diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 831c93db..ee112f1f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -47,4 +47,5 @@ jobs: env: DOCKER_TAG: ${{ steps.get_version.outputs.VERSION }} run: | + go mod tidy make all ORG=polarismesh REPO=polaris-controller IMAGE_TAG=${DOCKER_TAG} diff --git a/Makefile b/Makefile index c194031b..428f889b 100644 --- a/Makefile +++ b/Makefile @@ -43,3 +43,9 @@ build-envoy-sidecar-init: push-image: docker push $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) docker push $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) + +.PHONY: clean +clean: + rm -rf bin + rm -rf polaris-controller-release* + diff --git a/build.sh b/build.sh index 27fd5856..f6e9df16 100644 --- a/build.sh +++ b/build.sh @@ -17,12 +17,12 @@ set -e if [ $# -gt 0 ]; then - version="$1" + version="$1" else - current=$(date "+%Y-%m-%d %H:%M:%S") - timeStamp=$(date -d "$current" +%s) - currentTimeStamp=$(((timeStamp * 1000 + 10#$(date "+%N") / 1000000) / 1000)) - version="$currentTimeStamp" + current=$(date "+%Y-%m-%d %H:%M:%S") + timeStamp=$(date -d "$current" +%s) + currentTimeStamp=$(((timeStamp * 1000 + 10#$(date "+%N") / 1000000) / 1000)) + version="$currentTimeStamp" fi workdir=$(dirname $(realpath $0)) @@ -32,6 +32,22 @@ cat "$workdir"/deploy/variables.txt folder_name="polaris-controller-release_${version}.k8s1.21" pkg_name="${folder_name}.zip" +function replaceVar() { + for file in $(ls *.yaml); do + key="#$1#" + echo "process replace file $file, key $key, value $2" + if [ "$(uname)" == "Darwin" ]; then + sed -i "" "s?$key?$2?g" $file + else + sed -i "s?$key?$2?g" $file + fi + done +} + +cd $workdir + +export -f replaceVar + cd $workdir # 清理环境 @@ -40,15 +56,26 @@ rm -f "${pkg_name}" # 打包 mkdir -p ${folder_name} + cp -r deploy/kubernetes_v1.21/* ${folder_name} cp deploy/variables.txt ${folder_name} + +cd ${folder_name}/helm +varFile="../variables.txt" +if [ ! -f "$varFile" ]; then + echo "variables.txt not exists" + exit 1 +fi +cat $varFile | awk -F ':' '{print "replaceVar", $1, $2 | "/bin/bash"}' + +cd $workdir zip -r "${pkg_name}" ${folder_name} #md5sum ${pkg_name} > "${pkg_name}.md5sum" if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then - md5 ${pkg_name} >"${pkg_name}.md5sum" + md5 ${pkg_name} >"${pkg_name}.md5sum" else - md5sum ${pkg_name} >"${pkg_name}.md5sum" + md5sum ${pkg_name} >"${pkg_name}.md5sum" fi folder_name="polaris-controller-release_${version}.k8s1.22" @@ -62,13 +89,23 @@ rm -f "${pkg_name}" # 打包 mkdir -p ${folder_name} + cp -r deploy/kubernetes_v1.22/* ${folder_name} cp deploy/variables.txt ${folder_name} + +cd ${folder_name}/helm +varFile="../variables.txt" +if [ ! -f "$varFile" ]; then + echo "variables.txt not exists" + exit 1 +fi +cat $varFile | awk -F ':' '{print "replaceVar", $1, $2 | "/bin/bash"}' +cd $workdir zip -r "${pkg_name}" ${folder_name} #md5sum ${pkg_name} > "${pkg_name}.md5sum" if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then - md5 ${pkg_name} >"${pkg_name}.md5sum" + md5 ${pkg_name} >"${pkg_name}.md5sum" else - md5sum ${pkg_name} >"${pkg_name}.md5sum" + md5sum ${pkg_name} >"${pkg_name}.md5sum" fi diff --git a/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl b/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl index 2cc4f6b3..d984542c 100644 --- a/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl +++ b/deploy/kubernetes_v1.21/helm/templates/_helpers.tpl @@ -41,6 +41,26 @@ Get specific image for sidecar init container {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}} {{- end -}} +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.envoy_init.image" -}} +{{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}} +{{- end -}} + +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.envoy.image" -}} +{{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}} +{{- end -}} + +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.istio.image" -}} +{{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}} +{{- end -}} {{/* Create a default fully qualified controller name. diff --git a/deploy/kubernetes_v1.21/helm/templates/_params.tpl b/deploy/kubernetes_v1.21/helm/templates/_params.tpl index 182340a5..2edd85b7 100644 --- a/deploy/kubernetes_v1.21/helm/templates/_params.tpl +++ b/deploy/kubernetes_v1.21/helm/templates/_params.tpl @@ -32,34 +32,6 @@ Define the volume mounts for the sidecar container. {{ "{{" }} end {{ "}}" }} {{- end -}} - -{{/* -Define the cmd args for the bootstrap init container. -*/}} -{{- define "configmap-sidecar.bootstrap_args" -}} -- istio-iptables -- -p -- "15001" -- -z -- "15006" -- -u -- "1337" -- -m -- REDIRECT -- -i -- "10.4.4.4/32" -- -b -- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/includeInboundPorts` `*`) {{ "}}" }}" -- -x -- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) {{ "}}" }}" -- -d -- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` ``) {{ "}}" }}" -- -o -- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) {{ "}}" }}" -- --redirect-dns=true -{{- end -}} - - {{/* Define the volume for the bootstrap init container. */}} diff --git a/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml b/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml index 73f92837..4ace83ce 100644 --- a/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml +++ b/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml @@ -98,10 +98,7 @@ data: template: | containers: - name: envoy - securityContext: - runAsUser: 1337 - runAsGroup: 1337 - image: {{ .Values.sidecar.envoy.image.repo }}:{{ .Values.sidecar.envoy.image.tag }} + image: {{ include "polaris-controller.sidecar.envoy.image" . }} imagePullPolicy: Always command: ["/usr/local/bin/envoy"] args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"] @@ -136,7 +133,7 @@ data: {{ include "configmap-sidecar.polaris_volume_mounts" . | nindent 10 }} initContainers: - name: polaris-bootstrap-writer - image: polarismesh/polaris-envoy-bootstrap-generator:v1.3.0-beta.1 + image: {{ include "polaris-controller.sidecar.envoy_init.image" . }} imagePullPolicy: Always env: {{ include "configmap-sidecar.bootstrap_envs" . | nindent 10 }} @@ -145,11 +142,13 @@ data: name: envoy-bootstrap - mountPath: /data/polaris-client-config name: polaris-client-config - - name: istio-init - image: istio/proxyv2:1.18.0-debug - imagePullPolicy: IfNotPresent - args: - {{ include "configmap-sidecar.bootstrap_args" . | nindent 10 }} + - name: polaris-sidecar-init + image: {{ include "polaris-controller.sidecar.init.image" . }} + imagePullPolicy: Always + command: ["./start.sh"] + env: + - name: RUN_MODE + value: MESH resources: limits: cpu: 100m @@ -170,5 +169,17 @@ data: runAsGroup: 0 runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /data/polaris-client-config + name: polaris-client-config volumes: - {{ include "configmap-sidecar.bootstrap_args" . | nindent 8 }} \ No newline at end of file + - name: polaris-client-config + emptyDir: {} + - name: envoy-bootstrap + emptyDir: {} + - name: envoy-logs + emptyDir: {} + - name: polaris-dir + emptyDir: {} + - name: polaris-log + emptyDir: {} \ No newline at end of file diff --git a/deploy/kubernetes_v1.21/helm/values.yaml b/deploy/kubernetes_v1.21/helm/values.yaml index 6b5f4773..275d5a65 100644 --- a/deploy/kubernetes_v1.21/helm/values.yaml +++ b/deploy/kubernetes_v1.21/helm/values.yaml @@ -16,23 +16,27 @@ sidecar: mode: mesh image: repo: polarismesh/polaris-sidecar - tag: v1.4.0 + tag: #SIDECAR_VERSION# pullPolicy: Always init: image: repo: polarismesh/polaris-sidecar-init - tag: v1.4.0 + tag: #CONTROLLER_VERSION# pullPolicy: Always envoy: image: repo: envoyproxy/envoy - tag: v1.21.6 + tag: #ENVOY_VERSION# + envoy_builder: + image: + repo: polarismesh/polaris-envoy-bootstrap-generator + tag: #CONTROLLER_VERSION# ## polaris server config polaris: server: - address: localhost - token: nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I= + address: #POLARIS_HOST# + token: #POLARIS_TOKEN# ## polaris controller config controller: @@ -42,7 +46,7 @@ controller: service: polaris-sidecar-injector image: repo: polarismesh/polaris-controller - tag: v1.4.0-beta.0 + tag: #CONTROLLER_VERSION# pullPolicy: IfNotPresent metrics: port: 80 diff --git a/deploy/kubernetes_v1.21/injector.yaml b/deploy/kubernetes_v1.21/injector.yaml index 33a1d2ff..b8b463be 100644 --- a/deploy/kubernetes_v1.21/injector.yaml +++ b/deploy/kubernetes_v1.21/injector.yaml @@ -118,9 +118,6 @@ data: template: |+ containers: - name: envoy - securityContext: - runAsUser: 1337 - runAsGroup: 1337 image: envoyproxy/envoy:#ENVOY_VERSION# imagePullPolicy: Always command: ["/usr/local/bin/envoy"] @@ -218,30 +215,13 @@ data: name: envoy-bootstrap - mountPath: /data/polaris-client-config name: polaris-client-config - - name: istio-init - image: istio/proxyv2:1.18.0-debug - imagePullPolicy: IfNotPresent - args: - - istio-iptables - - -p - - "15001" - - -z - - "15006" - - -u - - "1337" - - -m - - REDIRECT - - -i - - "10.4.4.4/32" - - -b - - "{{ (annotation .ObjectMeta `polarismesh.cn/includeInboundPorts` `*`) }}" - - -x - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) }}" - - -d - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` `15985,50000`) }}" - - -o - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) }}" - - --redirect-dns=true + - name: polaris-sidecar-init + image: polarismesh/polaris-sidecar-init:#CONTROLLER_VERSION# + imagePullPolicy: Always + command: ["./start.sh"] + env: + - name: RUN_MODE + value: MESH resources: limits: cpu: 100m @@ -262,6 +242,9 @@ data: runAsGroup: 0 runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /data/polaris-client-config + name: polaris-client-config volumes: - name: sds emptyDir: {} diff --git a/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl b/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl index 2cc4f6b3..64df51ff 100644 --- a/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl +++ b/deploy/kubernetes_v1.22/helm/templates/_helpers.tpl @@ -41,6 +41,28 @@ Get specific image for sidecar init container {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}} {{- end -}} +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.envoy.image" -}} +{{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}} +{{- end -}} + + +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.envoy_init.image" -}} +{{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}} +{{- end -}} + +{{/* +Get specific image for sidecar init container +*/}} +{{- define "polaris-controller.sidecar.istio.image" -}} +{{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}} +{{- end -}} + {{/* Create a default fully qualified controller name. diff --git a/deploy/kubernetes_v1.22/helm/templates/_params.tpl b/deploy/kubernetes_v1.22/helm/templates/_params.tpl index ac731edf..aae27c57 100644 --- a/deploy/kubernetes_v1.22/helm/templates/_params.tpl +++ b/deploy/kubernetes_v1.22/helm/templates/_params.tpl @@ -40,7 +40,7 @@ Define the cmd args for the bootstrap init container. - -x - "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) {{ "}}" }}" - -d -- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` ``) {{ "}}" }}" +- "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` `15985,50000,15053`) {{ "}}" }}" - -o - "{{ "{{" }} (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) {{ "}}" }}" - --redirect-dns=true diff --git a/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml b/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml index 2a03a93a..d240172a 100644 --- a/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml +++ b/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml @@ -98,10 +98,7 @@ data: template: | containers: - name: envoy - securityContext: - runAsUser: 1337 - runAsGroup: 1337 - image: {{ .Values.sidecar.envoy.image.repo }}:{{ .Values.sidecar.envoy.image.tag }} + image: {{ include "polaris-controller.sidecar.envoy.image" . }} imagePullPolicy: Always command: ["/usr/local/bin/envoy"] args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"] @@ -139,7 +136,7 @@ data: name: polaris-log initContainers: - name: polaris-bootstrap-writer - image: polarismesh/polaris-envoy-bootstrap-generator:v1.3.0-beta.1 + image: {{ include "polaris-controller.sidecar.envoy_init.image" . }} imagePullPolicy: Always env: {{ include "configmap-sidecar.bootstrap_envs" . | nindent 10 }} @@ -148,11 +145,13 @@ data: name: envoy-bootstrap - mountPath: /data/polaris-client-config name: polaris-client-config - - name: istio-init - image: istio/proxyv2:1.18.0-debug - imagePullPolicy: IfNotPresent - args: - {{ include "configmap-sidecar.bootstrap_args" . | nindent 10 }} + - name: polaris-sidecar-init + image: {{ include "polaris-controller.sidecar.init.image" . }} + imagePullPolicy: Always + command: ["./start.sh"] + env: + - name: RUN_MODE + value: MESH resources: limits: cpu: 100m @@ -173,6 +172,9 @@ data: runAsGroup: 0 runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /data/polaris-client-config + name: polaris-client-config volumes: - name: polaris-client-config emptyDir: {} diff --git a/deploy/kubernetes_v1.22/helm/values.yaml b/deploy/kubernetes_v1.22/helm/values.yaml index 6b5f4773..275d5a65 100644 --- a/deploy/kubernetes_v1.22/helm/values.yaml +++ b/deploy/kubernetes_v1.22/helm/values.yaml @@ -16,23 +16,27 @@ sidecar: mode: mesh image: repo: polarismesh/polaris-sidecar - tag: v1.4.0 + tag: #SIDECAR_VERSION# pullPolicy: Always init: image: repo: polarismesh/polaris-sidecar-init - tag: v1.4.0 + tag: #CONTROLLER_VERSION# pullPolicy: Always envoy: image: repo: envoyproxy/envoy - tag: v1.21.6 + tag: #ENVOY_VERSION# + envoy_builder: + image: + repo: polarismesh/polaris-envoy-bootstrap-generator + tag: #CONTROLLER_VERSION# ## polaris server config polaris: server: - address: localhost - token: nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I= + address: #POLARIS_HOST# + token: #POLARIS_TOKEN# ## polaris controller config controller: @@ -42,7 +46,7 @@ controller: service: polaris-sidecar-injector image: repo: polarismesh/polaris-controller - tag: v1.4.0-beta.0 + tag: #CONTROLLER_VERSION# pullPolicy: IfNotPresent metrics: port: 80 diff --git a/deploy/kubernetes_v1.22/injector.yaml b/deploy/kubernetes_v1.22/injector.yaml index b29b6195..c7553aa1 100644 --- a/deploy/kubernetes_v1.22/injector.yaml +++ b/deploy/kubernetes_v1.22/injector.yaml @@ -69,6 +69,9 @@ data: image: polarismesh/polaris-sidecar-init:#CONTROLLER_VERSION# imagePullPolicy: Always command: ["./start.sh"] + env: + - name: RUN_MODE + value: DNS resources: limits: cpu: 100m @@ -116,9 +119,6 @@ data: containers: - name: envoy image: envoyproxy/envoy:#ENVOY_VERSION# - securityContext: - runAsUser: 1337 - runAsGroup: 1337 imagePullPolicy: Always command: ["/usr/local/bin/envoy"] args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"] @@ -213,30 +213,13 @@ data: name: envoy-bootstrap - mountPath: /data/polaris-client-config name: polaris-client-config - - name: istio-init - image: istio/proxyv2:1.18.0-debug - imagePullPolicy: IfNotPresent - args: - - istio-iptables - - -p - - "15001" - - -z - - "15006" - - -u - - "1337" - - -m - - REDIRECT - - -i - - "10.4.4.4/32" - - -b - - "{{ (annotation .ObjectMeta `polarismesh.cn/includeInboundPorts` `*`) }}" - - -x - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundCIDRs` ``) }}" - - -d - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeInboundPorts` ``) }}" - - -o - - "{{ (annotation .ObjectMeta `polarismesh.cn/excludeOutboundPorts` ``) }}" - - --redirect-dns=true + - name: polaris-sidecar-init + image: polarismesh/polaris-sidecar-init:#CONTROLLER_VERSION# + imagePullPolicy: Always + command: ["./start.sh"] + env: + - name: RUN_MODE + value: MESH resources: limits: cpu: 100m @@ -257,6 +240,9 @@ data: runAsGroup: 0 runAsNonRoot: false runAsUser: 0 + volumeMounts: + - mountPath: /data/polaris-client-config + name: polaris-client-config volumes: - name: polaris-client-config emptyDir: {} diff --git a/deploy/variables.txt b/deploy/variables.txt index 679c4cdf..11eb8b78 100644 --- a/deploy/variables.txt +++ b/deploy/variables.txt @@ -1,5 +1,5 @@ POLARIS_HOST:polaris.polaris-system CONTROLLER_VERSION:##VERSION## -SIDECAR_VERSION:v1.5.0-alpha.0 +SIDECAR_VERSION:v1.5.0 POLARIS_TOKEN:nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I= ENVOY_VERSION:v1.26.2 \ No newline at end of file diff --git a/go.mod b/go.mod index 3c595eea..39bc375d 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/polarismesh/specification v1.3.2-alpha.5 // indirect + github.com/polarismesh/specification v1.4.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/procfs v0.11.0 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect diff --git a/go.sum b/go.sum index 7c0fdb98..06352088 100644 --- a/go.sum +++ b/go.sum @@ -443,11 +443,10 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/polarismesh/polaris-go v1.5.1 h1:EiAOYITCoa8YCigZhWefClEbqVj8MF7mTrLD3dlKIyM= -github.com/polarismesh/polaris-go v1.5.1/go.mod h1:45nx/yegSRFJ5mGITumX5FMLaY7ltrT68HVkTs9pPlk= -github.com/polarismesh/specification v1.3.2-alpha.2/go.mod h1:rDvMMtl5qebPmqiBLNa5Ps0XtwkP31ZLirbH4kXA0YU= -github.com/polarismesh/specification v1.3.2-alpha.5 h1:h4SxpJdjQ5wc4wV+MnMsIgI5T1c7G0tfd2ujGVJ6lnc= -github.com/polarismesh/specification v1.3.2-alpha.5/go.mod h1:rDvMMtl5qebPmqiBLNa5Ps0XtwkP31ZLirbH4kXA0YU= +github.com/polarismesh/polaris-go v1.5.3 h1:RL1m6FThsYCzKYGOLp5HXNCnzeqa5NEsgO0h5kxZXRM= +github.com/polarismesh/polaris-go v1.5.3/go.mod h1:KVMjcp6P2R8MFPKfBPX3kzykyzH0iX8fHCiITcqKda8= +github.com/polarismesh/specification v1.4.0 h1:fm7sUtFZC2g9+lLmRCtjGrUow47CY5JDFoZXwwCQGGY= +github.com/polarismesh/specification v1.4.0/go.mod h1:rDvMMtl5qebPmqiBLNa5Ps0XtwkP31ZLirbH4kXA0YU= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= diff --git a/pkg/util/address/address.go b/pkg/util/address/address.go index 08c2dfa6..013f5e25 100644 --- a/pkg/util/address/address.go +++ b/pkg/util/address/address.go @@ -20,6 +20,7 @@ import ( "fmt" "strings" + "github.com/polarismesh/polaris-go/pkg/model" "go.uber.org/zap" v1 "k8s.io/api/core/v1" corelisters "k8s.io/client-go/listers/core/v1" @@ -27,7 +28,6 @@ import ( "github.com/polarismesh/polaris-controller/common/log" "github.com/polarismesh/polaris-controller/pkg/polarisapi" "github.com/polarismesh/polaris-controller/pkg/util" - "github.com/polarismesh/polaris-go/pkg/model" ) // Address 记录IP端口信息 diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml index 1580ba90..4f5c2f80 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml @@ -45,7 +45,7 @@ dynamic_resources: transport_api_version: V3 grpc_services: - google_grpc: - target_uri: POLARIS_SERVER_HOST:POLARIS_SERVER_PORT + target_uri: POLARIS_SERVER_URL stat_prefix: polarismesh channel_args: args: diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml index 2462830c..20fc86f2 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml @@ -62,7 +62,7 @@ dynamic_resources: transport_api_version: V3 grpc_services: - google_grpc: - target_uri: POLARIS_SERVER_HOST:POLARIS_SERVER_PORT + target_uri: POLARIS_SERVER_URL stat_prefix: polarismesh channel_args: args: diff --git a/sidecar/polaris-sidecar-init/start.sh b/sidecar/polaris-sidecar-init/start.sh index 6dea7fe6..c4d43ce4 100644 --- a/sidecar/polaris-sidecar-init/start.sh +++ b/sidecar/polaris-sidecar-init/start.sh @@ -24,11 +24,16 @@ if [[ "${RUN_MODE}" == "MESH" ]]; then iptables -t nat -N POLARIS_IN_REDIRECT iptables -t nat -N POLARIS_OUTPUT iptables -t nat -N POLARIS_REDIRECT + iptables -t nat -A PREROUTING -p tcp -j POLARIS_INBOUND iptables -t nat -A OUTPUT -p tcp -j POLARIS_OUTPUT iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -m owner --uid-owner 1337 -j RETURN iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -m owner --gid-owner 1337 -j RETURN iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 15053 iptables -t nat -A POLARIS_INBOUND -p tcp -m tcp --dport 15008 -j RETURN + iptables -t nat -A POLARIS_INBOUND -p tcp -m tcp --dport 15985 -j RETURN + iptables -t nat -A POLARIS_INBOUND -p tcp -m tcp --dport 50000 -j RETURN + iptables -t nat -A POLARIS_INBOUND -p tcp -m tcp --dport 15053 -j RETURN + iptables -t nat -A POLARIS_INBOUND -p tcp -j POLARIS_IN_REDIRECT iptables -t nat -A POLARIS_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006 iptables -t nat -A POLARIS_OUTPUT -s 127.0.0.6/32 -o lo -j RETURN iptables -t nat -A POLARIS_OUTPUT ! -d 127.0.0.1/32 -o lo -p tcp -m tcp ! --dport 53 -m owner --uid-owner 1337 -j POLARIS_IN_REDIRECT