Skip to content

feat: support SSL #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 53 commits into from
Sep 27, 2024
Merged

feat: support SSL #52

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
c9b5917
feat: support SSL
Revolyssup Sep 18, 2024
931d8d0
fix spell
Revolyssup Sep 18, 2024
df827ab
fix lint
Revolyssup Sep 18, 2024
f7e2ba1
apply suggestion
Revolyssup Sep 19, 2024
0f32b67
add test
Revolyssup Sep 19, 2024
5b6b097
use ginkgo v2
Revolyssup Sep 19, 2024
2efd6c0
apply suggestion
Revolyssup Sep 19, 2024
2062094
fix test
Revolyssup Sep 20, 2024
774fe81
fix test
Revolyssup Sep 20, 2024
516c91a
fix test
Revolyssup Sep 20, 2024
7519014
add assertion
Revolyssup Sep 20, 2024
2368a43
fix protocol
Revolyssup Sep 22, 2024
733c3d0
fix conformance test
Revolyssup Sep 22, 2024
388771b
apply suggestion
Revolyssup Sep 23, 2024
5797240
fix lint
Revolyssup Sep 23, 2024
412762b
fix delete
Revolyssup Sep 23, 2024
94900b5
add empty snis array
Revolyssup Sep 23, 2024
c82c3c4
add test case
Revolyssup Sep 23, 2024
b32200b
add key assertion in gateway e2e test
Revolyssup Sep 23, 2024
edd86dc
remove asserting key
Revolyssup Sep 23, 2024
563b35d
fix tests
Revolyssup Sep 24, 2024
a403ff3
add test without hostname
Revolyssup Sep 24, 2024
4efc412
remove unused function
Revolyssup Sep 24, 2024
df31832
fix lint
Revolyssup Sep 24, 2024
d98d7a1
remove redundant comments
Revolyssup Sep 24, 2024
95d83d5
allow multiple listener referencing same cert
Revolyssup Sep 24, 2024
fc7d119
lint fix
Revolyssup Sep 24, 2024
ea3d024
fix tests'
Revolyssup Sep 24, 2024
833fa86
add error
Revolyssup Sep 24, 2024
c7bb273
add more logs
Revolyssup Sep 24, 2024
9147984
add more logs
Revolyssup Sep 24, 2024
a02f378
skip conformance test
Revolyssup Sep 24, 2024
bfb68c9
remove logs
Revolyssup Sep 24, 2024
c08bc0b
skip conformance test
Revolyssup Sep 24, 2024
4a6589b
fix
Revolyssup Sep 24, 2024
54c9c7d
ignore wildcard sni
Revolyssup Sep 25, 2024
2e438cc
add logs
Revolyssup Sep 25, 2024
581a735
ignore when only * is passed
Revolyssup Sep 25, 2024
af36565
fix conversion
Revolyssup Sep 25, 2024
aac0559
skip test
Revolyssup Sep 25, 2024
1974988
fix test
Revolyssup Sep 25, 2024
5ef3486
add warn log
Revolyssup Sep 25, 2024
fc3cddf
apply suggestions
Revolyssup Sep 26, 2024
dcc2213
pass conformance test
Revolyssup Sep 26, 2024
040379a
skip conformance test
Revolyssup Sep 26, 2024
20b8bc4
pass conformance
Revolyssup Sep 26, 2024
589cdb9
throw err
Revolyssup Sep 26, 2024
251bacb
comment secret nil check
Revolyssup Sep 26, 2024
fec2dcd
handle errors
Revolyssup Sep 26, 2024
c2786f3
not having secret is a listener issue
Revolyssup Sep 26, 2024
6df1c16
fix lint
Revolyssup Sep 26, 2024
b3017a4
lint fix
Revolyssup Sep 26, 2024
236de8a
apply suggestion
Revolyssup Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 53 additions & 5 deletions internal/controller/gateway_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,12 @@ import (
"reflect"

"github.com/api7/api7-ingress-controller/internal/controller/config"
"github.com/api7/api7-ingress-controller/internal/controlplane"
"github.com/api7/api7-ingress-controller/internal/controlplane/translator"
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand All @@ -23,9 +27,9 @@ import (
// GatewayReconciler reconciles a Gateway object.
type GatewayReconciler struct { //nolint:revive
client.Client
Scheme *runtime.Scheme

Log logr.Logger
Scheme *runtime.Scheme
ControlPlaneClient controlplane.Controlplane
Log logr.Logger
}

// SetupWithManager sets up the controller with the Manager.
Expand All @@ -49,7 +53,7 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
if err := r.Get(ctx, req.NamespacedName, gateway); err != nil {
return ctrl.Result{}, client.IgnoreNotFound(err)
}

ns := gateway.GetNamespace()
if !r.checkGatewayClass(gateway) {
return ctrl.Result{}, nil
}
Expand All @@ -74,13 +78,36 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
}

r.Log.Info("gateway has been accepted", "gateway", gateway.GetName())
type status struct {
status bool
msg string
}
acceptStatus := status{
status: true,
msg: acceptedMessage("gateway"),
}
tctx := &translator.TranslateContext{
Secrets: make(map[types.NamespacedName]*corev1.Secret),
}
if err := r.processListenerConfig(tctx, gateway.Spec.Listeners, ns); err != nil {
acceptStatus = status{
status: false,
msg: err.Error(),
}
}
if err := r.ControlPlaneClient.Update(ctx, tctx, gateway); err != nil {
acceptStatus = status{
status: false,
msg: err.Error(),
}
}

ListenerStatuses, err := getListenerStatus(ctx, r.Client, gateway)
if err != nil {
return ctrl.Result{}, err
}

accepted := SetGatewayConditionAccepted(gateway, true, acceptedMessage("gateway"))
accepted := SetGatewayConditionAccepted(gateway, acceptStatus.status, acceptStatus.msg)
Programmed := SetGatewayConditionProgrammed(gateway, conditionProgrammedStatus, conditionProgrammedMsg)
if accepted || Programmed || len(addrs) > 0 || len(ListenerStatuses) > 0 {
if len(addrs) > 0 {
Expand Down Expand Up @@ -183,3 +210,24 @@ func (r *GatewayReconciler) listGatewaysForHTTPRoute(_ context.Context, obj clie
}
return recs
}

func (r *GatewayReconciler) processListenerConfig(tctx *translator.TranslateContext, listeners []gatewayv1.Listener, ns string) error {
var terror error
for _, listener := range listeners {
secret := corev1.Secret{}
for _, ref := range listener.TLS.CertificateRefs {
Copy link
Contributor

@AlinsRan AlinsRan Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need condition ref.kind == secret

Copy link
Contributor Author

@Revolyssup Revolyssup Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added

if ref.Namespace != nil {
ns = string(*ref.Namespace)
}
if err := r.Get(context.Background(), client.ObjectKey{
Namespace: ns,
Name: string(ref.Name),
}, &secret); err != nil {
terror = err
break
}
tctx.Secrets[types.NamespacedName{Namespace: ns, Name: string(ref.Name)}] = &secret
}
}
return terror
}
7 changes: 7 additions & 0 deletions internal/controlplane/controlplane.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ func (d *dashboardClient) Update(ctx context.Context, tctx *translator.Translate
switch obj := obj.(type) {
case *gatewayv1.HTTPRoute:
result, err = d.translator.TranslateGatewayHTTPRoute(tctx, obj.DeepCopy())
case *gatewayv1.Gateway:
result, err = d.translator.TranslateGateway(tctx, obj.DeepCopy())
}
if err != nil {
return err
Expand All @@ -65,6 +67,11 @@ func (d *dashboardClient) Update(ctx context.Context, tctx *translator.Translate
return err
}
}
for _, ssl := range result.SSL {
if _, err := d.c.Cluster(name).SSL().Update(ctx, ssl); err != nil {
return err
}
}
return nil
}

Expand Down
31 changes: 31 additions & 0 deletions internal/controlplane/translator/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,32 @@
package translator

import (
v1 "github.com/api7/api7-ingress-controller/api/dashboard/v1"
"github.com/google/uuid"
"k8s.io/apimachinery/pkg/types"
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
)

func (t *Translator) TranslateGateway(tctx *TranslateContext, obj *gatewayv1.Gateway) (*TranslateResult, error) {
result := &TranslateResult{}
for _, listener := range obj.Spec.Listeners {
tctx.GatewayTLSConfig = append(tctx.GatewayTLSConfig, *listener.TLS)
ssl := t.translateSecret(tctx, listener, obj.Name, obj.Namespace)
result.SSL = append(result.SSL, ssl)
}
return result, nil
}

func (t *Translator) translateSecret(tctx *TranslateContext, listener gatewayv1.Listener, name, ns string) *v1.Ssl {
if tctx.Secrets == nil {
return nil
}
sslObj := &v1.Ssl{}
sslObj.ID = uuid.NewString()
sslObj.Cert = string(tctx.Secrets[types.NamespacedName{Namespace: ns, Name: name}].Data["tls.crt"])
if listener.Hostname != nil {
sslObj.Snis = []string{string(*listener.Hostname)}
}
sslObj.Key = string(tctx.Secrets[types.NamespacedName{Namespace: ns, Name: name}].Data["tls.key"])
return sslObj
}
8 changes: 6 additions & 2 deletions internal/controlplane/translator/translator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package translator

import (
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
discoveryv1 "k8s.io/api/discovery/v1"
"k8s.io/apimachinery/pkg/types"
gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
Expand All @@ -14,11 +15,14 @@ type Translator struct {
}

type TranslateContext struct {
BackendRefs []gatewayv1.BackendRef
EndpointSlices map[types.NamespacedName][]discoveryv1.EndpointSlice
BackendRefs []gatewayv1.BackendRef
EndpointSlices map[types.NamespacedName][]discoveryv1.EndpointSlice
GatewayTLSConfig []gatewayv1.GatewayTLSConfig
Secrets map[types.NamespacedName]*corev1.Secret
}

type TranslateResult struct {
Routes []*v1.Route
Services []*v1.Service
SSL []*v1.Ssl
}