamRoute)
+		result.Services = append(result.Services, service)
+	}
+	return result, nil
+}

internal/controller/indexer/indexer.go

@@ -29,6 +29,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 
 	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
 	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
@@ -62,6 +63,7 @@ func SetupIndexer(mgr ctrl.Manager) error {
 		&gatewayv1.Gateway{}:              setupGatewayIndexer,
 		&gatewayv1.HTTPRoute{}:            setupHTTPRouteIndexer,
 		&gatewayv1.GRPCRoute{}:            setupGRPCRouteIndexer,
+		&gatewayv1alpha2.TCPRoute{}:       setupTCPRouteIndexer,
 		&gatewayv1.GatewayClass{}:         setupGatewayClassIndexer,
 		&v1alpha1.Consumer{}:              setupConsumerIndexer,
 		&networkingv1.Ingress{}:           setupIngressIndexer,
@@ -257,6 +259,26 @@ func setupHTTPRouteIndexer(mgr ctrl.Manager) error {
 	return nil
 }
 
+func setupTCPRouteIndexer(mgr ctrl.Manager) error {
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&gatewayv1alpha2.TCPRoute{},
+		ParentRefs,
+		TCPRouteParentRefsIndexFunc,
+	); err != nil {
+		return err
+	}
+
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&gatewayv1alpha2.TCPRoute{},
+		ServiceIndexRef,
+		TCPPRouteServiceIndexFunc,
+	); err != nil {
+		return err
+	}
+	return nil
+}
 func setupIngressClassIndexer(mgr ctrl.Manager) error {
 	// create IngressClass index
 	if err := mgr.GetFieldIndexer().IndexField(
@@ -543,6 +565,19 @@ func HTTPRouteParentRefsIndexFunc(rawObj client.Object) []string {
 	return keys
 }
 
+func TCPRouteParentRefsIndexFunc(rawObj client.Object) []string {
+	tr := rawObj.(*gatewayv1alpha2.TCPRoute)
+	keys := make([]string, 0, len(tr.Spec.ParentRefs))
+	for _, ref := range tr.Spec.ParentRefs {
+		ns := tr.GetNamespace()
+		if ref.Namespace != nil {
+			ns = string(*ref.Namespace)
+		}
+		keys = append(keys, GenIndexKey(ns, string(ref.Name)))
+	}
+	return keys
+}
+
 func HTTPRouteServiceIndexFunc(rawObj client.Object) []string {
 	hr := rawObj.(*gatewayv1.HTTPRoute)
 	keys := make([]string, 0, len(hr.Spec.Rules))
@@ -561,6 +596,24 @@ func HTTPRouteServiceIndexFunc(rawObj client.Object) []string {
 	return keys
 }
 
+func TCPPRouteServiceIndexFunc(rawObj client.Object) []string {
+	tr := rawObj.(*gatewayv1alpha2.TCPRoute)
+	keys := make([]string, 0, len(tr.Spec.Rules))
+	for _, rule := range tr.Spec.Rules {
+		for _, backend := range rule.BackendRefs {
+			namespace := tr.GetNamespace()
+			if backend.Kind != nil && *backend.Kind != internaltypes.KindService {
+				continue
+			}
+			if backend.Namespace != nil {
+				namespace = string(*backend.Namespace)
+			}
+			keys = append(keys, GenIndexKey(namespace, string(backend.Name)))
+		}
+	}
+	return keys
+}
+
 func ApisixRouteServiceIndexFunc(cli client.Client) func(client.Object) []string {
 	return func(obj client.Object) (keys []string) {
 		ar := obj.(*apiv2.ApisixRoute)