feat: add Unix socket support for inter-container communication (#2587)
diff --git a/internal/adc/client/executor.go b/internal/adc/client/executor.go
index c5e16b5..bda6c7d 100644
--- a/internal/adc/client/executor.go
+++ b/internal/adc/client/executor.go
@@ -24,6 +24,7 @@
"errors"
"fmt"
"io"
+ "net"
"net/http"
"os"
"os/exec"
@@ -227,13 +228,32 @@
serverURL string
}
-// NewHTTPADCExecutor creates a new HTTPADCExecutor with the specified ADC Server URL
+// NewHTTPADCExecutor creates a new HTTPADCExecutor with the specified ADC Server URL.
+// serverURL can be "http(s)://host:port" or "unix:///path/to/socket" or "unix:/path/to/socket".
func NewHTTPADCExecutor(serverURL string, timeout time.Duration) *HTTPADCExecutor {
+ httpClient := &http.Client{
+ Timeout: timeout,
+ }
+
+ if strings.HasPrefix(serverURL, "unix:") {
+ var socketPath string
+ if strings.HasPrefix(serverURL, "unix:///") {
+ socketPath = strings.TrimPrefix(serverURL, "unix://")
+ } else {
+ socketPath = strings.TrimPrefix(serverURL, "unix:")
+ }
+ transport := &http.Transport{
+ DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return (&net.Dialer{}).DialContext(ctx, "unix", socketPath)
+ },
+ }
+ httpClient.Transport = transport
+ serverURL = "http://unix"
+ }
+
return &HTTPADCExecutor{
- httpClient: &http.Client{
- Timeout: timeout,
- },
- serverURL: serverURL,
+ httpClient: httpClient,
+ serverURL: serverURL,
}
}
diff --git a/test/e2e/framework/manifests/ingress.yaml b/test/e2e/framework/manifests/ingress.yaml
index 2324d4d..e44cf1b 100644
--- a/test/e2e/framework/manifests/ingress.yaml
+++ b/test/e2e/framework/manifests/ingress.yaml
@@ -356,6 +356,8 @@
app: apisix-ingress-controller
control-plane: controller-manager
spec:
+ securityContext:
+ fsGroup: 2000
containers:
- image: apache/apisix-ingress-controller:dev
env:
@@ -367,10 +369,14 @@
valueFrom:
fieldRef:
fieldPath: metadata.name
+ - name: ADC_SERVER_URL
+ value: "unix:/sockets/adc.sock"
volumeMounts:
- name: ingress-config
mountPath: /app/conf/config.yaml
subPath: config.yaml
+ - name: socket-volume
+ mountPath: /sockets
{{ if .WebhookEnable -}}
- name: webhook-certs
mountPath: /tmp/certs
@@ -395,12 +401,7 @@
path: /readyz
port: 8081
initialDelaySeconds: 5
- periodSeconds: 10
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
+ periodSeconds: 10
- image: ghcr.io/api7/adc:dev
env:
- name: ADC_RUNNING_MODE
@@ -413,13 +414,10 @@
args:
- "server"
- "--listen"
- - "http://127.0.0.1:3000"
+ - "unix:/sockets/adc.sock"
- "--listen-status"
- "3001"
ports:
- - name: http
- containerPort: 3000
- protocol: TCP
- name: http-status
containerPort: 3001
protocol: TCP
@@ -436,10 +434,15 @@
port: 3001
initialDelaySeconds: 5
periodSeconds: 5
+ volumeMounts:
+ - name: socket-volume
+ mountPath: /sockets
volumes:
- name: ingress-config
configMap:
name: ingress-config
+ - name: socket-volume
+ emptyDir: {}
{{ if .WebhookEnable -}}
- name: webhook-certs
secret:
