feat: support ingress v1beta1 https (#596)

Co-authored-by: 李闯 <lichuang1@qihoodeMacBook-Pro.local>

go.mod

@@ -3,22 +3,24 @@ module github.com/apache/apisix-ingress-controller
 go 1.13
 
 require (
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/gin-gonic/gin v1.6.3
+	github.com/google/uuid v1.2.0 // indirect
 	github.com/hashicorp/go-memdb v1.0.4
 	github.com/hashicorp/go-multierror v1.1.0
 	github.com/hashicorp/golang-lru v0.5.3 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/onsi/gomega v1.8.1 // indirect
+	github.com/onsi/ginkgo v1.16.4 // indirect
 	github.com/prometheus/client_golang v1.7.1
 	github.com/prometheus/client_model v0.2.0
 	github.com/prometheus/procfs v0.2.0 // indirect
 	github.com/spf13/cobra v1.1.1
 	github.com/stretchr/testify v1.6.1
 	go.uber.org/multierr v1.3.0
 	go.uber.org/zap v1.13.0
-	golang.org/x/net v0.0.0-20210224082022-3d97a244fca7
+	golang.org/x/net v0.0.0-20210510120150-4163338589ed
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
+	golang.org/x/tools v0.1.5 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.21.1
 	k8s.io/apimachinery v0.21.1

pkg/ingress/ingress.go

@@ -138,9 +138,11 @@ func (c *ingressController) sync(ctx context.Context, ev *types.Event) error {
 		zap.Any("ingress", ing),
 		zap.Any("routes", tctx.Routes),
 		zap.Any("upstreams", tctx.Upstreams),
+		zap.Any("ssl", tctx.SSL),
 	)
 
 	m := &manifest{
+		ssl:       tctx.SSL,
 		routes:    tctx.Routes,
 		upstreams: tctx.Upstreams,
 	}
@@ -168,6 +170,7 @@ func (c *ingressController) sync(ctx context.Context, ev *types.Event) error {
 		om := &manifest{
 			routes:    oldCtx.Routes,
 			upstreams: oldCtx.Upstreams,
+			ssl:       oldCtx.SSL,
 		}
 		added, updated, deleted = m.diff(om)
 	}

pkg/ingress/manifest.go

@@ -26,6 +26,38 @@ import (
 	apisixv1 "github.com/apache/apisix-ingress-controller/pkg/types/apisix/v1"
 )
 
+func diffSSL(olds, news []*apisixv1.Ssl) (added, updated, deleted []*apisixv1.Ssl) {
+	if olds == nil {
+		return news, nil, nil
+	}
+	if news == nil {
+		return nil, nil, olds
+	}
+
+	oldMap := make(map[string]*apisixv1.Ssl, len(olds))
+	newMap := make(map[string]*apisixv1.Ssl, len(news))
+	for _, ssl := range olds {
+		oldMap[ssl.ID] = ssl
+	}
+	for _, ssl := range news {
+		newMap[ssl.ID] = ssl
+	}
+
+	for _, ssl := range news {
+		if or, ok := oldMap[ssl.ID]; !ok {
+			added = append(added, ssl)
+		} else if !reflect.DeepEqual(or, ssl) {
+			updated = append(updated, ssl)
+		}
+	}
+	for _, ssl := range olds {
+		if _, ok := newMap[ssl.ID]; !ok {
+			deleted = append(deleted, ssl)
+		}
+	}
+	return
+}
+
 func diffRoutes(olds, news []*apisixv1.Route) (added, updated, deleted []*apisixv1.Route) {
 	if olds == nil {
 		return news, nil, nil
@@ -112,31 +144,38 @@ type manifest struct {
 	routes       []*apisixv1.Route
 	upstreams    []*apisixv1.Upstream
 	streamRoutes []*apisixv1.StreamRoute
+	ssl          []*apisixv1.Ssl
 }
 
 func (m *manifest) diff(om *manifest) (added, updated, deleted *manifest) {
+	// add diff ssl
+	sa, su, sd := diffSSL(om.ssl, m.ssl)
 	ar, ur, dr := diffRoutes(om.routes, m.routes)
 	au, uu, du := diffUpstreams(om.upstreams, m.upstreams)
 	asr, usr, dsr := diffStreamRoutes(om.streamRoutes, m.streamRoutes)
-	if ar != nil || au != nil || asr != nil {
+
+	if ar != nil || au != nil || asr != nil || sa != nil {
 		added = &manifest{
 			routes:       ar,
 			upstreams:    au,
 			streamRoutes: asr,
+			ssl:          sa,
 		}
 	}
-	if ur != nil || uu != nil || usr != nil {
+	if ur != nil || uu != nil || usr != nil || su != nil {
 		updated = &manifest{
 			routes:       ur,
 			upstreams:    uu,
 			streamRoutes: usr,
+			ssl:          su,
 		}
 	}
-	if dr != nil || du != nil || dsr != nil {
+	if dr != nil || du != nil || dsr != nil || sd != nil {
 		deleted = &manifest{
 			routes:       dr,
 			upstreams:    du,
 			streamRoutes: dsr,
+			ssl:          sd,
 		}
 	}
 	return
@@ -147,6 +186,12 @@ func (c *Controller) syncManifests(ctx context.Context, added, updated, deleted
 
 	clusterName := c.cfg.APISIX.DefaultClusterName
 	if deleted != nil {
+		//  delete ssl
+		for _, ssl := range deleted.ssl {
+			if err := c.apisix.Cluster(clusterName).SSL().Delete(ctx, ssl); err != nil {
+				merr = multierror.Append(merr, err)
+			}
+		}
 		for _, r := range deleted.routes {
 			if err := c.apisix.Cluster(clusterName).Route().Delete(ctx, r); err != nil {
 				merr = multierror.Append(merr, err)
@@ -173,6 +218,12 @@ func (c *Controller) syncManifests(ctx context.Context, added, updated, deleted
 	}
 	if added != nil {
 		// Should create upstreams firstly due to the dependencies.
+		//   add ssl
+		for _, ssl := range added.ssl {
+			if _, err := c.apisix.Cluster(clusterName).SSL().Create(ctx, ssl); err != nil {
+				merr = multierror.Append(merr, err)
+			}
+		}
 		for _, u := range added.upstreams {
 			if _, err := c.apisix.Cluster(clusterName).Upstream().Create(ctx, u); err != nil {
 				merr = multierror.Append(merr, err)
@@ -190,6 +241,12 @@ func (c *Controller) syncManifests(ctx context.Context, added, updated, deleted
 		}
 	}
 	if updated != nil {
+		//  update ssl
+		for _, ssl := range updated.ssl {
+			if _, err := c.apisix.Cluster(clusterName).SSL().Update(ctx, ssl); err != nil {
+				merr = multierror.Append(merr, err)
+			}
+		}
 		for _, r := range updated.upstreams {
 			if _, err := c.apisix.Cluster(clusterName).Upstream().Update(ctx, r); err != nil {
 				merr = multierror.Append(merr, err)

pkg/kube/translation/context.go

@@ -21,14 +21,18 @@ type TranslateContext struct {
 	Routes       []*apisix.Route
 	StreamRoutes []*apisix.StreamRoute
 	Upstreams    []*apisix.Upstream
-
-	upstreamMap map[string]struct{}
+	upstreamMap  map[string]struct{}
+	SSL          []*apisix.Ssl
 }
 
 func (tc *TranslateContext) addRoute(r *apisix.Route) {
 	tc.Routes = append(tc.Routes, r)
 }
 
+func (tc *TranslateContext) addSSL(ssl *apisix.Ssl) {
+	tc.SSL = append(tc.SSL, ssl)
+}
+
 func (tc *TranslateContext) addStreamRoute(sr *apisix.StreamRoute) {
 	tc.StreamRoutes = append(tc.StreamRoutes, sr)
 }

pkg/kube/translation/ingress.go

@@ -16,15 +16,19 @@ package translation
 
 import (
 	"bytes"
+	"fmt"
 	"strings"
 
 	"go.uber.org/zap"
+
 	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
 	networkingv1 "k8s.io/api/networking/v1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
 	"github.com/apache/apisix-ingress-controller/pkg/id"
+	apisixv12 "github.com/apache/apisix-ingress-controller/pkg/kube/apisix/apis/config/v1"
 	"github.com/apache/apisix-ingress-controller/pkg/log"
 	apisixv1 "github.com/apache/apisix-ingress-controller/pkg/types/apisix/v1"
 )
@@ -93,7 +97,37 @@ func (t *translator) translateIngressV1beta1(ing *networkingv1beta1.Ingress) (*T
 		upstreamMap: make(map[string]struct{}),
 	}
 	plugins := t.translateAnnotations(ing.Annotations)
-
+	// add https
+	for _, tls := range ing.Spec.TLS {
+		apisixTls := apisixv12.ApisixTls{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "ApisixTls",
+				APIVersion: "apisix.apache.org/v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      fmt.Sprintf("%v-%v", ing.Name, "tls"),
+				Namespace: ing.Namespace,
+			},
+			Spec: &apisixv12.ApisixTlsSpec{},
+			//Status:     configv2alpha1.ApisixStatus{},
+		}
+		for _, host := range tls.Hosts {
+			apisixTls.Spec.Hosts = append(apisixTls.Spec.Hosts, apisixv12.HostType(host))
+		}
+		apisixTls.Spec.Secret = apisixv12.ApisixSecret{
+			Name:      tls.SecretName,
+			Namespace: ing.Namespace,
+		}
+		ssl, err := t.TranslateSSL(&apisixTls)
+		if err != nil {
+			log.Errorw("failed to translate ingress tls to apisix tls",
+				zap.Error(err),
+				zap.Any("ingress", ing),
+			)
+			return nil, err
+		}
+		ctx.addSSL(ssl)
+	}
 	for _, rule := range ing.Spec.Rules {
 		for _, pathRule := range rule.HTTP.Paths {
 			var (

test/e2e/go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/gavv/httpexpect/v2 v2.2.0
 	github.com/gorilla/websocket v1.4.2
 	github.com/gruntwork-io/terratest v0.32.8
-	github.com/onsi/ginkgo v1.14.2
+	github.com/onsi/ginkgo v1.16.4
 	github.com/stretchr/testify v1.6.1
 	k8s.io/api v0.21.1
 	k8s.io/apimachinery v0.21.1