feat: add Unix socket support for inter-container communication (#2587)

(cherry picked from commit dc8b66214663ba534575aa1be8167786d01df613)

Author: AlinsRan

internal/adc/client/executor.go

@@ -24,6 +24,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"os"
 	"os/exec"
@@ -227,13 +228,32 @@ type HTTPADCExecutor struct {
 	serverURL  string
 }
 
-// NewHTTPADCExecutor creates a new HTTPADCExecutor with the specified ADC Server URL
+// NewHTTPADCExecutor creates a new HTTPADCExecutor with the specified ADC Server URL.
+// serverURL can be "http(s)://host:port" or "unix:///path/to/socket" or "unix:/path/to/socket".
 func NewHTTPADCExecutor(serverURL string, timeout time.Duration) *HTTPADCExecutor {
+	httpClient := &http.Client{
+		Timeout: timeout,
+	}
+
+	if strings.HasPrefix(serverURL, "unix:") {
+		var socketPath string
+		if strings.HasPrefix(serverURL, "unix:///") {
+			socketPath = strings.TrimPrefix(serverURL, "unix://")
+		} else {
+			socketPath = strings.TrimPrefix(serverURL, "unix:")
+		}
+		transport := &http.Transport{
+			DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+				return (&net.Dialer{}).DialContext(ctx, "unix", socketPath)
+			},
+		}
+		httpClient.Transport = transport
+		serverURL = "http://unix"
+	}
+
 	return &HTTPADCExecutor{
-		httpClient: &http.Client{
-			Timeout: timeout,
-		},
-		serverURL: serverURL,
+		httpClient: httpClient,
+		serverURL:  serverURL,
 	}
 }
 

test/e2e/framework/manifests/ingress.yaml

@@ -346,6 +346,8 @@ spec:
         app: apisix-ingress-controller
         control-plane: controller-manager
     spec:
+      securityContext:
+        fsGroup: 2000   
       containers:
       - image: api7/api7-ingress-controller:dev
         env:
@@ -357,10 +359,14 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
+        - name: ADC_SERVER_URL
+          value: "unix:/sockets/adc.sock"
         volumeMounts:
         - name: ingress-config
           mountPath: /app/conf/config.yaml
           subPath: config.yaml
+        - name: socket-volume
+          mountPath: /sockets
         {{ if .WebhookEnable -}}
         - name: webhook-certs
           mountPath: /tmp/certs
@@ -385,12 +391,7 @@ spec:
             path: /readyz
             port: 8081
           initialDelaySeconds: 5
-          periodSeconds: 10
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
+          periodSeconds: 10       
       - image: ghcr.io/api7/adc:dev
         env:
         - name: ADC_RUNNING_MODE
@@ -403,13 +404,10 @@ spec:
         args:
         - "server"
         - "--listen"
-        - "http://127.0.0.1:3000"
+        - "unix:/sockets/adc.sock"
         - "--listen-status"
         - "3001"
         ports:
-        - name: http
-          containerPort: 3000
-          protocol: TCP
         - name: http-status
           containerPort: 3001
           protocol: TCP
@@ -426,11 +424,19 @@ spec:
             port: 3001
           initialDelaySeconds: 5
           periodSeconds: 5
+<<<<<<< HEAD
         securityContext: {}
+=======
+        volumeMounts:
+        - name: socket-volume
+          mountPath: /sockets
+>>>>>>> dc8b6621 (feat: add Unix socket support for inter-container communication (#2587))
       volumes:
       - name: ingress-config
         configMap:
           name: ingress-config
+      - name: socket-volume
+        emptyDir: {}
       {{ if .WebhookEnable -}}
       - name: webhook-certs
         secret: