conflict: chore: v2.0.0 release (#2676) (2d07436)

Makefile

@@ -303,7 +303,7 @@ docker-buildx: ## Build and push docker image for the manager for cross-platform
 .PHONY: build-installer
 build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
 	mkdir -p dist
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} sidecar=ghcr.io/api7/adc:$(ADC_VERSION)
 	$(KUSTOMIZE) build config/default > dist/install.yaml
 
 ##@ Deployment
@@ -346,7 +346,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} sidecar=ghcr.io/api7/adc:$(ADC_VERSION)
 	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
 
 .PHONY: undeploy
@@ -522,7 +522,6 @@ release-src:
 	--exclude docs \
 	--exclude examples \
 	--exclude scripts \
-	--exclude samples \
 	--exclude test \
 	--exclude release \
 	--exclude $(RELEASE_SRC).tgz \

config/default/kustomization.yaml

@@ -20,18 +20,18 @@ resources:
 - ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-- ../webhook
+#- ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-- ../certmanager
+#- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 # [METRICS] Expose the controller manager metrics service.
 - metrics_service.yaml
 - ../samples
-- ../network-policy
+#- ../network-policy
 
 # Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager
-patches:
+#patches:
 # [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
 # More info: https://book.kubebuilder.io/reference/metrics
 #- path: manager_patch.yaml
@@ -40,115 +40,115 @@ patches:
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-- path: manager_webhook_patch.yaml
-  target:
-    kind: Deployment
-    name: controller-manager
+#- path: manager_webhook_patch.yaml
+#  target:
+#    kind: Deployment
+#    name: controller-manager
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
-- path: webhookcainjection_patch.yaml
-  target:
-    kind: ValidatingWebhookConfiguration
-    name: validating-webhook-configuration
+#- path: webhookcainjection_patch.yaml
+#  target:
+#    kind: ValidatingWebhookConfiguration
+#    name: validating-webhook-configuration
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
 # Uncomment the following replacements to add the cert-manager CA injection annotations
-replacements:
-  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-      fieldPath: .metadata.namespace # namespace of the certificate CR
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-      - select:
-          kind: CustomResourceDefinition
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-  - source:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-      fieldPath: .metadata.name
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-      - select:
-          kind: CustomResourceDefinition
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-  - source: # Add cert-manager annotation to the webhook Service
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.name # namespace of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
-  - source:
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.namespace # namespace of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 1
-          create: true
+# replacements:
+#   - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+#       kind: Certificate
+#       group: cert-manager.io
+#       version: v1
+#       name: serving-cert # this name should match the one in certificate.yaml
+#       fieldPath: .metadata.namespace # namespace of the certificate CR
+#     targets:
+#       - select:
+#           kind: ValidatingWebhookConfiguration
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 0
+#           create: true
+#       - select:
+#           kind: MutatingWebhookConfiguration
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 0
+#           create: true
+#       - select:
+#           kind: CustomResourceDefinition
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 0
+#           create: true
+#   - source:
+#       kind: Certificate
+#       group: cert-manager.io
+#       version: v1
+#       name: serving-cert # this name should match the one in certificate.yaml
+#       fieldPath: .metadata.name
+#     targets:
+#       - select:
+#           kind: ValidatingWebhookConfiguration
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 1
+#           create: true
+#       - select:
+#           kind: MutatingWebhookConfiguration
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 1
+#           create: true
+#       - select:
+#           kind: CustomResourceDefinition
+#         fieldPaths:
+#           - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#         options:
+#           delimiter: '/'
+#           index: 1
+#           create: true
+#   - source: # Add cert-manager annotation to the webhook Service
+#       kind: Service
+#       version: v1
+#       name: webhook-service
+#       fieldPath: .metadata.name # namespace of the service
+#     targets:
+#       - select:
+#           kind: Certificate
+#           group: cert-manager.io
+#           version: v1
+#         fieldPaths:
+#           - .spec.dnsNames.0
+#           - .spec.dnsNames.1
+#         options:
+#           delimiter: '.'
+#           index: 0
+#           create: true
+#   - source:
+#       kind: Service
+#       version: v1
+#       name: webhook-service
+#       fieldPath: .metadata.namespace # namespace of the service
+#     targets:
+#       - select:
+#           kind: Certificate
+#           group: cert-manager.io
+#           version: v1
+#         fieldPaths:
+#           - .spec.dnsNames.0
+#           - .spec.dnsNames.1
+#         options:
+#           delimiter: '.'
+#           index: 1
+#           create: true

config/manager/kustomization.yaml

@@ -6,3 +6,6 @@ images:
 - name: controller
   newName: api7/api7-ingress-controller
   newTag: dev
+- name: sidecar
+  newName: ghcr.io/api7/adc
+  newTag: 0.23.1

config/manager/manager.yaml

@@ -49,7 +49,7 @@ spec:
       #             values:
       #               - linux
       securityContext:
-        runAsNonRoot: true
+        fsGroup: 2000   
         # TODO(user): For common cases that do not require escalating privileges
         # it is recommended to ensure that all your Pods/Containers are restrictive.
         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
@@ -73,6 +73,8 @@ spec:
         - name: config-volume
           mountPath: /app/conf/config.yaml
           subPath: config.yaml
+        - name: socket-volume
+          mountPath: /sockets
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -99,9 +101,46 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
+      - image: sidecar:latest
+        env:
+        - name: ADC_RUNNING_MODE
+          value: ingress
+        - name: ADC_EXPERIMENTAL_FEATURE_FLAGS 
+          value: remote-state-file,parallel-backend-request
+        - name: ADC_INGRESS_LOG_LEVEL
+          value: info
+        name: adc-server
+        args:
+        - "server"
+        - "--listen"
+        - "unix:/sockets/adc.sock"
+        - "--listen-status"
+        - "3001"
+        ports:
+        - name: http-status
+          containerPort: 3001
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz/ready
+            port: 3001
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /healthz/ready
+            port: 3001
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        volumeMounts:
+        - name: socket-volume
+          mountPath: /sockets
       volumes:
       - name: config-volume
         configMap:
           name: controller-config
+      - name: socket-volume
+        emptyDir: {}
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

docs/en/latest/developer-guide.md

@@ -82,6 +82,20 @@ To build a Docker image for APISIX Ingress controller, you can use the following
 make build-image IMG=apache/apisix-ingress-controller:dev
 ```
 
+## Deploying the Controller
+
+To deploy the controller to your Kubernetes cluster, you can use the following command:
+
+```shell
+make deploy IMG=apache/apisix-ingress-controller:dev
+```
+
+To undeploy the controller from the cluster:
+
+```shell
+make undeploy
+```
+
 ## Running tests
 
 ### Unit Tests

docs/en/latest/upgrade-guide.md

@@ -154,10 +154,10 @@ Currently supports networking.k8s.io/v1 only. Support for other Ingress API vers
 
 ### Summary
 
-| Category         | Description                                                                                                                       |
-| ---------------- | --------------------------------------------------------------------------------------------------------------------------------- |
-| Architecture     | The `mock-etcd` component has been removed. Configuration is now centralized through the Controller.                              |
-| Configuration    | Static configuration fields have been removed. Use `GatewayProxy` CRD to configure the data plane.                                |
+| Category         | Description                                                                                                                                  |
+| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| Architecture     | The `mock-etcd` component has been removed. Configuration is now centralized through the Controller.                                         |
+| Configuration    | Static configuration fields have been removed. Use `GatewayProxy` CRD to configure the data plane.                                           |
 | Data Plane       | The Admin API configuration method is still supported. Support for the Standalone API-driven mode was introduced in APISIX 3.13.0 and later. |
-| API              | Some fields in `Ingress Annotations` and `ApisixUpstream` are not yet supported.                                                  |
-| Upgrade Strategy | Blue-green deployment or canary release is recommended before full switchover.                                                    |
+| API              | Removed `ApisixClusterConfig`                                                                                                                |
+| Upgrade Strategy | Blue-green deployment or canary release is recommended before full switchover.                                                               |