From 457915becbedce9a1db95c27f736e22bde1f88d2 Mon Sep 17 00:00:00 2001 From: "liheng.zms" Date: Wed, 20 Dec 2023 15:48:12 +0800 Subject: [PATCH] modify rollout v0.5.0 changelog Signed-off-by: liheng.zms --- CHANGELOG.md | 11 ++++++++--- Dockerfile_multiarch | 1 + config/rbac/role.yaml | 16 ++++++++-------- config/rbac/role_binding.yaml | 2 +- pkg/controller/rollout/rollout_controller.go | 2 +- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb864855..47923fb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,19 +13,24 @@ Please refer to the [community documentation](https://openkruise.io/rollouts/use But we still recommend that you migrate to v1beta1 gradually, as some of the new features will only be available in v1beta1, e.g., [Extensible Traffic Routing Based on Lua Script](https://openkruise.io/rollouts/developer-manuals/custom-network-provider/). -### Dump To V1beta1 Gateway API +### Bump To V1beta1 Gateway API Support for GatewayAPI from v1alpha2 to v1beta1, you can use v1beta1 gateway API. ### Extensible Traffic Routing Based on Lua Script -Kruise Rollout utilizes a Lua-script-based customization approach for API Gateway resources (Istio VirtualService, Apisix ApisixRoute, Kuma TrafficRoute and etc.). Kruise Rollout involves invoking Lua scripts to retrieve and update the desired configurations of resources based on release strategies and the original configurations of API Gateway resources (including spec, labels, and annotations). It enables users to easily adapt and integrate various types of API Gateway resources without modifying existing code and configurations. +The Gateway API is a standard gateway resource given by the K8S community, but there are still a large number of users in the community who are still using some customized gateway resources, such as VirtualService, Apisix, and so on. +In order to adapt to this behavior and meet the diverse demands of the community for gateway resources, we support a traffic routing scheme based on Lua scripts. + +Kruise Rollout utilizes a Lua-script-based customization approach for API Gateway resources (Istio VirtualService, Apisix ApisixRoute, Kuma TrafficRoute and etc.). +Kruise Rollout involves invoking Lua scripts to retrieve and update the desired configurations of resources based on release strategies and the original configurations of API Gateway resources (including spec, labels, and annotations). +It enables users to easily adapt and integrate various types of API Gateway resources without modifying existing code and configurations. By using Kruise Rollout, users can: - Customize Lua scripts for handling API Gateway resources, allowing for flexible implementation of resource processing and providing support for a wider range of resources. - Utilize a common Rollout configuration template to configure different resources, reducing configuration complexity and facilitating user configuration. ### Traffic Routing with Istio -Based on the lua script approach, we have built-in support for Istio resources VirtualService, +Based on the lua script approach, now we add built-in support for Istio resources VirtualService, you can directly use Kruise Rollout to achieve Istio scenarios Canary, A/B Testing release. ### Others diff --git a/Dockerfile_multiarch b/Dockerfile_multiarch index 08c48490..fd200488 100644 --- a/Dockerfile_multiarch +++ b/Dockerfile_multiarch @@ -42,5 +42,6 @@ RUN set -eux; \ WORKDIR / COPY --from=builder /workspace/manager . COPY lua_configuration /lua_configuration +USER 65534 ENTRYPOINT ["/manager"] diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 6e05b249..d5ed5866 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -162,6 +162,14 @@ rules: - get - patch - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -365,14 +373,6 @@ metadata: name: manager-role namespace: system rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - apiGroups: - "" resources: diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 40a12a0a..1abcb773 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -19,7 +19,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: manager-rolebinding + name: manager-role subjects: - kind: ServiceAccount name: controller-manager diff --git a/pkg/controller/rollout/rollout_controller.go b/pkg/controller/rollout/rollout_controller.go index a4bd5047..a1fe5606 100755 --- a/pkg/controller/rollout/rollout_controller.go +++ b/pkg/controller/rollout/rollout_controller.go @@ -80,7 +80,7 @@ type RolloutReconciler struct { //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/status,verbs=get;update;patch //+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch,namespace=system +//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch // +kubebuilder:rbac:groups=apps.kruise.io,resources=daemonsets,verbs=get;list;watch;update;patch // +kubebuilder:rbac:groups=apps.kruise.io,resources=daemonsets/status,verbs=get;update;patch //+kubebuilder:rbac:groups=networking.istio.io,resources=virtualservices;destinationrules,verbs=get;list;watch;update;patch