api7 · AlinsRan · Jun 20, 2025 · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -8,7 +8,7 @@ WORKDIR /app
 
 RUN apt update \
     && apt install -y git \
-    && git clone --branch main https://github.com/api7/adc.git \
+    && git clone --depth 1 --branch main https://github.com/api7/adc.git \
     && cd adc \
     && corepack enable pnpm \
     && pnpm install \

diff --git a/api/adc/types.go b/api/adc/types.go
@@ -128,11 +128,11 @@ type ConsumerGroup struct {
 
 // +k8s:deepcopy-gen=true
 type Consumer struct {
-	Credentials []Credential      `json:"credentials,omitempty" yaml:"credentials,omitempty"`
-	Description string            `json:"description,omitempty" yaml:"description,omitempty"`
-	Labels      map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
-	Plugins     Plugins           `json:"plugins,omitempty" yaml:"plugins,omitempty"`
-	Username    string            `json:"username" yaml:"username"`
+	Metadata `json:",inline" yaml:",inline"`
+
+	Credentials []Credential `json:"credentials,omitempty" yaml:"credentials,omitempty"`
+	Plugins     Plugins      `json:"plugins,omitempty" yaml:"plugins,omitempty"`
+	Username    string       `json:"username" yaml:"username"`
 }
 
 // +k8s:deepcopy-gen=true

diff --git a/api/adc/zz_generated.deepcopy.go b/api/adc/zz_generated.deepcopy.go
diff --git a/api/v2/apisixroute_types.go b/api/v2/apisixroute_types.go
@@ -140,7 +140,7 @@ type ApisixRoutePlugin struct {
 	Enable bool `json:"enable" yaml:"enable"`
 	// Plugin configuration.
 	// +kubebuilder:validation:Optional
-	Config ApisixRoutePluginConfig `json:"config" yaml:"config"`
+	Config apiextensionsv1.JSON `json:"config" yaml:"config"`
 	// Plugin configuration secretRef.
 	// +kubebuilder:validation:Optional
 	SecretRef string `json:"secretRef" yaml:"secretRef"`

diff --git a/api/v2/zz_generated.deepcopy.go b/api/v2/zz_generated.deepcopy.go
diff --git a/config/crd/bases/apisix.apache.org_apisixglobalrules.yaml b/config/crd/bases/apisix.apache.org_apisixglobalrules.yaml
@@ -50,10 +50,8 @@ spec:
                   description: ApisixRoutePlugin represents an APISIX plugin.
                   properties:
                     config:
-                      additionalProperties:
-                        x-kubernetes-preserve-unknown-fields: true
                       description: Plugin configuration.
-                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
                     enable:
                       default: true
                       description: Whether this plugin is in use, default is true.

diff --git a/config/crd/bases/apisix.apache.org_apisixpluginconfigs.yaml b/config/crd/bases/apisix.apache.org_apisixpluginconfigs.yaml
@@ -51,10 +51,8 @@ spec:
                   description: ApisixRoutePlugin represents an APISIX plugin.
                   properties:
                     config:
-                      additionalProperties:
-                        x-kubernetes-preserve-unknown-fields: true
                       description: Plugin configuration.
-                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
                     enable:
                       default: true
                       description: Whether this plugin is in use, default is true.

diff --git a/config/crd/bases/apisix.apache.org_apisixroutes.yaml b/config/crd/bases/apisix.apache.org_apisixroutes.yaml
@@ -247,10 +247,8 @@ spec:
                         description: ApisixRoutePlugin represents an APISIX plugin.
                         properties:
                           config:
-                            additionalProperties:
-                              x-kubernetes-preserve-unknown-fields: true
                             description: Plugin configuration.
-                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
                           enable:
                             default: true
                             description: Whether this plugin is in use, default is
@@ -364,10 +362,8 @@ spec:
                         description: ApisixRoutePlugin represents an APISIX plugin.
                         properties:
                           config:
-                            additionalProperties:
-                              x-kubernetes-preserve-unknown-fields: true
                             description: Plugin configuration.
-                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
                           enable:
                             default: true
                             description: Whether this plugin is in use, default is

diff --git a/docs/crd/api.md b/docs/crd/api.md
@@ -1159,7 +1159,7 @@ ApisixRoutePlugin represents an APISIX plugin.
 | --- | --- |
 | `name` _string_ | The plugin name. |
 | `enable` _boolean_ | Whether this plugin is in use, default is true. |
-| `config` _[ApisixRoutePluginConfig](#apisixroutepluginconfig)_ | Plugin configuration. |
+| `config` _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#json-v1-apiextensions-k8s-io)_ | Plugin configuration. |
 | `secretRef` _string_ | Plugin configuration secretRef. |
 
 
@@ -1169,18 +1169,7 @@ _Appears in:_
 - [ApisixRouteHTTP](#apisixroutehttp)
 - [ApisixRouteStream](#apisixroutestream)
 
-#### ApisixRoutePluginConfig
-_Base type:_ `[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#json-v1-apiextensions-k8s-io)`
 
-ApisixRoutePluginConfig is the configuration for
-any plugins.
-
-
-
-
-
-_Appears in:_
-- [ApisixRoutePlugin](#apisixrouteplugin)
 
 #### ApisixRouteSpec
 

diff --git a/internal/controller/apisixconsumer_controller.go b/internal/controller/apisixconsumer_controller.go
@@ -14,56 +14,205 @@ package controller
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
+	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
 	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
+	"github.com/apache/apisix-ingress-controller/internal/controller/status"
+	"github.com/apache/apisix-ingress-controller/internal/provider"
+	"github.com/apache/apisix-ingress-controller/internal/utils"
 )
 
 // ApisixConsumerReconciler reconciles a ApisixConsumer object
 type ApisixConsumerReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
 	Log    logr.Logger
+
+	Provider provider.Provider
+	Updater  status.Updater
 }
 
 // Reconcile FIXME: implement the reconcile logic (For now, it dose nothing other than directly accepting)
 func (r *ApisixConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	r.Log.Info("reconcile", "request", req.NamespacedName)
 
-	var obj apiv2.ApisixConsumer
-	if err := r.Get(ctx, req.NamespacedName, &obj); err != nil {
+	ac := &apiv2.ApisixConsumer{}
+	if err := r.Get(ctx, req.NamespacedName, ac); err != nil {
+		if k8serrors.IsNotFound(err) {
+			ac.Namespace = req.Namespace
+			ac.Name = req.Name
+			ac.TypeMeta = metav1.TypeMeta{
+				Kind:       KindApisixConsumer,
+				APIVersion: apiv2.GroupVersion.String(),
+			}
+			if err := r.Provider.Delete(ctx, ac); err != nil {
+				r.Log.Error(err, "failed to delete provider", "ApisixConsumer", ac)
+				return ctrl.Result{}, err
+			}
+		}
 		r.Log.Error(err, "failed to get ApisixConsumer", "request", req.NamespacedName)
 		return ctrl.Result{}, err
 	}
 
-	obj.Status.Conditions = []metav1.Condition{
-		{
-			Type:               string(gatewayv1.RouteConditionAccepted),
-			Status:             metav1.ConditionTrue,
-			ObservedGeneration: obj.GetGeneration(),
-			LastTransitionTime: metav1.Now(),
-			Reason:             string(gatewayv1.RouteReasonAccepted),
-		},
+	var (
+		tctx = provider.NewDefaultTranslateContext(ctx)
+		err  error
+	)
+	defer func() {
+		r.updateStatus(ac, err)
+	}()
+
+	ingressClass, err := GetIngressClass(tctx, r.Client, r.Log, ac.Spec.IngressClassName)
+	if err != nil {
+		r.Log.Error(err, "failed to get IngressClass")
+		return ctrl.Result{}, err
 	}
 
-	if err := r.Status().Update(ctx, &obj); err != nil {
-		r.Log.Error(err, "failed to update status", "request", req.NamespacedName)
+	if err := ProcessIngressClassParameters(tctx, r.Client, r.Log, ac, ingressClass); err != nil {
+		r.Log.Error(err, "failed to process IngressClass parameters", "ingressClass", ingressClass.Name)
 		return ctrl.Result{}, err
 	}
 
+	if err := r.processSpec(ctx, tctx, ac); err != nil {
+		return ctrl.Result{}, err
+	}
+
+	if err := r.Provider.Update(ctx, tctx, ac); err != nil {
+		r.Log.Error(err, "failed to update provider", "ApisixConsumer", ac)
+		return ctrl.Result{}, err
+	}
 	return ctrl.Result{}, nil
 }
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *ApisixConsumerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&apiv2.ApisixConsumer{}).
+		For(&apiv2.ApisixConsumer{},
+			builder.WithPredicates(
+				predicate.NewPredicateFuncs(r.checkIngressClass),
+			)).
+		WithEventFilter(
+			predicate.Or(
+				predicate.GenerationChangedPredicate{},
+				predicate.AnnotationChangedPredicate{},
+			),
+		).
+		Watches(
+			&networkingv1.IngressClass{},
+			handler.EnqueueRequestsFromMapFunc(r.listApisixConsumerForIngressClass),
+			builder.WithPredicates(
+				predicate.NewPredicateFuncs(matchesIngressController),
+			),
+		).
+		Watches(&v1alpha1.GatewayProxy{},
+			handler.EnqueueRequestsFromMapFunc(r.listApisixConsumerForGatewayProxy),
+		).
 		Named("apisixconsumer").
 		Complete(r)
 }
+
+func (r *ApisixConsumerReconciler) checkIngressClass(obj client.Object) bool {
+	ac, ok := obj.(*apiv2.ApisixConsumer)
+	if !ok {
+		return false
+	}
+
+	return matchesIngressClass(r.Client, r.Log, ac.Spec.IngressClassName)
+}
+
+func (r *ApisixConsumerReconciler) listApisixConsumerForGatewayProxy(ctx context.Context, obj client.Object) []reconcile.Request {
+	return listIngressClassRequestsForGatewayProxy(ctx, r.Client, obj, r.Log, r.listApisixConsumerForIngressClass)
+}
+
+func (r *ApisixConsumerReconciler) listApisixConsumerForIngressClass(ctx context.Context, obj client.Object) []reconcile.Request {
+	ingressClass, ok := obj.(*networkingv1.IngressClass)
+	if !ok {
+		return nil
+	}
+
+	return ListMatchingRequests(
+		ctx,
+		r.Client,
+		r.Log,
+		&apiv2.ApisixConsumerList{},
+		func(obj client.Object) bool {
+			ac, ok := obj.(*apiv2.ApisixConsumer)
+			if !ok {
+				r.Log.Error(fmt.Errorf("expected ApisixConsumer, got %T", obj), "failed to match object type")
+				return false
+			}
+			return (IsDefaultIngressClass(ingressClass) && ac.Spec.IngressClassName == "") || ac.Spec.IngressClassName == ingressClass.Name
+		},
+	)
+}
+
+func (r *ApisixConsumerReconciler) processSpec(ctx context.Context, tctx *provider.TranslateContext, ac *apiv2.ApisixConsumer) error {
+	var secretRef *corev1.LocalObjectReference
+	if ac.Spec.AuthParameter.KeyAuth != nil {
+		secretRef = ac.Spec.AuthParameter.KeyAuth.SecretRef
+	} else if ac.Spec.AuthParameter.BasicAuth != nil {
+		secretRef = ac.Spec.AuthParameter.BasicAuth.SecretRef
+	} else if ac.Spec.AuthParameter.JwtAuth != nil {
+		secretRef = ac.Spec.AuthParameter.JwtAuth.SecretRef
+	} else if ac.Spec.AuthParameter.WolfRBAC != nil {
+		secretRef = ac.Spec.AuthParameter.WolfRBAC.SecretRef
+	} else if ac.Spec.AuthParameter.HMACAuth != nil {
+		secretRef = ac.Spec.AuthParameter.HMACAuth.SecretRef
+	} else if ac.Spec.AuthParameter.LDAPAuth != nil {
+		secretRef = ac.Spec.AuthParameter.LDAPAuth.SecretRef
+	}
+	if secretRef == nil {
+		return nil
+	}
+
+	namespacedName := types.NamespacedName{
+		Name:      secretRef.Name,
+		Namespace: ac.Namespace,
+	}
+
+	secret := &corev1.Secret{}
+	if err := r.Get(ctx, namespacedName, secret); err != nil {
+		if k8serrors.IsNotFound(err) {
+			r.Log.Info("secret not found", "secret", namespacedName.String())
+			return nil
+		} else {
+			r.Log.Error(err, "failed to get secret", "secret", namespacedName.String())
+			return err
+		}
+	}
+	tctx.Secrets[namespacedName] = secret
+	return nil
+}
+
+func (r *ApisixConsumerReconciler) updateStatus(consumer *apiv2.ApisixConsumer, err error) {
+	SetApisixCRDConditionAccepted(&consumer.Status, consumer.GetGeneration(), err)
+	r.Updater.Update(status.Update{
+		NamespacedName: utils.NamespacedName(consumer),
+		Resource:       &apiv2.ApisixConsumer{},
+		Mutator: status.MutatorFunc(func(obj client.Object) client.Object {
+			ac, ok := obj.(*apiv2.ApisixConsumer)
+			if !ok {
+				err := fmt.Errorf("unsupported object type %T", obj)
+				panic(err)
+			}
+			acCopy := ac.DeepCopy()
+			acCopy.Status = consumer.Status
+			return acCopy
+		}),
+	})
+}