pkg/api/server.go - apisix-ingress-controller - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one or more
 // contributor license agreements.  See the NOTICE file distributed with
 // this work for additional information regarding copyright ownership.
 // The ASF licenses this file to You under the Apache License, Version 2.0
 // (the "License"); you may not use this file except in compliance with
 // the License.  You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package api

 import (
 	"context"
 	"crypto/tls"
 	"net"
 	"net/http"
 	"net/http/pprof"
 	"time"

 	"github.com/gin-gonic/gin"
 	"go.uber.org/zap"

 	apirouter "github.com/apache/apisix-ingress-controller/pkg/api/router"
 	"github.com/apache/apisix-ingress-controller/pkg/apisix"
 	"github.com/apache/apisix-ingress-controller/pkg/config"
 	"github.com/apache/apisix-ingress-controller/pkg/log"
 	"github.com/apache/apisix-ingress-controller/pkg/metrics"
 	"github.com/apache/apisix-ingress-controller/pkg/types"
 )

 // Server represents the API Server in ingress-apisix-controller.
 type Server struct {
 	HealthState     *apirouter.HealthState
 	httpServer      *gin.Engine
 	admissionServer *http.Server
 	httpListener    net.Listener
 	pprofMu         *http.ServeMux
 }

 // NewServer initializes the API Server.
 func NewServer(cfg *config.Config) (*Server, error) {
 	httpListener, err := net.Listen("tcp", cfg.HTTPListen)
 	if err != nil {
 		return nil, err
 	}
 	gin.SetMode(gin.ReleaseMode)
 	httpServer := gin.New()
 	httpServer.Use(log.GinRecovery(log.DefaultLogger, true), log.GinLogger(log.DefaultLogger))
 	apirouter.Mount(httpServer)

 	srv := &Server{
 		HealthState:  new(apirouter.HealthState),
 		httpServer:   httpServer,
 		httpListener: httpListener,
 	}
 	apirouter.MountApisixHealthz(httpServer, srv.HealthState)

 	if cfg.EnableProfiling {
 		srv.pprofMu = new(http.ServeMux)
 		srv.pprofMu.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
 		srv.pprofMu.HandleFunc("/debug/pprof/profile", pprof.Profile)
 		srv.pprofMu.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
 		srv.pprofMu.HandleFunc("/debug/pprof/trace", pprof.Trace)
 		srv.pprofMu.HandleFunc("/debug/pprof/", pprof.Index)
 		httpServer.GET("/debug/pprof/*profile", gin.WrapF(srv.pprofMu.ServeHTTP))
 	}

 	cert, err := tls.LoadX509KeyPair(cfg.CertFilePath, cfg.KeyFilePath)
 	if err != nil {
 		log.Warnw("failed to load x509 key pair, will not start admission server",
 			zap.String("Error", err.Error()),
 			zap.String("CertFilePath", cfg.CertFilePath),
 			zap.String("KeyFilePath", cfg.KeyFilePath),
 		)
 	} else {
 		admission := gin.New()
 		admission.Use(gin.Recovery(), gin.Logger())
 		apirouter.MountWebhooks(admission, &apisix.ClusterOptions{
 			AdminAPIVersion:  cfg.APISIX.AdminAPIVersion,
 			Name:             cfg.APISIX.DefaultClusterName,
 			AdminKey:         cfg.APISIX.DefaultClusterAdminKey,
 			BaseURL:          cfg.APISIX.DefaultClusterBaseURL,
 			MetricsCollector: metrics.NewPrometheusCollector(),
 		})

 		srv.admissionServer = &http.Server{
 			Addr:    cfg.HTTPSListen,
 			Handler: admission,
 			TLSConfig: &tls.Config{
 				Certificates: []tls.Certificate{cert},
 			},
 		}
 	}

 	return srv, nil
 }

 // Run launches the API Server.
 func (srv *Server) Run(stopCh <-chan struct{}) error {
 	go func() {
 		<-stopCh

 		closed := make(chan struct{}, 2)
 		go srv.closeHttpServer(closed)
 		go srv.closeAdmissionServer(closed)

 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 		defer cancel()
 		cnt := 2
 		for cnt > 0 {
 			select {
 			case <-ctx.Done():
 				log.Errorf("close servers timeout")
 				return
 			case <-closed:
 				cnt--
 				log.Debug("close a server")
 			}
 		}
 	}()

 	go func() {
 		log.Debug("starting http server")
 		if err := srv.httpServer.RunListener(srv.httpListener); err != nil && !types.IsUseOfClosedNetConnErr(err) {
 			log.Errorf("failed to start http server: %s", err)
 		}
 	}()

 	if srv.admissionServer != nil {
 		go func() {
 			log.Debug("starting admission server")
 			if err := srv.admissionServer.ListenAndServeTLS("", ""); err != nil && !types.IsUseOfClosedNetConnErr(err) {
 				log.Errorf("failed to start admission server: %s", err)
 			}
 		}()
 	}

 	return nil
 }

 func (srv *Server) closeHttpServer(closed chan struct{}) {
 	if err := srv.httpListener.Close(); err != nil {
 		log.Errorf("failed to close http listener: %s", err)
 	}
 	closed <- struct{}{}
 }

 func (srv *Server) closeAdmissionServer(closed chan struct{}) {
 	if srv.admissionServer != nil {
 		if err := srv.admissionServer.Shutdown(context.TODO()); err != nil {
 			log.Errorf("failed to shutdown admission server: %s", err)
 		}
 	}
 	closed <- struct{}{}
 }
	// Licensed to the Apache Software Foundation (ASF) under one or more
	// contributor license agreements. See the NOTICE file distributed with
	// this work for additional information regarding copyright ownership.
	// The ASF licenses this file to You under the Apache License, Version 2.0
	// (the "License"); you may not use this file except in compliance with
	// the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package api

	import (
	"context"
	"crypto/tls"
	"net"
	"net/http"
	"net/http/pprof"
	"time"

	"github.com/gin-gonic/gin"
	"go.uber.org/zap"

	apirouter "github.com/apache/apisix-ingress-controller/pkg/api/router"
	"github.com/apache/apisix-ingress-controller/pkg/apisix"
	"github.com/apache/apisix-ingress-controller/pkg/config"
	"github.com/apache/apisix-ingress-controller/pkg/log"
	"github.com/apache/apisix-ingress-controller/pkg/metrics"
	"github.com/apache/apisix-ingress-controller/pkg/types"
	)

	// Server represents the API Server in ingress-apisix-controller.
	type Server struct {
	HealthState *apirouter.HealthState
	httpServer *gin.Engine
	admissionServer *http.Server
	httpListener net.Listener
	pprofMu *http.ServeMux
	}

	// NewServer initializes the API Server.
	func NewServer(cfg config.Config) (Server, error) {
	httpListener, err := net.Listen("tcp", cfg.HTTPListen)
	if err != nil {
	return nil, err
	}
	gin.SetMode(gin.ReleaseMode)
	httpServer := gin.New()
	httpServer.Use(log.GinRecovery(log.DefaultLogger, true), log.GinLogger(log.DefaultLogger))
	apirouter.Mount(httpServer)

	srv := &Server{
	HealthState: new(apirouter.HealthState),
	httpServer: httpServer,
	httpListener: httpListener,
	}
	apirouter.MountApisixHealthz(httpServer, srv.HealthState)

	if cfg.EnableProfiling {
	srv.pprofMu = new(http.ServeMux)
	srv.pprofMu.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
	srv.pprofMu.HandleFunc("/debug/pprof/profile", pprof.Profile)
	srv.pprofMu.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
	srv.pprofMu.HandleFunc("/debug/pprof/trace", pprof.Trace)
	srv.pprofMu.HandleFunc("/debug/pprof/", pprof.Index)
	httpServer.GET("/debug/pprof/*profile", gin.WrapF(srv.pprofMu.ServeHTTP))
	}

	cert, err := tls.LoadX509KeyPair(cfg.CertFilePath, cfg.KeyFilePath)
	if err != nil {
	log.Warnw("failed to load x509 key pair, will not start admission server",
	zap.String("Error", err.Error()),
	zap.String("CertFilePath", cfg.CertFilePath),
	zap.String("KeyFilePath", cfg.KeyFilePath),
	)
	} else {
	admission := gin.New()
	admission.Use(gin.Recovery(), gin.Logger())
	apirouter.MountWebhooks(admission, &apisix.ClusterOptions{
	AdminAPIVersion: cfg.APISIX.AdminAPIVersion,
	Name: cfg.APISIX.DefaultClusterName,
	AdminKey: cfg.APISIX.DefaultClusterAdminKey,
	BaseURL: cfg.APISIX.DefaultClusterBaseURL,
	MetricsCollector: metrics.NewPrometheusCollector(),
	})

	srv.admissionServer = &http.Server{
	Addr: cfg.HTTPSListen,
	Handler: admission,
	TLSConfig: &tls.Config{
	Certificates: []tls.Certificate{cert},
	},
	}
	}

	return srv, nil
	}

	// Run launches the API Server.
	func (srv *Server) Run(stopCh <-chan struct{}) error {
	go func() {
	<-stopCh

	closed := make(chan struct{}, 2)
	go srv.closeHttpServer(closed)
	go srv.closeAdmissionServer(closed)

	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
	defer cancel()
	cnt := 2
	for cnt > 0 {
	select {
	case <-ctx.Done():
	log.Errorf("close servers timeout")
	return
	case <-closed:
	cnt--
	log.Debug("close a server")
	}
	}
	}()

	go func() {
	log.Debug("starting http server")
	if err := srv.httpServer.RunListener(srv.httpListener); err != nil && !types.IsUseOfClosedNetConnErr(err) {
	log.Errorf("failed to start http server: %s", err)
	}
	}()

	if srv.admissionServer != nil {
	go func() {
	log.Debug("starting admission server")
	if err := srv.admissionServer.ListenAndServeTLS("", ""); err != nil && !types.IsUseOfClosedNetConnErr(err) {
	log.Errorf("failed to start admission server: %s", err)
	}
	}()
	}

	return nil
	}

	func (srv *Server) closeHttpServer(closed chan struct{}) {
	if err := srv.httpListener.Close(); err != nil {
	log.Errorf("failed to close http listener: %s", err)
	}
	closed <- struct{}{}
	}

	func (srv *Server) closeAdmissionServer(closed chan struct{}) {
	if srv.admissionServer != nil {
	if err := srv.admissionServer.Shutdown(context.TODO()); err != nil {
	log.Errorf("failed to shutdown admission server: %s", err)
	}
	}
	closed <- struct{}{}
	}