feat: support apisix tls

[ronething]

Type of change:

• Bugfix
• New feature provided
• Improve performance
• Backport patches
• Documentation
• Refactor
• Chore
• CI/CD or Tests

What this PR does / why we need it:

Pre-submission checklist:

• Did you explain what problem does this PR solve? Or what new features have been added?
• Have you added corresponding test cases?
• Have you modified the corresponding document?
• Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

[github-actions]

conformance test report

apiVersion: gateway.networking.k8s.io/v1
date: "2025-06-20T03:34:27Z"
gatewayAPIChannel: standard
gatewayAPIVersion: v1.2.0
implementation:
  contact: null
  organization: APISIX
  project: apisix-ingress-controller
  url: https://github.com/apache/apisix-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    result: partial
    skippedTests:
    - HTTPRouteHTTPSListener
    statistics:
      Failed: 0
      Passed: 32
      Skipped: 1
  name: GATEWAY-HTTP
  summary: Core tests partially succeeded with 1 test skips.

[github-actions]

conformance test report

apiVersion: gateway.networking.k8s.io/v1
date: "2025-06-20T03:31:25Z"
gatewayAPIChannel: standard
gatewayAPIVersion: v1.2.0
implementation:
  contact: null
  organization: APISIX
  project: apisix-ingress-controller
  url: https://github.com/apache/apisix-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    result: partial
    skippedTests:
    - HTTPRouteHTTPSListener
    statistics:
      Failed: 0
      Passed: 32
      Skipped: 1
  name: GATEWAY-HTTP
  summary: Core tests partially succeeded with 1 test skips.

[Copilot]

Pull Request Overview

This PR adds full support for the ApisixTls CR, including e2e tests, provider translation, controller wiring, indexing, and sample YAML updates.

• Introduces end-to-end tests for TLS and mTLS in test/e2e/apisix/tls.go
• Implements translation of ApisixTls CR to ADC SSL resources and registers it in the ADC client
• Wires up ApisixTls in the controller manager, indexing, and updates sample manifests for v2 and adds an ApisixTls example

Reviewed Changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
test/e2e/apisix/tls.go	Add e2e tests covering basic TLS and mutual TLS scenarios
internal/provider/adc/translator/apisixtls.go	Implement TranslateApisixTls to generate ADC SSL objects
internal/provider/adc/adc.go	Register ApisixTls handling in ADC client's Update and Delete
internal/manager/controllers.go	Add ApisixTlsReconciler to controller setup
internal/controller/utils.go	Define KindApisixTls constant
internal/controller/indexer/indexer.go	Add field indexers for ApisixTls secrets and ingress class references
config/samples/*	Update sample CRDs to apiVersion: apisix.apache.org/v2 and add ApisixTls sample

Comments suppressed due to low confidence (2)

config/samples/apisix.apache.org_v2_apisixupstream.yaml:1

• Sample CR files in this directory use a leading dash to form a list in Kustomize. The leading - was removed here, which may break sample bundling. Re-add the dash before apiVersion to maintain the list format.

apiVersion: apisix.apache.org/v2

config/samples/apisix.apache.org_v2_apisixtls.yaml:1

• This new sample should follow the existing pattern of a leading - to be included as a list item in Kustomize. Add - before apiVersion.

apiVersion: apisix.apache.org/v2