Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support raven l7 #134

Merged
merged 1 commit into from
Oct 20, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
uses: golangci/golangci-lint-action@v3
with:
version: v1.51.2
args: --timeout 300s --skip-dirs-use-default -v -E goconst -E gofmt -E ineffassign -E goimports -E revive -E misspell -E vet -E deadcode
args: --timeout 300s --skip-dirs-use-default -v -E goconst -E gofmt -E ineffassign -E goimports -E revive -E misspell -E vet -E unused

shellcheck:
name: Shellcheck
Expand Down
5 changes: 2 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
&& rc-update add ipsec

COPY --from=builder /workspace/raven-agent-ds /usr/local/bin/
COPY pluto raven.sh /usr/local/bin/
COPY pluto /usr/local/bin/

ENTRYPOINT raven.sh
ENTRYPOINT ["/usr/local/bin/raven-agent-ds"]
ENTRYPOINT ["/usr/local/bin/raven-agent-ds"]
13 changes: 13 additions & 0 deletions charts/raven-agent/templates/config.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
apiVersion: v1
data:
enable-l3-tunnel: "false"
enable-l7-proxy: "true"
kind: ConfigMap
metadata:
name: raven-cfg
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
data:
vpn-driver: {{ .Values.vpn.driver }}
forward-node-ip: {{ .Values.vpn.forwardNodeIP | quote }}
metric-bind-addr: {{ .Values.vpn.metricBindAddr }}
tunnel-bind-addr: {{ .Values.vpn.tunnelAddr }}
proxy-external-addr: {{ .Values.proxy.externalAddr }}
proxy-internal-insecure-addr: {{ .Values.proxy.internalInsecureAddr }}
proxy-internal-secure-addr: {{ .Values.proxy.internalSecureAddr }}
kind: ConfigMap
metadata:
name: raven-agent-config
Expand Down
2 changes: 2 additions & 0 deletions charts/raven-agent/templates/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ spec:
env:
{{- toYaml . | nindent 8 }}
{{- end }}
args:
- --v=4
hostNetwork: true
{{- with .Values.nodeSelector }}
nodeSelector:
Expand Down
61 changes: 60 additions & 1 deletion charts/raven-agent/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,26 @@ rules:
- watch
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- services
- nodes
verbs:
- get
- list
- update
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- create
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -31,4 +51,43 @@ roleRef:
subjects:
- kind: ServiceAccount
name: raven-agent-account
namespace: {{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: raven-proxy-user
rules:
- apiGroups:
- ""
resources:
- nodes/stats
- nodes/metrics
- nodes/log
- nodes/spec
- nodes/proxy
verbs:
- create
- get
- list
- watch
- delete
- update
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: raven-proxy-user-binding
subjects:
- kind: User
name: tunnel-proxy-client
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: raven-proxy-user
apiGroup: rbac.authorization.k8s.io
---
34 changes: 32 additions & 2 deletions charts/raven-agent/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ securityContext:
privileged: true

nodeSelector:
kubernetes.io/arch: amd64
kubernetes.io/os: linux

tolerations: [{"operator": "Exists"}]
Expand All @@ -50,6 +49,10 @@ containerEnv:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: VPN_CONNECTION_PSK
valueFrom:
secretKeyRef:
Expand All @@ -70,6 +73,26 @@ containerEnv:
configMapKeyRef:
key: metric-bind-addr
name: raven-agent-config
- name: VPN_BIND_ADDRESS
valueFrom:
configMapKeyRef:
key: tunnel-bind-addr
name: raven-agent-config
- name: PROXY_SERVER_INTERNAL_SECURE_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-internal-secure-addr
name: raven-agent-config
- name: PROXY_SERVER_INTERNAL_INSECURE_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-internal-insecure-addr
name: raven-agent-config
- name: PROXY_SERVER_EXTERNAL_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-external-addr
name: raven-agent-config
vpn:
driver: libreswan
forwardNodeIP: false
Expand All @@ -79,6 +102,13 @@ vpn:
# Pass it to helm with '--set vpn.psk=`openssl rand -hex 64`'
# IMPORTANT: You should NOT use the example psk for a production deployment!
psk: OPENYURT-RAVEN-AGENT-VPN-PSK
metricBindAddr: ":8080"
metricBindAddr: ":10265"
tunnelAddr: ":4500"
proxy:
externalAddr: ":10262"
internalInsecureAddr: ":10264"
internalSecureAddr: ":10263"


rollingUpdate:
maxUnavailable: 5%
30 changes: 25 additions & 5 deletions cmd/agent/app/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,32 @@ import (
// Config is the main context object for raven agent
type Config struct {
NodeName string
Kubeconfig *rest.Config
Manager manager.Manager
VPNDriver string
RouteDriver string
ForwardNodeIP bool
NodeIP string
MetricsBindAddress string
KubeConfig *rest.Config
Manager manager.Manager
Tunnel *TunnelConfig
Proxy *ProxyConfig
}

type TunnelConfig struct {
VPNDriver string
VPNPort string
RouteDriver string
ForwardNodeIP bool
}

type ProxyConfig struct {
ProxyMetricsAddress string
ProxyClientCertDir string

InternalInsecureAddress string
InternalSecureAddress string
ExternalAddress string
ProxyServerCertDNSNames string
ProxyServerCertIPs string
ProxyServerCertDir string
InterceptorServerUDSFile string
}

type completedConfig struct {
Expand Down
Loading