backport: apisix ingress pr #2476 #2467 #2472

Makefile

@@ -19,6 +19,7 @@
 
 VERSION ?= 2.0.0
 
+RELEASE_SRC = apache-apisix-ingress-controller-${VERSION}-src
 
 IMAGE_TAG ?= dev
 
@@ -31,14 +32,17 @@ GATEAY_API_VERSION ?= v1.2.0
 DASHBOARD_VERSION ?= dev
 ADC_VERSION ?= 0.20.0
 
+GINKGO_VERSION ?= 2.20.0
 TEST_TIMEOUT ?= 80m
 TEST_DIR ?= ./test/e2e/
+E2E_NODES ?= 2
 
 # CRD Reference Documentation
 CRD_REF_DOCS_VERSION ?= v0.1.0
 CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs
-CRD_DOCS_CONFIG ?= docs/crd/config.yaml
-CRD_DOCS_OUTPUT ?= docs/crd/api.md
+CRD_DOCS_CONFIG ?= docs/assets/crd/config.yaml
+CRD_DOCS_OUTPUT ?= docs/en/latest/api-reference.md
+CRD_DOCS_TEMPLATE ?= docs/assets/template
 
 export KUBECONFIG = /tmp/$(KIND_NAME).kubeconfig
 
@@ -137,6 +141,14 @@ download-api7ee3-chart:
 	@helm pull api7/api7ee3 --destination "$(shell helm env HELM_REPOSITORY_CACHE)"
 	@echo "Downloaded API7EE3 chart"
 
+.PHONY: ginkgo-e2e-test
+ginkgo-e2e-test:
+	@ginkgo -cover -coverprofile=coverage.txt -r --randomize-all --randomize-suites --trace --focus=$(E2E_FOCUS) --nodes=$(E2E_NODES) $(TEST_DIR)
+
+.PHONY: install-ginkgo
+install-ginkgo:
+	@go install github.com/onsi/ginkgo/v2/ginkgo@v$(GINKGO_VERSION)
+
 .PHONY: conformance-test
 conformance-test:
 	DASHBOARD_VERSION=$(DASHBOARD_VERSION) go test -v ./test/conformance -tags=conformance -timeout 60m
@@ -170,15 +182,15 @@ kind-down:
 
 .PHONY: kind-load-images
 kind-load-images: pull-infra-images kind-load-ingress-image
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME) 
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME) 
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME) 
-	@kind load docker-image kennethreitz/httpbin:latest --name $(KIND_NAME) 
+	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME)
+	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image kennethreitz/httpbin:latest --name $(KIND_NAME)
 	@kind load docker-image jmalloc/echo-server:latest --name $(KIND_NAME)
 
 .PHONY: kind-load-gateway-image
 kind-load-gateway-image:
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME) 
+	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME)
 
 .PHONY: kind-load-dashboard-images
 kind-load-dashboard-images:
@@ -192,7 +204,7 @@ kind-load-ingress-image:
 .PHONY: pull-infra-images
 pull-infra-images:
 	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev
-	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION) 
+	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)
 	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)
 	@docker pull kennethreitz/httpbin:latest
 	@docker pull jmalloc/echo-server:latest
@@ -389,7 +401,7 @@ generate-crd-docs: manifests ## Generate CRD reference documentation in a single
 		--source-path=./api \
 		--config=$(CRD_DOCS_CONFIG) \
 		--renderer=markdown \
-		--templates-dir=./docs/template \
+		--templates-dir=$(CRD_DOCS_TEMPLATE) \
 		--output-path=$(CRD_DOCS_OUTPUT) \
 		--max-depth=100
 	@echo "CRD reference documentation generated at $(CRD_DOCS_OUTPUT)"
@@ -402,7 +414,7 @@ generate-crd-docs-grouped: manifests ## Generate CRD reference documentation gro
 		--source-path=./api \
 		--config=$(CRD_DOCS_CONFIG) \
 		--renderer=markdown \
-		--templates-dir=./docs/template \
+		--templates-dir=$(CRD_DOCS_TEMPLATE) \
 		--output-path=docs/crd/groups \
 		--output-mode=group
 	@echo "CRD reference documentation generated in docs/crd/groups directory"
@@ -416,3 +428,56 @@ verify-license:
 .PHONY: update-license
 update-license:
 	docker run -it --rm -v $(PWD):/github/workspace apache/skywalking-eyes header fix
+
+### verify-mdlint:        Verify markdown files lint rules.
+.PHONY: verify-mdlint
+verify-mdlint:
+	docker run -it --rm -v $(PWD):/work tmknom/markdownlint '**/*.md' --ignore node_modules --ignore CHANGELOG.md
+
+### update-mdlint:        Update markdown files lint rules.
+.PHONY: update-mdlint
+update-mdlint:
+	docker run -it --rm -v $(PWD):/work tmknom/markdownlint '**/*.md' -f --ignore node_modules --ignore vendor --ignore CHANGELOG.md
+
+### verify-yamllint:	  Verify yaml files lint rules for `examples` directory.
+.PHONY: verify-yamllint
+verify-yamllint:
+	docker run -it --rm -v $(PWD):/yaml peterdavehello/yamllint yamllint examples
+
+### update-yamlfmt:       Update yaml files format for `examples` directory.
+.PHONY: update-yamlfmt
+update-yamlfmt:
+	go install github.com/google/yamlfmt/cmd/yamlfmt@latest && yamlfmt examples
+
+### verify-all:           Verify all verify- rules.
+.PHONY: verify-all
+verify-all: verify-license verify-mdlint verify-yamllint
+
+### update-all:           Update all update- rules.
+.PHONY: update-all
+update-all: update-license update-mdlint update-gofmt
+
+### release-src:      Release source
+release-src:
+	tar -zcvf $(RELEASE_SRC).tgz \
+	--exclude .github \
+	--exclude .git \
+	--exclude .idea \
+	--exclude .gitignore \
+	--exclude .DS_Store \
+	--exclude docs \
+	--exclude examples \
+	--exclude scripts \
+	--exclude samples \
+	--exclude test \
+	--exclude release \
+	--exclude $(RELEASE_SRC).tgz \
+	.
+
+	gpg --batch --yes --armor --detach-sig $(RELEASE_SRC).tgz
+	shasum -a 512 $(RELEASE_SRC).tgz > $(RELEASE_SRC).tgz.sha512
+
+	mkdir -p release
+	mv $(RELEASE_SRC).tgz release/$(RELEASE_SRC).tgz
+	mv $(RELEASE_SRC).tgz.asc release/$(RELEASE_SRC).tgz.asc
+	mv $(RELEASE_SRC).tgz.sha512 release/$(RELEASE_SRC).tgz.sha512

docs/template/gv_details.tpl → docs/assets/template/gv_details.tpl

@@ -39,7 +39,7 @@
 
 ### Types
 
-This section describes the types used by the CRDs.
+In this section you will find types that the CRDs rely on.
 
 {{- /* Display Types that are not exported Kinds */ -}}
 {{- range $typ := $gv.SortedTypes -}}

docs/template/gv_list.tpl → docs/assets/template/gv_list.tpl

@@ -26,7 +26,7 @@ slug: /reference/apisix-ingress-controller/crd-reference
 description: Explore detailed reference documentation for the custom resource definitions (CRDs) supported by the APISIX Ingress Controller.
 ---
 
-This document provides the API resource description for the API7 Ingress Controller custom resource definitions (CRDs).
+This document provides the API resource description the APISIX Ingress Controller custom resource definitions (CRDs).
 
 ## Packages
 {{- range $groupVersions }}

docs/crd/api.md → docs/en/latest/api-reference.md

@@ -4,7 +4,7 @@ slug: /reference/apisix-ingress-controller/crd-reference
 description: Explore detailed reference documentation for the custom resource definitions (CRDs) supported by the APISIX Ingress Controller.
 ---
 
-This document provides the API resource description for the API7 Ingress Controller custom resource definitions (CRDs).
+This document provides the API resource description the APISIX Ingress Controller custom resource definitions (CRDs).
 
 ## Packages
 - [apisix.apache.org/v1alpha1](#apisixapacheorgv1alpha1)
@@ -102,7 +102,7 @@ PluginConfig defines plugin configuration.
 
 ### Types
 
-This section describes the types used by the CRDs.
+In this section you will find types that the CRDs rely on.
 #### AdminKeyAuth
 
 
@@ -607,7 +607,7 @@ ApisixUpstream defines configuration for upstream services.
 
 ### Types
 
-This section describes the types used by the CRDs.
+In this section you will find types that the CRDs rely on.
 #### ActiveHealthCheck
 
 

docs/en/latest/concepts/deployment-architecture.md

@@ -0,0 +1,42 @@
+---
+title: Deployment Architecture
+keywords:
+  - APISIX Ingress
+  - Apache APISIX
+  - Kubernetes Ingress
+  - Gateway API
+---
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+The APISIX Ingress Controller is used to manage the APISIX Gateway as either a standalone application or a Kubernetes-based application. It dynamically configures and manages the APISIX Gateway using Gateway API resources.
+
+## Admin API Mode
+
+In the traditional deployment approach, APISIX uses etcd as its configuration center, allowing administrators to dynamically manage routes, upstreams, and other resources through RESTful APIs. It supports distributed cluster deployments with real-time configuration synchronization.
+
+![Admin API Architecture](../../../assets/images/ingress-admin-api-architecture.png)
+
+## Standalone Mode (Experimental)
+
+APISIX runs independently without relying on etcd, supporting two sub-modes - file-driven (managing configuration through conf/apisix.yaml files) and API-driven (storing configuration in memory with full configuration management through the dedicated /apisix/admin/configs endpoint).
+
+This mode is particularly suitable for Kubernetes environments and single-node deployments, where the API-driven memory management approach combines the convenience of traditional Admin API with the simplicity of Standalone mode.
+
+![Standalone Architecture](../../../assets/images/ingress-standalone-architecture.png)

docs/gateway-api.md → docs/en/latest/concepts/gateway-api.md

@@ -1,5 +1,29 @@
-
-# Gateway API
+---
+title: Gateway API
+keywords:
+  - APISIX Ingress
+  - Apache APISIX
+  - Kubernetes Ingress
+  - Gateway API
+---
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
 
 Gateway API is dedicated to achieving expressive and scalable Kubernetes service networking through various custom resources.
 
@@ -29,7 +53,7 @@ For more information about Gateway API, please refer to [Gateway API](https://ga
 
 ## HTTPRoute
 
-The HTTPRoute resource allows users to configure HTTP routing by matching HTTP traffic and forwarding it to Kubernetes backends. Currently, the only backend supported by API7 Gateway is the Service resource.
+The HTTPRoute resource allows users to configure HTTP routing by matching HTTP traffic and forwarding it to Kubernetes backends. Currently, the only backend supported by APISIX Gateway is the Service resource.
 
 ### Example
 

docs/en/latest/concepts/resources.md

@@ -0,0 +1,87 @@
+---
+title: APISIX Ingress Controller Resources
+keywords:
+  - APISIX Ingress
+  - Apache APISIX
+  - Kubernetes Ingress
+  - Gateway API
+description: APISIX Ingress Controller Resources, including Kubernetes resources, Gateway API, and APISIX Ingress Controller CRDs API.
+---
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Kubernetes Resources
+
+### Service
+
+In Kubernetes, a Service is a method to expose network applications running on a set of Pods as network services.
+
+When proxying ingress traffic, APISIX Gateway by default directs traffic directly to the Pods instead of through kube-proxy.
+
+### EndpointSlices
+
+EndpointSlice objects represent subsets (slices) of backend network endpoints for a Service.
+
+The APISIX Ingress Controller continuously tracks matching EndpointSlice objects, and whenever the set of Pods in a Service changes, the set of Pods proxied by the APISIX Gateway will also update accordingly.
+
+### Ingress
+
+Ingress is a Kubernetes resource that manages external access to services within a cluster, typically HTTP and HTTPS traffic. It provides a way to define rules for routing external traffic to internal services.
+
+## Gateway API
+
+Gateway API is an official Kubernetes project focused on L4 and L7 routing in Kubernetes. This project represents the next generation of Kubernetes Ingress, Load Balancing, and Service Mesh APIs.
+
+For more information on supporting Gateway API, please refer to [Gateway API](./gateway-api.md).
+
+## APISIX Ingress Controller CRDs API
+
+The APISIX Ingress Controller defines several Custom Resource Definitions (CRDs) to manage routing, upstreams, TLS, and cluster settings declaratively.
+
+### Gateway API Extensions
+
+Enable additional features not included in the standard Kubernetes Gateway API, developed and maintained by Gateway API implementers to extend functionality securely and reliably.
+
+* GatewayProxy: Defines connection settings between the APISIX Ingress Controller and APISIX, including auth, endpoints, and global plugins. Referenced via parametersRef in Gateway, GatewayClass, or IngressClass
+
+* BackendTrafficPolicy: Defines traffic management settings for backend services, including load balancing, timeouts, retries, and host header handling in the APISIX Ingress Controller.
+
+* Consumer: Defines API consumers and their credentials, enabling authentication and plugin configuration for controlling access to API endpoints.
+
+* PluginConfig: Defines reusable plugin configurations that can be referenced by other resources like HTTPRoute, enabling separation of routing logic and plugin settings for better reusability and manageability.
+
+* HTTPRoutePolicy: Configures advanced traffic management and routing policies for HTTPRoute or Ingress resources, enhancing functionality without modifying the original resources.
+
+![Gateway API Extensions Overview](../../../assets/images/gateway-api-extensions-resources.png)
+
+### Ingress API Extensions
+
+APISIX Ingress Controller CRDs extend Kubernetes functionality to provide declarative configuration management for the Apache APISIX gateway, supporting advanced routing, traffic management, and security policies.
+
+* ApisixRoute: Defines routing rules for HTTP/TCP/UDP, supporting path matching, hostnames, method filtering, and backend service configurations. Can reference ApisixUpstream and ApisixPluginConfig resources.
+
+* ApisixUpstream: Extends Kubernetes Services with advanced configurations such as load balancing, health checks, retries, timeouts, and service subset selection.
+
+* ApisixConsumer: Defines API consumers and their authentication credentials, supporting methods like basicAuth, keyAuth, jwtAuth, hmacAuth, wolfRBAC, and ldapAuth.
+
+* ApisixPluginConfig: Defines reusable plugin configurations referenced by ApisixRoute through the plugin_config_name field, promoting separation of routing logic and plugin settings.
+
+* ApisixTls: Manages SSL/TLS certificates, supporting SNI binding and mutual TLS for secure APISIX gateway connections.
+
+![V2 CRDs Overview](../../../assets/images/v2-crds-api-resources.png)