Skip to content

Commit 0a67856

Browse files
peerless1024evelynwei
peerless1024
and
evelynwei
authored
Dev/polaris sidecar adaptation (#210)
* fix: polaris-sidecar config update * feat: update request and limit for dnsagent * chore: makefile support identified container repo * feat: update version to v2.1.0 * feat: support multi arch * feat: support more config for dnsagent * feat: support more config for sidecar * feat: support route config for sidecar --------- Co-authored-by: evelynwei <[email protected]>
1 parent 2db2cff commit 0a67856

File tree

15 files changed

+548
-116
lines changed

15 files changed

+548
-116
lines changed

Makefile

Lines changed: 51 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,68 +1,80 @@
1-
REGISTRY = ""
2-
ORG = polarismesh
1+
IMAGE_TAG ?= v2.1.0
2+
ORG ?= polarismesh
33
REPO = polaris-controller
44
SIDECAR_INIT_REPO = polaris-sidecar-init
55
ENVOY_SIDECAR_INIT_REPO = polaris-envoy-bootstrap-generator
6-
IMAGE_TAG = v1.7.3
76
PLATFORMS = linux/amd64,linux/arm64
87

98
.PHONY: all
10-
all: fmt build-amd64 build-arm64 build-multi-arch-image \
11-
build-sidecar-init build-envoy-sidecar-init push-image
9+
all: push-all-image
10+
11+
.PHONY: push-all-image
12+
push-all-image: push-controller-image push-init-image
13+
14+
.PHONY: gen-all-image
15+
gen-all-image: gen-controller-image gen-init-image
16+
17+
.PHONY: clean
18+
clean:
19+
rm -rf bin
20+
rm -rf polaris-controller-release*
21+
22+
.PHONY: fmt
23+
fmt: ## Run go fmt against code.
24+
go fmt ./...
1225

1326
.PHONY: build-amd64
14-
build-amd64:
27+
build-amd64: clean fmt
1528
@echo "------------------"
1629
@echo "--> Building binary for polaris-controller (linux/amd64)"
1730
@echo "------------------"
1831
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o ./bin/amd64/polaris-controller ./cmd/polaris-controller/main.go
1932

2033
.PHONY: build-arm64
21-
build-arm64:
34+
build-arm64: clean fmt
2235
@echo "------------------"
2336
@echo "--> Building binary for polaris-controller (linux/arm64)"
2437
@echo "------------------"
2538
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o ./bin/arm64/polaris-controller ./cmd/polaris-controller/main.go
2639

27-
.PHONY: build-multi-arch-image
28-
build-multi-arch-image:
40+
.PHONY: bin
41+
bin: build-amd64 build-arm64
2942
@echo "------------------"
30-
@echo "--> Building multi-arch docker image for polaris-controller"
43+
@echo "--> Building binary for polaris-controller"
3144
@echo "------------------"
32-
@docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push ./
33-
34-
.PHONY: build-sidecar-init
35-
build-sidecar-init:
36-
docker build ./sidecar/polaris-sidecar-init -f ./sidecar/polaris-sidecar-init/Dockerfile -t $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG)
3745

38-
.PHONY: build-envoy-sidecar-init
39-
build-envoy-sidecar-init:
40-
docker build ./sidecar/envoy-bootstrap-config-generator -f ./sidecar/envoy-bootstrap-config-generator/Dockerfile -t $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG)
41-
42-
.PHONY: push-image
43-
push-image:
44-
docker push $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG)
45-
docker push $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG)
46-
47-
.PHONY: clean
48-
clean:
49-
rm -rf bin
50-
rm -rf polaris-controller-release*
46+
.PHONY: gen-controller-image
47+
gen-controller-image: bin
48+
@echo "------------------"
49+
@echo "--> Generate multi-arch docker image to registry for polaris-controller"
50+
@echo "------------------"
51+
@docker buildx build ./ --file ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
5152

52-
.PHONY: fmt
53-
fmt: ## Run go fmt against code.
54-
go fmt ./...
53+
.PHONY: push-controller-image
54+
push-controller-image: bin
55+
@echo "------------------"
56+
@echo "--> Building and push multi-arch docker image for polaris-controller"
57+
@echo "------------------"
58+
@docker buildx build ./ --file ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push
5559

56-
.PHONY: generate-multi-arch-image
57-
generate-multi-arch-image: fmt build-amd64 build-arm64
60+
.PHONY: gen-init-image
61+
gen-init-image:
5862
@echo "------------------"
59-
@echo "--> Generate multi-arch docker image to registry for polaris-controller"
63+
@echo "--> Building multi-arch docker image for polaris-sidecar-init"
64+
@echo "------------------"
65+
@docker buildx build ./sidecar/polaris-sidecar-init --file ./sidecar/polaris-sidecar-init/Dockerfile --tag $(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
6066
@echo "------------------"
61-
@docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) ./
67+
@echo "--> Building multi-arch docker image for envoy-bootstrap-config-generator"
68+
@echo "------------------"
69+
@docker buildx build ./sidecar/envoy-bootstrap-config-generator --file ./sidecar/envoy-bootstrap-config-generator/Dockerfile --tag $(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
6270

63-
.PHONY: push-multi-arch-image
64-
push-multi-arch-image: generate-multi-arch-image
71+
.PHONY: push-init-image
72+
push-init-image:
73+
@echo "------------------"
74+
@echo "--> Building and push multi-arch docker image for polaris-sidecar-init"
75+
@echo "------------------"
76+
@docker buildx build ./sidecar/polaris-sidecar-init --file ./sidecar/polaris-sidecar-init/Dockerfile --tag $(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push
6577
@echo "------------------"
66-
@echo "--> Push multi-arch docker image to registry for polaris-controller"
78+
@echo "--> Building and push multi-arch docker image for envoy-bootstrap-config-generator"
6779
@echo "------------------"
68-
@docker image push $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
80+
@docker buildx build ./sidecar/envoy-bootstrap-config-generator --file ./sidecar/envoy-bootstrap-config-generator/Dockerfile --tag $(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push

deploy/kubernetes_v1.21/kubernetes/injector.yaml

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ metadata:
2222
app: sidecar-injector
2323
data:
2424
values: |-
25-
{"clusterResources":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configNamespace":"polaris-system","configValidation":"false","controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"istio","imagePullPolicy":"Always","imagePullSecrets":[],"istioNamespace":"polaris-system","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"mtls":{"enabled":false},"multiCluster":{"enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"policyNamespace":"polaris-system","priorityClassName":"","prometheusNamespace":"polaris-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false,"host":null,"port":null},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"10ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tag":"1.7.0","tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"udsPath":""},"tag":"1.5.8","telemetryNamespace":"polaris-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true,"xdsApiVersion":"v3"},"istio_cni":{"enabled":false},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableAccessLog":false,"enableNamespacesByDefault":false,"image":"sidecar_injector","injectLabel":"istio-injection","neverInjectSelector":[],"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":2,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[]},"version":""}
25+
{"clusterResources":true,"global":{"proxy":{"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}}}
2626
2727
dns-config: |-
2828
policy: enabled
@@ -52,11 +52,11 @@ data:
5252
imagePullPolicy: Always
5353
resources:
5454
limits:
55-
cpu: 200m
56-
memory: 200Mi
55+
cpu: 500m
56+
memory: 500Mi
5757
requests:
58-
cpu: 100m
59-
memory: 50Mi
58+
cpu: 200m
59+
memory: 300Mi
6060
volumeMounts:
6161
- mountPath: /root/polaris
6262
defaultMode: 777
@@ -150,21 +150,21 @@ data:
150150
- name: java-agent-dir
151151
emptyDir: {}
152152
153-
mesh-config: |+
153+
mesh-config: |-
154154
policy: enabled
155155
alwaysInjectSelector:
156156
[]
157-
157+
158158
neverInjectSelector:
159159
[{"matchLabels":{"polarismesh.cn/inject":"disabled"}}]
160-
160+
161161
template: |+
162162
containers:
163163
- name: envoy
164164
image: envoyproxy/envoy:#ENVOY_VERSION#
165165
imagePullPolicy: Always
166166
command: ["/usr/local/bin/envoy"]
167-
args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log", "--log-level", "debug"]
167+
args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"]
168168
resources:
169169
{{- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit`) }}
170170
{{- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) }}
@@ -217,6 +217,12 @@ data:
217217
cpu: 100m
218218
memory: 50Mi
219219
volumeMounts:
220+
- mountPath: /root/polaris
221+
defaultMode: 777
222+
name: polaris-dir
223+
- mountPath: /root/log
224+
defaultMode: 777
225+
name: polaris-log
220226
- mountPath: /tmp/polaris-sidecar
221227
defaultMode: 777
222228
name: polaris-socket

deploy/kubernetes_v1.21/kubernetes/rbac.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ rules:
2626
- events
2727
- configmaps
2828
- endpoints
29+
- secrets
2930
verbs:
3031
- create
3132
- update

deploy/kubernetes_v1.22/kubernetes/injector.yaml

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ metadata:
77
app: sidecar-injector
88
data:
99
values: |-
10-
{"clusterResources":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configNamespace":"polaris-system","configValidation":"false","controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"istio","imagePullPolicy":"Always","imagePullSecrets":[],"istioNamespace":"polaris-system","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"mtls":{"enabled":false},"multiCluster":{"enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"policyNamespace":"polaris-system","priorityClassName":"","prometheusNamespace":"polaris-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false,"host":null,"port":null},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"10ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tag":"1.7.0","tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"udsPath":""},"tag":"1.5.8","telemetryNamespace":"polaris-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true,"xdsApiVersion":"v3"},"istio_cni":{"enabled":false},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableAccessLog":false,"enableNamespacesByDefault":false,"image":"sidecar_injector","injectLabel":"istio-injection","neverInjectSelector":[],"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":2,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[]},"version":""}
10+
{"clusterResources":true,"global":{"proxy":{"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}}}
1111
1212
dns-config: |-
1313
policy: enabled
@@ -37,11 +37,11 @@ data:
3737
imagePullPolicy: Always
3838
resources:
3939
limits:
40-
cpu: 200m
41-
memory: 200Mi
40+
cpu: 500m
41+
memory: 500Mi
4242
requests:
43-
cpu: 100m
44-
memory: 50Mi
43+
cpu: 200m
44+
memory: 300Mi
4545
volumeMounts:
4646
- mountPath: /root/polaris
4747
defaultMode: 777
@@ -135,7 +135,6 @@ data:
135135
- name: java-agent-dir
136136
emptyDir: {}
137137
138-
139138
mesh-config: |-
140139
policy: enabled
141140
alwaysInjectSelector:
@@ -212,6 +211,10 @@ data:
212211
- mountPath: /tmp/polaris-sidecar
213212
defaultMode: 777
214213
name: polaris-socket
214+
{{ if ( openTlsMode .ObjectMeta.Annotations `polarismesh.cn/tls-mode` ) }}
215+
- name: root-ca
216+
mountPath: /etc/polaris-sidecar/certs
217+
{{ end }}
215218
initContainers:
216219
- name: polaris-bootstrap-writer
217220
image: polarismesh/polaris-envoy-bootstrap-generator:#CONTROLLER_VERSION#
@@ -281,6 +284,16 @@ data:
281284
- mountPath: /data/polaris-client-config
282285
name: polaris-client-config
283286
volumes:
287+
- name: sds
288+
emptyDir: {}
289+
{{ if ( openTlsMode .ObjectMeta.Annotations `polarismesh.cn/tls-mode` ) }}
290+
- name: root-ca
291+
secret:
292+
secretName: polaris-sidecar-secret
293+
items:
294+
- key: root-cert
295+
path: rootca.pem
296+
{{ end }}
284297
- name: polaris-client-config
285298
emptyDir: {}
286299
- name: envoy-bootstrap

deploy/kubernetes_v1.22/kubernetes/rbac.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ rules:
2626
- events
2727
- configmaps
2828
- endpoints
29+
- secrets
2930
verbs:
3031
- create
3132
- update

pkg/inject/pkg/kube/inject/apply/mesh/patch.go

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -83,32 +83,41 @@ func (pb *PodPatchBuilder) PatchContainer(req *inject.OperateContainerRequest) (
8383

8484
// handlePolarisSidecarEnvInject 处理polaris-sidecar容器的环境变量
8585
func (pb *PodPatchBuilder) handlePolarisSidecarEnvInject(opt *inject.PatchOptions, pod *corev1.Pod, add *corev1.Container) (bool, error) {
86-
86+
annotations := pod.Annotations
8787
err := pb.ensureRootCertExist(opt.KubeClient, pod)
8888
if err != nil {
8989
return false, err
9090
}
9191
envMap := make(map[string]string)
92+
// 基础通用默认配置
93+
envMap[EnvSidecarNamespace] = pod.GetNamespace()
94+
envMap[EnvPolarisAddress] = common.PolarisServerGrpcAddress
9295
envMap[EnvSidecarPort] = strconv.Itoa(ValueListenPort)
9396
envMap[EnvSidecarRecurseEnable] = strconv.FormatBool(true)
97+
envMap[EnvSidecarLogLevel] = "info"
9498
if opt.SidecarMode == utils.SidecarForDns {
99+
// dns mode
95100
envMap[EnvSidecarDnsEnable] = strconv.FormatBool(true)
96101
envMap[EnvSidecarMeshEnable] = strconv.FormatBool(false)
97-
envMap[EnvSidecarMetricEnable] = strconv.FormatBool(false)
98-
envMap[EnvSidecarMetricListenPort] = strconv.Itoa(ValueMetricListenPort)
102+
envMap[EnvSidecarDnsRouteLabels] = buildLabelsStr(pod.Labels)
103+
99104
} else {
105+
// mesh mode
100106
envMap[EnvSidecarDnsEnable] = strconv.FormatBool(false)
101107
envMap[EnvSidecarMeshEnable] = strconv.FormatBool(true)
102108
envMap[EnvSidecarRLSEnable] = strconv.FormatBool(true)
103109
envMap[EnvSidecarMetricEnable] = strconv.FormatBool(true)
104110
envMap[EnvSidecarMetricListenPort] = strconv.Itoa(ValueMetricListenPort)
111+
if inject.EnableMtls(pod) {
112+
envMap[EnvSidecarMtlsEnable] = strconv.FormatBool(true)
113+
}
105114
}
106-
envMap[EnvSidecarLogLevel] = "info"
107-
envMap[EnvSidecarNamespace] = pod.GetNamespace()
108-
envMap[EnvPolarisAddress] = common.PolarisServerGrpcAddress
109-
envMap[EnvSidecarDnsRouteLabels] = buildLabelsStr(pod.Labels)
110-
if inject.EnableMtls(pod) {
111-
envMap[EnvSidecarMtlsEnable] = strconv.FormatBool(true)
115+
if sidecarConfig, ok := annotations[utils.AnnotationKeySidecarConfig]; ok {
116+
config, err := getSidecarConfig(sidecarConfig)
117+
if err != nil {
118+
return false, err
119+
}
120+
fillEnv(envMap, config, opt.SidecarMode)
112121
}
113122
log.InjectScope().Infof("pod=[%s, %s] inject polaris-sidecar mode %s, env map %v",
114123
pod.Namespace, pod.Name, utils.ParseSidecarModeName(opt.SidecarMode), envMap)

0 commit comments

Comments
 (0)