change api and make it robust

docs/cli-arguments.md

@@ -43,7 +43,6 @@
 | `--enable-reverse-sync` | `bool` | Send configuration to Kong even if the configuration checksum has not changed since previous update. | `false` |
 | `--feature-gates` | `list of string=bool` | A set of comma separated key=value pairs that describe feature gates for alpha/beta/experimental features. See the Feature Gates documentation for information and available options: https://github.com/Kong/kubernetes-ingress-controller/blob/main/FEATURE_GATES.md. |  |
 | `--gateway-api-controller-name` | `string` | The controller name to match on Gateway API resources. | `konghq.com/kic-gateway-controller` |
-| `--gateway-discovery-dns-strategy` | `dns-strategy` | DNS strategy to use when creating Gateway's Admin API addresses. One of: ip, service, pod. | `"ip"` |
 | `--gateway-discovery-readiness-check-interval` | `duration` | Interval of readiness checks on gateway admin API clients for discovery. | `10s` |
 | `--gateway-discovery-readiness-check-timeout` | `duration` | Timeout of readiness checks on gateway admin clients. | `5s` |
 | `--gateway-to-reconcile` | `namespaced-name` | Gateway namespaced name in "namespace/name" format. Makes KIC reconcile only the specified Gateway. |  |

internal/adminapi/client.go

@@ -218,11 +218,13 @@ func NewClientFactoryForWorkspace(workspace string, httpClientOpts HTTPClientOpt
 }
 
 func (cf ClientFactory) CreateAdminAPIClient(ctx context.Context, discoveredAdminAPI DiscoveredAdminAPI) (*Client, error) {
-	httpclient, err := MakeHTTPClient(&cf.httpClientOpts, cf.adminToken)
-	if err != nil {
-		return nil, err
+	opts := cf.httpClientOpts
+	opts.ResolveTo = ResolveTo{
+		From: discoveredAdminAPI.Authority,
+		To:   discoveredAdminAPI.ResolveTo,
 	}
-	cl, err := NewKongClientForWorkspace(ctx, discoveredAdminAPI.Address, cf.workspace, httpclient)
+
+	cl, err := NewKongClientForWorkspace(ctx, discoveredAdminAPI.URL, cf.workspace, opts, cf.adminToken)
 	if err != nil {
 		return nil, err
 	}

internal/adminapi/client_test.go

@@ -20,7 +20,7 @@ func TestClientFactory_CreateAdminAPIClientAttachesPodReference(t *testing.T) {
 	t.Cleanup(func() { adminAPIServer.Close() })
 
 	client, err := factory.CreateAdminAPIClient(context.Background(), adminapi.DiscoveredAdminAPI{
-		Address: adminAPIServer.URL,
+		URL: adminAPIServer.URL,
 		PodRef: k8stypes.NamespacedName{
 			Namespace: "namespace",
 			Name:      "name",

internal/adminapi/endpoints.go

@@ -15,9 +15,14 @@ import (
 
 // DiscoveredAdminAPI represents an Admin API discovered from a Kubernetes Service.
 type DiscoveredAdminAPI struct {
-	Address string
-	// Hostname string
-	// XXX: tutaj
+	// https://10-68-0-5.dataplane-admin-kong-rqwr9-sc49t.default.svc:8444
+	URL string
+
+	// 10-68-0-5.dataplane-admin-kong-rqwr9-sc49t.default.svc:8444
+	Authority string
+
+	// 10.68.0.5:8444
+	ResolveTo string
 
 	PodRef k8stypes.NamespacedName
 }
@@ -175,7 +180,9 @@ func adminAPIFromEndpoint(
 	address := fmt.Sprintf("%s.%s.%s.svc", ipAddr, service.Name, service.Namespace)
 
 	return DiscoveredAdminAPI{
-		Address: fmt.Sprintf("https://%s:%d", address, *port.Port),
-		PodRef:  podNN,
+		URL:       fmt.Sprintf("https://%s:%d", address, *port.Port),
+		Authority: fmt.Sprintf("%s:%d", address, *port.Port),
+		ResolveTo: fmt.Sprintf("%s:%d", eAddress, *port.Port),
+		PodRef:    podNN,
 	}, nil
 }

internal/adminapi/kong.go

@@ -45,24 +45,12 @@ func (e KongGatewayUnsupportedVersionError) Error() string {
 
 // NewKongAPIClient returns a Kong API client for a given root API URL.
 // It ensures that proper User-Agent is set. Do not use kong.NewClient directly.
-func NewKongAPIClient(adminURL string, httpClient *http.Client) (*kong.Client, error) {
-	hostPort := strings.TrimPrefix(adminURL, "https://")
-	fmt.Println("> hostPort", hostPort)
-	ip := strings.ReplaceAll(strings.Split(hostPort, ".")[0], "-", ".")
-	fmt.Println("> ip", ip)
-	port := strings.Split(hostPort, ":")[1]
-	fmt.Println("> port", port)
-
-	if hostPort != "" {
-		hrt := httpClient.Transport.(*HeaderRoundTripper)
-		hrt.rt.(*http.Transport).DialContext = func(ctx context.Context, network, _ string) (net.Conn, error) {
-			return (&net.Dialer{
-				Timeout:   30 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).DialContext(ctx, network, ip+":"+port)
-		}
-		httpClient.Transport = hrt
+func NewKongAPIClient(adminURL string, kongAdminAPIConfig HTTPClientOpts, kongAdminToken string) (*kong.Client, error) {
+	httpClient, err := makeHTTPClient(kongAdminAPIConfig, kongAdminToken)
+	if err != nil {
+		return nil, err
 	}
+
 	client, err := kong.NewClient(kong.String(adminURL), httpClient) //nolint:forbidigo
 	if err != nil {
 		return nil, fmt.Errorf("creating Kong client: %w", err)
@@ -76,10 +64,10 @@ func NewKongAPIClient(adminURL string, httpClient *http.Client) (*kong.Client, e
 // or KongGatewayUnsupportedVersionError if it can't check Kong Gateway's version or it is not >= 3.4.1.
 // If the workspace does not already exist, NewKongClientForWorkspace will create it.
 func NewKongClientForWorkspace(
-	ctx context.Context, adminURL string, wsName string, httpClient *http.Client,
+	ctx context.Context, adminURL string, wsName string, kongAdminAPIConfig HTTPClientOpts, kongAdminToken string,
 ) (*Client, error) {
 	// Create the base client, and if no workspace was provided then return that.
-	client, err := NewKongAPIClient(adminURL, httpClient)
+	client, err := NewKongAPIClient(adminURL, kongAdminAPIConfig, kongAdminToken)
 	if err != nil {
 		return nil, fmt.Errorf("creating Kong client: %w", err)
 	}
@@ -149,14 +137,21 @@ type HTTPClientOpts struct {
 	Headers []string
 	// TLSClient is TLS client config.
 	TLSClient TLSClientConfig
+	// ResolveTo
+	ResolveTo ResolveTo
+}
+
+type ResolveTo struct {
+	From string
+	To   string
 }
 
 const (
 	HeaderNameAdminToken = "Kong-Admin-Token"
 )
 
-// MakeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.
-func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error) {
+// makeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.
+func makeHTTPClient(opts HTTPClientOpts, kongAdminToken string) (*http.Client, error) {
 	var tlsConfig tls.Config
 
 	if opts.TLSSkipVerify {
@@ -204,6 +199,21 @@ func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client,
 
 	transport := http.DefaultTransport.(*http.Transport).Clone()
 	transport.TLSClientConfig = &tlsConfig
+	if lo.IsNotEmpty(opts.ResolveTo) {
+		transport.DialContext = func(ctx context.Context, network, passedAddr string) (net.Conn, error) {
+			fmt.Println("> DialContext network", network)
+			// 10-68-0-5.dataplane-admin-kong-rqwr9-sc49t.default.svc:8444
+			fmt.Println("> DialContext passedAddr", passedAddr)
+			if passedAddr == opts.ResolveTo.From {
+				passedAddr = opts.ResolveTo.To
+				fmt.Println("> DialContext change passedAddr to ", passedAddr)
+			}
+			return (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext(ctx, network, passedAddr)
+		}
+	}
 	return &http.Client{
 		Transport: &HeaderRoundTripper{
 			headers: prepareHeaders(opts.Headers, kongAdminToken),