refactor:移除istio/proxyv2使用 (#140)

polarismesh · Sep 1, 2023 · a097dac · a097dac
1 parent cc21151
commit a097dac
Show file tree

Hide file tree

Showing 20 changed files with 187 additions and 135 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -47,4 +47,5 @@ jobs:
         env:
           DOCKER_TAG: ${{ steps.get_version.outputs.VERSION }}
         run: |
+          go mod tidy
           make all ORG=polarismesh REPO=polaris-controller IMAGE_TAG=${DOCKER_TAG}
diff --git a/Makefile b/Makefile
@@ -43,3 +43,9 @@ build-envoy-sidecar-init:
 push-image:
 	docker push $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG)
 	docker push $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG)
+
+.PHONY: clean
+clean:
+	rm -rf bin
+	rm -rf polaris-controller-release*
+
diff --git a/build.sh b/build.sh
@@ -17,12 +17,12 @@
 set -e
 
 if [ $# -gt 0 ]; then
-    version="$1"
+  version="$1"
 else
-    current=$(date "+%Y-%m-%d %H:%M:%S")
-    timeStamp=$(date -d "$current" +%s)
-    currentTimeStamp=$(((timeStamp * 1000 + 10#$(date "+%N") / 1000000) / 1000))
-    version="$currentTimeStamp"
+  current=$(date "+%Y-%m-%d %H:%M:%S")
+  timeStamp=$(date -d "$current" +%s)
+  currentTimeStamp=$(((timeStamp * 1000 + 10#$(date "+%N") / 1000000) / 1000))
+  version="$currentTimeStamp"
 fi
 workdir=$(dirname $(realpath $0))
 
@@ -32,6 +32,22 @@ cat "$workdir"/deploy/variables.txt
 folder_name="polaris-controller-release_${version}.k8s1.21"
 pkg_name="${folder_name}.zip"
 
+function replaceVar() {
+  for file in $(ls *.yaml); do
+    key="#$1#"
+    echo "process replace file $file, key $key, value $2"
+    if [ "$(uname)" == "Darwin" ]; then
+      sed -i "" "s?$key?$2?g" $file
+    else
+      sed -i "s?$key?$2?g" $file
+    fi
+  done
+}
+
+cd $workdir
+
+export -f replaceVar
+
 cd $workdir
 
 # 清理环境
@@ -40,15 +56,26 @@ rm -f "${pkg_name}"
 
 # 打包
 mkdir -p ${folder_name}
+
 cp -r deploy/kubernetes_v1.21/* ${folder_name}
 cp deploy/variables.txt ${folder_name}
+
+cd ${folder_name}/helm
+varFile="../variables.txt"
+if [ ! -f "$varFile" ]; then
+  echo "variables.txt not exists"
+  exit 1
+fi
+cat $varFile | awk -F ':' '{print "replaceVar", $1, $2 | "/bin/bash"}'
+
+cd $workdir
 zip -r "${pkg_name}" ${folder_name}
 #md5sum ${pkg_name} > "${pkg_name}.md5sum"
 
 if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then
-    md5 ${pkg_name} >"${pkg_name}.md5sum"
+  md5 ${pkg_name} >"${pkg_name}.md5sum"
 else
-    md5sum ${pkg_name} >"${pkg_name}.md5sum"
+  md5sum ${pkg_name} >"${pkg_name}.md5sum"
 fi
 
 folder_name="polaris-controller-release_${version}.k8s1.22"
@@ -62,13 +89,23 @@ rm -f "${pkg_name}"
 
 # 打包
 mkdir -p ${folder_name}
+
 cp -r deploy/kubernetes_v1.22/* ${folder_name}
 cp deploy/variables.txt ${folder_name}
+
+cd ${folder_name}/helm
+varFile="../variables.txt"
+if [ ! -f "$varFile" ]; then
+  echo "variables.txt not exists"
+  exit 1
+fi
+cat $varFile | awk -F ':' '{print "replaceVar", $1, $2 | "/bin/bash"}'
+cd $workdir
 zip -r "${pkg_name}" ${folder_name}
 #md5sum ${pkg_name} > "${pkg_name}.md5sum"
 
 if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then
-    md5 ${pkg_name} >"${pkg_name}.md5sum"
+  md5 ${pkg_name} >"${pkg_name}.md5sum"
 else
-    md5sum ${pkg_name} >"${pkg_name}.md5sum"
+  md5sum ${pkg_name} >"${pkg_name}.md5sum"
 fi
diff --git a/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl b/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl
@@ -41,6 +41,26 @@ Get specific image for sidecar init container
 {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}}
 {{- end -}}
 
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.envoy_init.image" -}}
+{{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}}
+{{- end -}}
+
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.envoy.image" -}}
+{{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}}
+{{- end -}}
+
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.istio.image" -}}
+{{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}}
+{{- end -}}
 
 {{/*
 Create a default fully qualified controller name.

diff --git a/deploy/kubernetes_v1.21/helm/templates/_params.tpl b/deploy/kubernetes_v1.21/helm/templates/_params.tpl
@@ -32,34 +32,6 @@ Define the volume mounts for the sidecar container.
 {{ "{{" }} end {{ "}}" }}
 {{- end -}}
 
-
-{{/*
-Define the cmd args for the bootstrap init container.
-*/}}
-{{- define "configmap-sidecar.bootstrap_args" -}}
-- istio-iptables
-- -p
-- "15001"
-- -z
-- "15006"
-- -u
-- "1337"
-- -m
-- REDIRECT
-- -i
-- "10.4.4.4/32"
-- -b
-- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/includeInboundPorts` `*`) {{ "}}" }}"
-- -x
-- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) {{ "}}" }}"
-- -d
-- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` ``) {{ "}}" }}"
-- -o
-- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) {{ "}}" }}"
-- --redirect-dns=true
-{{- end -}}
-
-
 {{/*
 Define the volume for the bootstrap init container.
 */}}

diff --git a/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml b/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml
@@ -98,10 +98,7 @@ data:
     template: |
       containers:
       - name: envoy
-        securityContext:
-          runAsUser: 1337
-          runAsGroup: 1337
-        image: {{ .Values.sidecar.envoy.image.repo }}:{{ .Values.sidecar.envoy.image.tag }}
+        image: {{ include "polaris-controller.sidecar.envoy.image" . }}
         imagePullPolicy: Always
         command: ["/usr/local/bin/envoy"]
         args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"]
@@ -136,7 +133,7 @@ data:
         {{ include "configmap-sidecar.polaris_volume_mounts" . | nindent 10 }}
       initContainers:
       - name: polaris-bootstrap-writer
-        image: polarismesh/polaris-envoy-bootstrap-generator:v1.3.0-beta.1
+        image: {{ include "polaris-controller.sidecar.envoy_init.image" . }}
         imagePullPolicy: Always
         env:
         {{ include "configmap-sidecar.bootstrap_envs" . | nindent 10 }}
@@ -145,11 +142,13 @@ data:
             name: envoy-bootstrap
           - mountPath: /data/polaris-client-config
             name: polaris-client-config
-      - name: istio-init
-        image: istio/proxyv2:1.18.0-debug
-        imagePullPolicy: IfNotPresent
-        args:
-        {{ include "configmap-sidecar.bootstrap_args" . | nindent 10 }}
+      - name: polaris-sidecar-init
+        image: {{ include "polaris-controller.sidecar.init.image" . }}
+        imagePullPolicy: Always
+        command: ["./start.sh"]
+        env:
+        - name: RUN_MODE
+          value: MESH
         resources:
           limits:
             cpu: 100m
@@ -170,5 +169,17 @@ data:
           runAsGroup: 0
           runAsNonRoot: false
           runAsUser: 0
+        volumeMounts:
+          - mountPath: /data/polaris-client-config
+            name: polaris-client-config
       volumes:
-        {{ include "configmap-sidecar.bootstrap_args" . | nindent 8 }}
+        - name: polaris-client-config
+          emptyDir: {}
+        - name: envoy-bootstrap
+          emptyDir: {}
+        - name: envoy-logs
+          emptyDir: {}
+        - name: polaris-dir
+          emptyDir: {}
+        - name: polaris-log
+          emptyDir: {}
diff --git a/deploy/kubernetes_v1.21/helm/values.yaml b/deploy/kubernetes_v1.21/helm/values.yaml
@@ -16,23 +16,27 @@ sidecar:
   mode: mesh
   image:
     repo: polarismesh/polaris-sidecar
-    tag: v1.4.0
+    tag: #SIDECAR_VERSION#
     pullPolicy: Always
   init:
     image:
       repo: polarismesh/polaris-sidecar-init
-      tag: v1.4.0
+      tag: #CONTROLLER_VERSION#
       pullPolicy: Always
   envoy:
     image:
       repo: envoyproxy/envoy
-      tag: v1.21.6
+      tag: #ENVOY_VERSION#
+  envoy_builder:
+    image:
+      repo: polarismesh/polaris-envoy-bootstrap-generator
+      tag: #CONTROLLER_VERSION#
 
 ## polaris server config
 polaris:
   server:
-    address: localhost
-    token: nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I=
+    address: #POLARIS_HOST#
+    token: #POLARIS_TOKEN#
 
 ## polaris controller config
 controller:
@@ -42,7 +46,7 @@ controller:
     service: polaris-sidecar-injector
   image:
     repo: polarismesh/polaris-controller
-    tag: v1.4.0-beta.0
+    tag: #CONTROLLER_VERSION#
     pullPolicy: IfNotPresent
   metrics:
     port: 80

diff --git a/deploy/kubernetes_v1.21/injector.yaml b/deploy/kubernetes_v1.21/injector.yaml
@@ -118,9 +118,6 @@ data:
     template: |+
       containers:
       - name: envoy
-        securityContext:
-          runAsUser: 1337
-          runAsGroup: 1337
         image: envoyproxy/envoy:#ENVOY_VERSION#
         imagePullPolicy: Always
         command: ["/usr/local/bin/envoy"]
@@ -218,30 +215,13 @@ data:
             name: envoy-bootstrap
           - mountPath: /data/polaris-client-config
             name: polaris-client-config
-      - name: istio-init
-        image: istio/proxyv2:1.18.0-debug
-        imagePullPolicy: IfNotPresent
-        args:
-          - istio-iptables
-          - -p
-          - "15001"
-          - -z
-          - "15006"
-          - -u
-          - "1337"
-          - -m
-          - REDIRECT
-          - -i
-          - "10.4.4.4/32"
-          - -b
-          - "{{ (annotation .ObjectMeta `polarismesh.cn/includeInboundPorts` `*`) }}"
-          - -x
-          - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) }}"
-          - -d
-          - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` `15985,50000`) }}"
-          - -o
-          - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) }}"
-          - --redirect-dns=true
+      - name: polaris-sidecar-init
+        image: polarismesh/polaris-sidecar-init:#CONTROLLER_VERSION#
+        imagePullPolicy: Always
+        command: ["./start.sh"]
+        env:
+        - name: RUN_MODE
+          value: MESH
         resources:
           limits:
             cpu: 100m
@@ -262,6 +242,9 @@ data:
           runAsGroup: 0
           runAsNonRoot: false
           runAsUser: 0
+        volumeMounts:
+          - mountPath: /data/polaris-client-config
+            name: polaris-client-config
       volumes:
         - name: sds
           emptyDir: {}

diff --git a/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl b/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl
@@ -41,6 +41,28 @@ Get specific image for sidecar init container
 {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}}
 {{- end -}}
 
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.envoy.image" -}}
+{{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}}
+{{- end -}}
+
+
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.envoy_init.image" -}}
+{{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}}
+{{- end -}}
+
+{{/*
+Get specific image for sidecar init container
+*/}}
+{{- define "polaris-controller.sidecar.istio.image" -}}
+{{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}}
+{{- end -}}
+
 
 {{/*
 Create a default fully qualified controller name.

diff --git a/deploy/kubernetes_v1.22/helm/templates/_params.tpl b/deploy/kubernetes_v1.22/helm/templates/_params.tpl
@@ -40,7 +40,7 @@ Define the cmd args for the bootstrap init container.
 - -x
 - "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) {{ "}}" }}"
 - -d
-- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` ``) {{ "}}" }}"
+- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` `15985,50000,15053`) {{ "}}" }}"
 - -o
 - "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) {{ "}}" }}"
 - --redirect-dns=true