feat: support ingress class (#113)

Signed-off-by: ashing <[email protected]>

Author: ronething

internal/controller/indexer/indexer.go

@@ -42,6 +42,12 @@ func SetupIndexer(mgr ctrl.Manager) error {
 	if err := setupBackendTrafficPolicyIndexer(mgr); err != nil {
 		return err
 	}
+	if err := setupIngressClassIndexer(mgr); err != nil {
+		return err
+	}
+	if err := setupGatewayProxyIndexer(mgr); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -149,53 +155,90 @@ func setupHTTPRouteIndexer(mgr ctrl.Manager) error {
 	return nil
 }
 
-func setupIngressIndexer(mgr ctrl.Manager) error {
+func setupIngressClassIndexer(mgr ctrl.Manager) error {
 	// create IngressClass index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
-		IngressClassRef,
-		IngressClassRefIndexFunc,
+		&networkingv1.IngressClass{},
+		IngressClass,
+		IngressClassIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create Service index for quick lookup of Ingresses using specific services
+	// create IngressClassParametersRef index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
-		ServiceIndexRef,
-		IngressServiceIndexFunc,
+		&networkingv1.IngressClass{},
+		IngressClassParametersRef,
+		IngressClassParametersRefIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create secret index for TLS
+	return nil
+}
+
+func setupGatewayProxyIndexer(mgr ctrl.Manager) error {
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
+		&v1alpha1.GatewayProxy{},
 		SecretIndexRef,
-		IngressSecretIndexFunc,
+		GatewayProxySecretIndexFunc,
 	); err != nil {
 		return err
 	}
+	return nil
+}
 
+func GatewayProxySecretIndexFunc(rawObj client.Object) []string {
+	gatewayProxy := rawObj.(*v1alpha1.GatewayProxy)
+	secretKeys := make([]string, 0)
+
+	// Check if provider is ControlPlane type and has AdminKey auth
+	if gatewayProxy.Spec.Provider != nil &&
+		gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane &&
+		gatewayProxy.Spec.Provider.ControlPlane != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+
+		ref := gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
+		ns := gatewayProxy.GetNamespace()
+		key := GenIndexKey(ns, ref.Name)
+		secretKeys = append(secretKeys, key)
+	}
+	return secretKeys
+}
+
+func setupIngressIndexer(mgr ctrl.Manager) error {
 	// create IngressClass index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.IngressClass{},
-		IngressClass,
-		IngressClassIndexFunc,
+		&networkingv1.Ingress{},
+		IngressClassRef,
+		IngressClassRefIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create IngressClassParametersRef index
+	// create Service index for quick lookup of Ingresses using specific services
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.IngressClass{},
-		IngressClassParametersRef,
-		IngressClassParametersRefIndexFunc,
+		&networkingv1.Ingress{},
+		ServiceIndexRef,
+		IngressServiceIndexFunc,
+	); err != nil {
+		return err
+	}
+
+	// create secret index for TLS
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&networkingv1.Ingress{},
+		SecretIndexRef,
+		IngressSecretIndexFunc,
 	); err != nil {
 		return err
 	}

internal/controller/ingress_controller.go

@@ -651,7 +651,7 @@ func (r *IngressReconciler) processIngressClassParameters(ctx context.Context, t
 
 	parameters := ingressClass.Spec.Parameters
 	// check if the parameters reference GatewayProxy
-	if parameters.APIGroup != nil && *parameters.APIGroup == v1alpha1.GroupVersion.Group && parameters.Kind == "GatewayProxy" {
+	if parameters.APIGroup != nil && *parameters.APIGroup == v1alpha1.GroupVersion.Group && parameters.Kind == KindGatewayProxy {
 		ns := ingress.GetNamespace()
 		if parameters.Namespace != nil {
 			ns = *parameters.Namespace

internal/controller/ingressclass_controller.go

@@ -0,0 +1,235 @@
+package controller
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/api7/gopkg/pkg/log"
+	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
+	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
+	"github.com/api7/api7-ingress-controller/internal/provider"
+)
+
+// IngressClassReconciler reconciles a IngressClass object.
+type IngressClassReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+	Log    logr.Logger
+
+	Provider provider.Provider
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *IngressClassReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(
+			&networkingv1.IngressClass{},
+			builder.WithPredicates(
+				predicate.NewPredicateFuncs(r.matchesController),
+			),
+		).
+		WithEventFilter(predicate.GenerationChangedPredicate{}).
+		Watches(
+			&v1alpha1.GatewayProxy{},
+			handler.EnqueueRequestsFromMapFunc(r.listIngressClassesForGatewayProxy),
+		).
+		Watches(
+			&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(r.listIngressClassesForSecret),
+		).
+		Complete(r)
+}
+
+func (r *IngressClassReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	ingressClass := new(networkingv1.IngressClass)
+	if err := r.Get(ctx, req.NamespacedName, ingressClass); err != nil {
+		if client.IgnoreNotFound(err) == nil {
+			ingressClass.Name = req.Name
+
+			ingressClass.TypeMeta = metav1.TypeMeta{
+				Kind:       KindIngressClass,
+				APIVersion: networkingv1.SchemeGroupVersion.String(),
+			}
+
+			if err := r.Provider.Delete(ctx, ingressClass); err != nil {
+				return ctrl.Result{}, err
+			}
+			return ctrl.Result{}, nil
+		}
+		return ctrl.Result{}, err
+	}
+
+	// Create a translate context
+	tctx := provider.NewDefaultTranslateContext(ctx)
+
+	if err := r.processInfrastructure(tctx, ingressClass); err != nil {
+		r.Log.Error(err, "failed to process infrastructure for ingressclass", "ingressclass", ingressClass.GetName())
+		return ctrl.Result{}, err
+	}
+
+	if err := r.Provider.Update(ctx, tctx, ingressClass); err != nil {
+		r.Log.Error(err, "failed to update ingressclass", "ingressclass", ingressClass.GetName())
+		return ctrl.Result{}, err
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *IngressClassReconciler) matchesController(obj client.Object) bool {
+	ingressClass, ok := obj.(*networkingv1.IngressClass)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to IngressClass")
+		return false
+	}
+	return matchesController(ingressClass.Spec.Controller)
+}
+
+func (r *IngressClassReconciler) listIngressClassesForGatewayProxy(ctx context.Context, obj client.Object) []reconcile.Request {
+	gatewayProxy, ok := obj.(*v1alpha1.GatewayProxy)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to GatewayProxy")
+		return nil
+	}
+	namespace := gatewayProxy.GetNamespace()
+	name := gatewayProxy.GetName()
+
+	ingressClassList := &networkingv1.IngressClassList{}
+	if err := r.List(ctx, ingressClassList, client.MatchingFields{
+		indexer.IngressClassParametersRef: indexer.GenIndexKey(namespace, name),
+	}); err != nil {
+		r.Log.Error(err, "failed to list ingress classes for gateway proxy", "gatewayproxy", gatewayProxy.GetName())
+		return nil
+	}
+
+	recs := make([]reconcile.Request, 0, len(ingressClassList.Items))
+	for _, ingressClass := range ingressClassList.Items {
+		if !r.matchesController(&ingressClass) {
+			continue
+		}
+		recs = append(recs, reconcile.Request{
+			NamespacedName: client.ObjectKey{
+				Name: ingressClass.GetName(),
+			},
+		})
+	}
+	return recs
+}
+
+func (r *IngressClassReconciler) listIngressClassesForSecret(ctx context.Context, obj client.Object) []reconcile.Request {
+	secret, ok := obj.(*corev1.Secret)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to Secret")
+		return nil
+	}
+
+	// 1. list gateway proxies by secret
+	gatewayProxyList := &v1alpha1.GatewayProxyList{}
+	if err := r.List(ctx, gatewayProxyList, client.MatchingFields{
+		indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
+	}); err != nil {
+		r.Log.Error(err, "failed to list gateway proxies by secret", "secret", secret.GetName())
+		return nil
+	}
+
+	// 2. list ingress classes by gateway proxies
+	requests := make([]reconcile.Request, 0)
+	for _, gatewayProxy := range gatewayProxyList.Items {
+		ingressClassList := &networkingv1.IngressClassList{}
+		if err := r.List(ctx, ingressClassList, client.MatchingFields{
+			indexer.IngressClassParametersRef: indexer.GenIndexKey(gatewayProxy.GetNamespace(), gatewayProxy.GetName()),
+		}); err != nil {
+			r.Log.Error(err, "failed to list ingress classes by secret", "secret", secret.GetName())
+			return nil
+		}
+		for _, ingressClass := range ingressClassList.Items {
+			if !r.matchesController(&ingressClass) {
+				continue
+			}
+			requests = append(requests, reconcile.Request{
+				NamespacedName: client.ObjectKey{
+					Name:      ingressClass.GetName(),
+					Namespace: ingressClass.GetNamespace(),
+				},
+			})
+		}
+	}
+
+	requests = distinctRequests(requests)
+
+	return requests
+}
+
+func (r *IngressClassReconciler) processInfrastructure(tctx *provider.TranslateContext, ingressClass *networkingv1.IngressClass) error {
+	if ingressClass.Spec.Parameters == nil {
+		return nil
+	}
+
+	if ingressClass.Spec.Parameters.APIGroup == nil ||
+		*ingressClass.Spec.Parameters.APIGroup != v1alpha1.GroupVersion.Group ||
+		ingressClass.Spec.Parameters.Kind != KindGatewayProxy {
+		return nil
+	}
+
+	namespace := ingressClass.Namespace
+	if ingressClass.Spec.Parameters.Namespace != nil {
+		namespace = *ingressClass.Spec.Parameters.Namespace
+	}
+
+	gatewayProxy := new(v1alpha1.GatewayProxy)
+	if err := r.Get(context.Background(), client.ObjectKey{
+		Namespace: namespace,
+		Name:      ingressClass.Spec.Parameters.Name,
+	}, gatewayProxy); err != nil {
+		return fmt.Errorf("failed to get gateway proxy: %w", err)
+	}
+
+	rk := provider.ResourceKind{
+		Kind:      ingressClass.Kind,
+		Namespace: ingressClass.Namespace,
+		Name:      ingressClass.Name,
+	}
+
+	tctx.GatewayProxies[rk] = *gatewayProxy
+	tctx.ResourceParentRefs[rk] = append(tctx.ResourceParentRefs[rk], rk)
+
+	// Load secrets if needed
+	if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.ControlPlane != nil {
+		auth := gatewayProxy.Spec.Provider.ControlPlane.Auth
+		if auth.Type == v1alpha1.AuthTypeAdminKey && auth.AdminKey != nil && auth.AdminKey.ValueFrom != nil {
+			if auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+				secretRef := auth.AdminKey.ValueFrom.SecretKeyRef
+				secret := &corev1.Secret{}
+				if err := r.Get(context.Background(), client.ObjectKey{
+					Namespace: namespace,
+					Name:      secretRef.Name,
+				}, secret); err != nil {
+					log.Error(err, "failed to get secret for gateway proxy", "namespace", namespace, "name", secretRef.Name)
+					return err
+				}
+				tctx.Secrets[client.ObjectKey{
+					Namespace: namespace,
+					Name:      secretRef.Name,
+				}] = secret
+			}
+		}
+	}
+
+	_, ok := tctx.GatewayProxies[rk]
+	if !ok {
+		return fmt.Errorf("no gateway proxy found for ingress class")
+	}
+
+	return nil
+}

internal/controller/utils.go

@@ -27,6 +27,8 @@ const (
 	KindHTTPRoute    = "HTTPRoute"
 	KindGatewayClass = "GatewayClass"
 	KindIngress      = "Ingress"
+	KindIngressClass = "IngressClass"
+	KindGatewayProxy = "GatewayProxy"
 )
 
 const defaultIngressClassAnnotation = "ingressclass.kubernetes.io/is-default-class"
@@ -783,7 +785,7 @@ func ProcessGatewayProxy(r client.Client, tctx *provider.TranslateContext, gatew
 
 	ns := gateway.GetNamespace()
 	paramRef := infra.ParametersRef
-	if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == "GatewayProxy" {
+	if string(paramRef.Group) == v1alpha1.GroupVersion.Group && string(paramRef.Kind) == KindGatewayProxy {
 		gatewayProxy := &v1alpha1.GatewayProxy{}
 		if err := r.Get(context.Background(), client.ObjectKey{
 			Namespace: ns,

internal/manager/controllers.go

@@ -80,5 +80,11 @@ func setupControllers(ctx context.Context, mgr manager.Manager, pro provider.Pro
 			Log:      ctrl.LoggerFrom(ctx).WithName("controllers").WithName("Consumer"),
 			Provider: pro,
 		},
+		&controller.IngressClassReconciler{
+			Client:   mgr.GetClient(),
+			Scheme:   mgr.GetScheme(),
+			Log:      ctrl.LoggerFrom(ctx).WithName("controllers").WithName("IngressClass"),
+			Provider: pro,
+		},
 	}, nil
 }