feat: support sni based tls route

Signed-off-by: mango <xu.weiKyrie@foxmail.com>

pkg/apisix/stream_route.go

@@ -149,6 +149,7 @@ func (r *streamRouteClient) Create(ctx context.Context, obj *v1.StreamRoute) (*v
 		zap.Int32("server_port", obj.ServerPort),
 		zap.String("cluster", "default"),
 		zap.String("url", r.url),
+		zap.String("sni", obj.SNI),
 	)
 
 	if err := r.cluster.HasSynced(ctx); err != nil {

pkg/apisix/stream_route_test.go

@@ -164,17 +164,21 @@ func TestStreamRouteClient(t *testing.T) {
 		ID:         "1",
 		ServerPort: 8001,
 		UpstreamId: "1",
+		SNI:        "a.test.com",
 	})
 	assert.Nil(t, err)
 	assert.Equal(t, obj.ID, "1")
+	assert.Equal(t, obj.SNI, "a.test.com")
 
 	obj, err = cli.Create(context.Background(), &v1.StreamRoute{
 		ID:         "2",
 		ServerPort: 8002,
 		UpstreamId: "1",
+		SNI:        "*.test.com",
 	})
 	assert.Nil(t, err)
 	assert.Equal(t, obj.ID, "2")
+	assert.Equal(t, obj.SNI, "*.test.com")
 
 	// List
 	objs, err := cli.List(context.Background())
@@ -200,4 +204,6 @@ func TestStreamRouteClient(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Len(t, objs, 1)
 	assert.Equal(t, "2", objs[0].ID)
+	assert.Equal(t, "112", objs[0].UpstreamId)
+	assert.Equal(t, "", objs[0].SNI)
 }

pkg/ingress/manifest_test.go

@@ -83,6 +83,7 @@ func TestDiffStreamRoutes(t *testing.T) {
 		{
 			ID:         "3",
 			ServerPort: 8080,
+			SNI:        "a.test.com",
 		},
 	}
 	added, updated, deleted := diffStreamRoutes(nil, news)
@@ -92,6 +93,7 @@ func TestDiffStreamRoutes(t *testing.T) {
 	assert.Equal(t, "1", added[0].ID)
 	assert.Equal(t, "3", added[1].ID)
 	assert.Equal(t, int32(8080), added[1].ServerPort)
+	assert.Equal(t, "a.test.com", added[1].SNI)
 
 	olds := []*apisixv1.StreamRoute{
 		{
@@ -100,6 +102,7 @@ func TestDiffStreamRoutes(t *testing.T) {
 		{
 			ID:         "3",
 			ServerPort: 8081,
+			SNI:        "a.test.com",
 		},
 	}
 	added, updated, deleted = diffStreamRoutes(olds, nil)
@@ -109,13 +112,15 @@ func TestDiffStreamRoutes(t *testing.T) {
 	assert.Equal(t, "2", deleted[0].ID)
 	assert.Equal(t, "3", deleted[1].ID)
 	assert.Equal(t, int32(8081), deleted[1].ServerPort)
+	assert.Equal(t, "a.test.com", deleted[1].SNI)
 
 	added, updated, deleted = diffStreamRoutes(olds, news)
 	assert.Len(t, added, 1)
 	assert.Equal(t, "1", added[0].ID)
 	assert.Len(t, updated, 1)
 	assert.Equal(t, "3", updated[0].ID)
 	assert.Equal(t, int32(8080), updated[0].ServerPort)
+	assert.Equal(t, "a.test.com", updated[0].SNI)
 	assert.Len(t, deleted, 1)
 	assert.Equal(t, "2", deleted[0].ID)
 }

pkg/kube/apisix/apis/config/v2beta3/types.go

@@ -208,7 +208,8 @@ type ApisixRouteStream struct {
 type ApisixRouteStreamMatch struct {
 	// IngressPort represents the port listening on the Ingress proxy server.
 	// It should be pre-defined as APISIX doesn't support dynamic listening.
-	IngressPort int32 `json:"ingressPort" yaml:"ingressPort"`
+	IngressPort int32  `json:"ingressPort" yaml:"ingressPort"`
+	Host        string `json:"host,omitempty" yaml:"host,omitempty"`
 }
 
 // ApisixRouteStreamBackend represents a TCP backend (a Kubernetes Service).

pkg/kube/translation/apisix_route.go

@@ -757,6 +757,7 @@ func (t *translator) translateStreamRouteV2beta3(ctx *TranslateContext, ar *conf
 		name := apisixv1.ComposeStreamRouteName(ar.Namespace, ar.Name, part.Name)
 		sr.ID = id.GenID(name)
 		sr.ServerPort = part.Match.IngressPort
+		sr.SNI = part.Match.Host
 		ups, err := t.translateUpstream(ar.Namespace, backend.ServiceName, backend.Subset, backend.ResolveGranularity, svcClusterIP, svcPort)
 		if err != nil {
 			return err

pkg/types/apisix/v1/types.go

@@ -334,6 +334,7 @@ type StreamRoute struct {
 	Desc       string            `json:"desc,omitempty" yaml:"desc,omitempty"`
 	Labels     map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
 	ServerPort int32             `json:"server_port,omitempty" yaml:"server_port,omitempty"`
+	SNI        string            `json:"sni,omitempty" yaml:"sni,omitempty"`
 	UpstreamId string            `json:"upstream_id,omitempty" yaml:"upstream_id,omitempty"`
 	Upstream   *Upstream         `json:"upstream,omitempty" yaml:"upstream,omitempty"`
 }

samples/deploy/crd/v1/ApisixRoute.yaml

@@ -93,7 +93,7 @@ spec:
                       match:
                         type: object
                         required:
-                        - paths
+                          - paths
                         properties:
                           paths:
                             type: array
@@ -134,7 +134,7 @@ spec:
                                       type: string
                                       minLength: 1
                                   required:
-                                  - scope
+                                    - scope
                                 op:
                                   type: string
                                   enum:
@@ -230,6 +230,8 @@ spec:
                       match:
                         type: object
                         properties:
+                          host:
+                            type: string
                           ingressPort:
                             type: integer
                             minimum: 1
@@ -290,6 +292,10 @@ spec:
           name: Target Service(HTTP)
           type: string
           priority: 1
+        - jsonPath: .spec.tcp[].match.host
+          name: Ingress Server Host
+          type: string
+          priority: 0
         - jsonPath: .spec.tcp[].match.ingressPort
           name: Ingress Server Port(TCP)
           type: integer
@@ -476,6 +482,8 @@ spec:
                       match:
                         type: object
                         properties:
+                          host:
+                            type: string
                           ingressPort:
                             type: integer
                             minimum: 1

test/e2e/suite-features/global_rule.go

@@ -19,10 +19,10 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/apache/apisix-ingress-controller/pkg/id"
 	"github.com/onsi/ginkgo"
 	"github.com/stretchr/testify/assert"
 
-	"github.com/apache/apisix-ingress-controller/pkg/id"
 	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
 )
 

test/e2e/suite-ingress/ingress.go

@@ -21,11 +21,11 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/apache/apisix-ingress-controller/pkg/id"
 	"github.com/onsi/ginkgo"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 
-	"github.com/apache/apisix-ingress-controller/pkg/id"
 	"github.com/apache/apisix-ingress-controller/test/e2e/scaffold"
 )
 

test/e2e/suite-ingress/stream.go

@@ -49,6 +49,7 @@ spec:
     protocol: TCP
     match:
       ingressPort: 9100
+      host: a.test.com
     backend:
       serviceName: %s
       servicePort: %d
@@ -64,6 +65,7 @@ spec:
 		assert.Nil(ginkgo.GinkgoT(), err)
 		assert.Len(ginkgo.GinkgoT(), sr, 1)
 		assert.Equal(ginkgo.GinkgoT(), sr[0].ServerPort, int32(9100))
+		assert.Equal(ginkgo.GinkgoT(), sr[0].SNI, "a.test.com")
 
 		resp := s.NewAPISIXClientWithTCPProxy().GET("/ip").Expect()
 		resp.Body().Contains("origin")
@@ -133,6 +135,7 @@ spec:
     protocol: UDP
     match:
       ingressPort: 9200
+      host: a.test.com
     backend:
       serviceName: coredns
       servicePort: 53
@@ -151,6 +154,7 @@ spec:
 		assert.Nil(ginkgo.GinkgoT(), err)
 		assert.Len(ginkgo.GinkgoT(), sr, 1)
 		assert.Equal(ginkgo.GinkgoT(), sr[0].ServerPort, int32(9200))
+		assert.Equal(ginkgo.GinkgoT(), sr[0].SNI, "a.test.com")
 		// test dns query
 		r := s.DNSResolver()
 		host := "httpbin.org"