fix: ssl use cache (#203)

* fix: ssl use cache

* fix: cert failed

* add tls update & delete test case

* fix: modify image

* fix: add license header

* fix: build error after merge

* fix: unit test failed

* fix: review & add dp test case

* fix: revert ApisixTls

* fix: e2e test failed

* fix: build image failed

* fix: e2e test failed

* fix: e2e-test failed

* fix: e2e test failed

* fix: remove debug info

* fix: remove debug info

* fix:typo

* fix: remove createResourceWithMethod

* fix: http ports

Author: gxthrj

go.sum

@@ -42,6 +42,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/api7/ingress-controller v0.1.0-rc1 h1:6EjrBu0r+ccVfYTnpGYj1txz1DJCJ/Q/k8pHigRkeu0=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

pkg/apisix/cache/memdb_test.go

@@ -134,18 +134,21 @@ func TestMemDBCacheSSL(t *testing.T) {
 	assert.Nil(t, err, "NewMemDBCache")
 
 	s1 := &v1.Ssl{
-		ID: "abc",
+		ID:       "abc",
+		FullName: "abc",
 	}
 	assert.Nil(t, c.InsertSSL(s1), "inserting ssl 1")
 
 	s, err := c.GetSSL("abc")
 	assert.Equal(t, s1, s)
 
 	s2 := &v1.Ssl{
-		ID: "def",
+		ID:       "def",
+		FullName: "def",
 	}
 	s3 := &v1.Ssl{
-		ID: "ghi",
+		ID:       "ghi",
+		FullName: "ghi",
 	}
 	assert.Nil(t, c.InsertSSL(s2), "inserting ssl 2")
 	assert.Nil(t, c.InsertSSL(s3), "inserting ssl 3")

pkg/apisix/cache/schema.go

@@ -87,7 +87,7 @@ var (
 					"id": {
 						Name:    "id",
 						Unique:  true,
-						Indexer: &memdb.StringFieldIndex{Field: "ID"},
+						Indexer: &memdb.StringFieldIndex{Field: "FullName"},
 					},
 				},
 			},

pkg/apisix/resource.go

@@ -192,6 +192,7 @@ func (i *item) ssl(clusterName string) (*v1.Ssl, error) {
 	id := list[len(list)-1]
 	ssl.ID = id
 	ssl.Group = clusterName
+	ssl.FullName = id
 	return &ssl, nil
 }
 

pkg/apisix/ssl.go

@@ -138,6 +138,7 @@ func (s *sslClient) Create(ctx context.Context, obj *v1.Ssl) (*v1.Ssl, error) {
 	log.Infow("try to create ssl",
 		zap.String("cluster", s.clusterName),
 		zap.String("url", s.url),
+		zap.String("id", obj.ID),
 	)
 	if err := s.cluster.HasSynced(ctx); err != nil {
 		return nil, err
@@ -231,7 +232,6 @@ func (s *sslClient) Update(ctx context.Context, obj *v1.Ssl) (*v1.Ssl, error) {
 	if err := s.cluster.cache.InsertSSL(ssl); err != nil {
 		log.Errorf("failed to reflect ssl update to cache: %s", err)
 		return nil, err
-
 	}
 	return ssl, nil
 }

pkg/ingress/apisix/tls.go

@@ -26,7 +26,7 @@ import (
 	apisix "github.com/apache/apisix-ingress-controller/pkg/types/apisix/v1"
 )
 
-type ApisixTLSCRD configv1.ApisixTLS
+type ApisixTLSCRD configv1.ApisixTls
 
 // Convert convert to  apisix.Ssl from ingress.ApisixTls CRD
 func (as *ApisixTLSCRD) Convert(sc Secreter) (*apisix.Ssl, error) {

pkg/ingress/controller/apisix_tls.go

@@ -40,21 +40,21 @@ type ApisixTLSController struct {
 	controller      *Controller
 	kubeclientset   kubernetes.Interface
 	apisixClientset clientset.Interface
-	apisixTLSList   listersv1.ApisixTLSLister
+	apisixTLSList   listersv1.ApisixTlsLister
 	apisixTLSSynced cache.InformerSynced
 	workqueue       workqueue.RateLimitingInterface
 }
 
 type TlsQueueObj struct {
 	Key    string              `json:"key"`
-	OldObj *configv1.ApisixTLS `json:"old_obj"`
+	OldObj *configv1.ApisixTls `json:"old_obj"`
 	Ope    string              `json:"ope"` // add / update / delete
 }
 
 func BuildApisixTlsController(
 	kubeclientset kubernetes.Interface,
 	apisixTLSClientset clientset.Interface,
-	apisixTLSInformer informersv1.ApisixTLSInformer,
+	apisixTLSInformer informersv1.ApisixTlsInformer,
 	root *Controller) *ApisixTLSController {
 
 	runtime.Must(apisixscheme.AddToScheme(scheme.Scheme))
@@ -128,13 +128,13 @@ func (c *ApisixTLSController) syncHandler(tqo *TlsQueueObj) error {
 	}
 	apisixTlsYaml := tqo.OldObj
 	if tqo.Ope == state.Delete {
-		apisixIngressTls, _ := c.apisixTLSList.ApisixTLSs(namespace).Get(name)
+		apisixIngressTls, _ := c.apisixTLSList.ApisixTlses(namespace).Get(name)
 		if apisixIngressTls != nil && apisixIngressTls.ResourceVersion > tqo.OldObj.ResourceVersion {
 			log.Warnf("TLS %s has been covered when retry", tqo.Key)
 			return nil
 		}
 	} else {
-		apisixTlsYaml, err = c.apisixTLSList.ApisixTLSs(namespace).Get(name)
+		apisixTlsYaml, err = c.apisixTLSList.ApisixTlses(namespace).Get(name)
 		if err != nil {
 			if errors.IsNotFound(err) {
 				log.Infof("apisixTls %s is removed", tqo.Key)
@@ -172,8 +172,8 @@ func (c *ApisixTLSController) addFunc(obj interface{}) {
 }
 
 func (c *ApisixTLSController) updateFunc(oldObj, newObj interface{}) {
-	oldTls := oldObj.(*configv1.ApisixTLS)
-	newTls := newObj.(*configv1.ApisixTLS)
+	oldTls := oldObj.(*configv1.ApisixTls)
+	newTls := newObj.(*configv1.ApisixTls)
 	if oldTls.ResourceVersion == newTls.ResourceVersion {
 		return
 	}
@@ -191,13 +191,13 @@ func (c *ApisixTLSController) updateFunc(oldObj, newObj interface{}) {
 }
 
 func (c *ApisixTLSController) deleteFunc(obj interface{}) {
-	oldTls, ok := obj.(*configv1.ApisixTLS)
+	oldTls, ok := obj.(*configv1.ApisixTls)
 	if !ok {
 		oldState, ok := obj.(cache.DeletedFinalStateUnknown)
 		if !ok {
 			return
 		}
-		oldTls, ok = oldState.Obj.(*configv1.ApisixTLS)
+		oldTls, ok = oldState.Obj.(*configv1.ApisixTls)
 		if !ok {
 			return
 		}

pkg/ingress/controller/controller.go

@@ -330,7 +330,7 @@ func (api6 *Api6Controller) ApisixTLS(controller *Controller) {
 	atc := BuildApisixTlsController(
 		api6.KubeClientSet,
 		api6.Api6ClientSet,
-		api6.SharedInformerFactory.Apisix().V1().ApisixTLSs(),
+		api6.SharedInformerFactory.Apisix().V1().ApisixTlses(),
 		controller)
 	if err := atc.Run(api6.Stop); err != nil {
 		log.Errorf("failed to run ApisixTlsController: %s", err)

pkg/kube/apisix/apis/config/v1/register.go

@@ -50,8 +50,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ApisixUpstreamList{},
 		&ApisixService{},
 		&ApisixServiceList{},
-		&ApisixTLS{},
-		&ApisixTLSList{},
+		&ApisixTls{},
+		&ApisixTlsList{},
 	)
 
 	// register the type in the scheme

pkg/kube/apisix/apis/config/v1/types.go

@@ -191,22 +191,22 @@ func (p *Config) DeepCopy() *Config {
 // +genclient:noStatus
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// ApisixTLS defines SSL resource in APISIX.
-type ApisixTLS struct {
+// ApisixTls defines SSL resource in APISIX.
+type ApisixTls struct {
 	metav1.TypeMeta   `json:",inline" yaml:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
-	Spec              *ApisixTLSSpec `json:"spec,omitempty" yaml:"spec,omitempty"`
+	Spec              *ApisixTlsSpec `json:"spec,omitempty" yaml:"spec,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type ApisixTLSList struct {
+type ApisixTlsList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
-	Items           []ApisixTLS `json:"items,omitempty"`
+	Items           []ApisixTls `json:"items,omitempty"`
 }
 
-// ApisixTLSSpec is the specification of ApisixSSL.
-type ApisixTLSSpec struct {
+// ApisixTlsSpec is the specification of ApisixSSL.
+type ApisixTlsSpec struct {
 	Hosts  []string     `json:"hosts,omitempty"`
 	Secret ApisixSecret `json:"secret,omitempty"`
 }