From 7221f52530f9483fb672ec360a82d5d3b4d888f4 Mon Sep 17 00:00:00 2001 From: chuntaojun Date: Fri, 25 Aug 2023 11:05:37 +0800 Subject: [PATCH 1/3] dep:upgrade polaris-go versoin --- go.mod | 12 ++++++------ go.sum | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 0cdbb85..b7a30a5 100644 --- a/go.mod +++ b/go.mod @@ -9,8 +9,8 @@ require ( github.com/intel-go/cpuid v0.0.0-20220614022739-219e067757cb github.com/miekg/dns v1.1.55 github.com/natefinch/lumberjack v2.0.0+incompatible - github.com/polarismesh/polaris-go v1.5.2 - github.com/polarismesh/specification v1.3.2 + github.com/polarismesh/polaris-go v1.5.3 + github.com/polarismesh/specification v1.4.0 github.com/spf13/cobra v1.7.0 github.com/stretchr/testify v1.8.4 go.uber.org/zap v1.25.0 @@ -27,7 +27,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/dlclark/regexp2 v1.10.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.3.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect @@ -47,8 +47,8 @@ require ( golang.org/x/sys v0.11.0 // indirect golang.org/x/text v0.12.0 // indirect golang.org/x/tools v0.10.0 // indirect - google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect + google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index e8cb13a..50bf7d2 100644 --- a/go.sum +++ b/go.sum @@ -319,8 +319,9 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -392,10 +393,10 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/polarismesh/polaris-go v1.5.2 h1:r9gSQrkq49nBTbKESrW/cMPlUe64/2Z91h/8Nki8IBs= -github.com/polarismesh/polaris-go v1.5.2/go.mod h1:tF8ed2GS6tYh3cJYcHFq8FKWMZTveGfKwhX1/YriZVY= -github.com/polarismesh/specification v1.3.2 h1:NG8guSTi7brxEMTG39VVmRSZeS7XvacKnrpoOAVvOtU= -github.com/polarismesh/specification v1.3.2/go.mod h1:rDvMMtl5qebPmqiBLNa5Ps0XtwkP31ZLirbH4kXA0YU= +github.com/polarismesh/polaris-go v1.5.3 h1:RL1m6FThsYCzKYGOLp5HXNCnzeqa5NEsgO0h5kxZXRM= +github.com/polarismesh/polaris-go v1.5.3/go.mod h1:KVMjcp6P2R8MFPKfBPX3kzykyzH0iX8fHCiITcqKda8= +github.com/polarismesh/specification v1.4.0 h1:fm7sUtFZC2g9+lLmRCtjGrUow47CY5JDFoZXwwCQGGY= +github.com/polarismesh/specification v1.4.0/go.mod h1:rDvMMtl5qebPmqiBLNa5Ps0XtwkP31ZLirbH4kXA0YU= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= @@ -916,12 +917,12 @@ google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e h1:z3vDksarJxsAKM5dmEGv0GHwE2hKJ096wZra71Vs4sw= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 7fd0cb5ded722634e0d8885a3e489770bdfec1a9 Mon Sep 17 00:00:00 2001 From: chuntaojun Date: Fri, 1 Sep 2023 14:45:42 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix:=E4=BF=AE=E5=A4=8Ddns=E7=AB=AF=E5=8F=A3?= =?UTF-8?q?=E7=9B=91=E5=90=AC=E4=B8=8D=E5=AF=B9=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 64 ++++++++++++++++++++++++++++++++++++ bootstrap/agent.go | 22 ++++++------- bootstrap/config/config.go | 1 + build.sh | 4 +-- resolver/meshproxy/dns.go | 2 +- resolver/meshproxy/plugin.go | 4 +-- resolver/server.go | 7 ++-- 7 files changed, 85 insertions(+), 19 deletions(-) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..52f9cde --- /dev/null +++ b/Makefile @@ -0,0 +1,64 @@ +# Tencent is pleased to support the open source community by making Polaris available. +# +# Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. +# +# Licensed under the BSD 3-Clause License (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://opensource.org/licenses/BSD-3-Clause +# +# Unless required by applicable law or agreed to in writing, software distributed +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. + +# VERSION defines the project version for the build. +# Update this value when you upgrade the version file of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the build target (e.g make build VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= $(shell cat version 2>/dev/null) + +# IMAGE_TAG defines the image tag for the docker build. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the IMAGE_TAG as arg of the build-docker target (e.g make build-docker IMAGE_TAG=v0.0.2) +# - use environment variables to overwrite this value (e.g export IMAGE_TAG=v0.0.2) +IMAGE_TAG ?= $(VERSION) + +ARCH ?= "amd64" + +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + + +##@ Build + +.PHONY: build +build: ## Build binary and tarball. + bash ./build.sh $(VERSION) $(ARCH) + +.PHONY: build-docker +build-docker: ## Build polaris-server docker images. + bash ./build_docker.sh $(IMAGE_TAG) + +.PHONY: clean +clean: ## Clean polaris-server make data. + @rm -rf polaris-sidecar-release_* + @rm -rf polaris-sideacr-arm64 + @rm -rf polaris-sidecar-amd64 diff --git a/bootstrap/agent.go b/bootstrap/agent.go index c2a8873..64c9a37 100644 --- a/bootstrap/agent.go +++ b/bootstrap/agent.go @@ -92,17 +92,17 @@ func newAgent(configFile string, bootConfig *config.BootConfig) (*Agent, error) log.Errorf("[agent] fail to parse sidecar config, err: %v", err) return nil, err } - log.Infof("[agent] finished to parse sidecar config, current active config is %s", *polarisAgent.config) // 初始化日志打印 if err := log.Configure(polarisAgent.config.Logger); err != nil { return nil, err } log.Infof("[agent] success to init log config") + log.Infof("[agent] finished to parse sidecar config, current active config is \n%s", *polarisAgent.config) client.InitSDKContext(&client.Config{ Addresses: polarisAgent.config.PolarisConfig.Adddresses, Metrics: &client.Metrics{ - Port: polarisAgent.config.Port, + Port: polarisAgent.config.Metrics.Port, Type: polarisAgent.config.Metrics.Type, IP: polarisAgent.config.Bind, Interval: polarisAgent.config.Metrics.Interval, @@ -116,22 +116,22 @@ func newAgent(configFile string, bootConfig *config.BootConfig) (*Agent, error) Handler: mux, } - if err := polarisAgent.buildDns(configFile, bootConfig); err != nil { + if err := polarisAgent.buildDns(configFile); err != nil { return nil, err } - if err := polarisAgent.buildSecurity(configFile, bootConfig); err != nil { + if err := polarisAgent.buildSecurity(configFile); err != nil { return nil, err } - if err := polarisAgent.buildEnvoyMetrics(configFile, bootConfig); err != nil { + if err := polarisAgent.buildEnvoyMetrics(configFile); err != nil { return nil, err } - if err := polarisAgent.buildEnvoyRls(configFile, bootConfig); err != nil { + if err := polarisAgent.buildEnvoyRls(configFile); err != nil { return nil, err } return polarisAgent, nil } -func (p *Agent) buildSecurity(configFile string, bootConfig *config.BootConfig) error { +func (p *Agent) buildSecurity(configFile string) error { if p.config.MTLS != nil && p.config.MTLS.Enable { log.Info("create mtls agent") agent, err := mtlsAgent.New(mtlsAgent.Option{ @@ -145,7 +145,7 @@ func (p *Agent) buildSecurity(configFile string, bootConfig *config.BootConfig) return nil } -func (p *Agent) buildEnvoyMetrics(configFile string, bootConfig *config.BootConfig) error { +func (p *Agent) buildEnvoyMetrics(configFile string) error { if p.config.Metrics.Enable { log.Infof("create metric server") p.metricServer = metrics.NewServer(p.config.Namespace, p.config.Metrics.Port) @@ -153,7 +153,7 @@ func (p *Agent) buildEnvoyMetrics(configFile string, bootConfig *config.BootConf return nil } -func (p *Agent) buildEnvoyRls(configFile string, bootConfig *config.BootConfig) error { +func (p *Agent) buildEnvoyRls(configFile string) error { if p.config.RateLimit == nil || !p.config.RateLimit.Enable { return nil } @@ -173,11 +173,11 @@ func (p *Agent) buildEnvoyRls(configFile string, bootConfig *config.BootConfig) return nil } -func (p *Agent) buildDns(configFile string, bootConfig *config.BootConfig) error { +func (p *Agent) buildDns(configFile string) error { svr, err := resolver.NewServers(&resolver.ResolverConfig{ BindLocalhost: p.config.BindLocalhost(), BindIP: p.config.Bind, - BindPort: uint32(bootConfig.Port), + BindPort: uint32(p.config.Port), Recurse: p.config.Recurse, Resolvers: p.config.Resolvers, }) diff --git a/bootstrap/config/config.go b/bootstrap/config/config.go index 249a702..a110d37 100644 --- a/bootstrap/config/config.go +++ b/bootstrap/config/config.go @@ -140,6 +140,7 @@ func defaultSidecarConfig() *SidecarConfig { Name: resolver.PluginNameMeshProxy, DnsTtl: 120, Enable: false, + Suffix: defaultSvcSuffix, Option: map[string]interface{}{ "reload_interval_sec": 30, "dns_answer_ip": "10.4.4.4", diff --git a/build.sh b/build.sh index 3dc4de2..341d4a7 100644 --- a/build.sh +++ b/build.sh @@ -23,7 +23,7 @@ pkg_name="${folder_name}.zip" if [ "${GOOS}" == "windows" ]; then bin_name="polaris-sidecar.exe" fi -echo "GOOS is ${GOOS}, binary name is ${bin_name}" +echo "GOOS is ${GOOS}, GOARCH is ${GOARCH}, binary name is ${bin_name}" cd $workdir @@ -39,7 +39,7 @@ export CGO_ENABLED=0 build_date=$(date "+%Y%m%d.%H%M%S") package="github.com/polarismesh/polaris-sidecar/version" -go build -o ${bin_name} -ldflags="-X ${package}.Version=${version} -X ${package}.BuildDate=${build_date}" +GOARCH=${GOARCH} GOOS=${GOOS} go build -o ${bin_name} -ldflags="-X ${package}.Version=${version} -X ${package}.BuildDate=${build_date}" # 设置程序为可执行 chmod +x ${bin_name} diff --git a/resolver/meshproxy/dns.go b/resolver/meshproxy/dns.go index bb56648..8572698 100644 --- a/resolver/meshproxy/dns.go +++ b/resolver/meshproxy/dns.go @@ -49,7 +49,7 @@ func (h *LocalDNSServer) UpdateLookupTable(polarisServices map[string]struct{}, lookupTable.buildDNSAnswers(altHosts, []net.IP{net.ParseIP(dnsResponseIp)}, nil) } h.lookupTable.Store(lookupTable) - log.Debugf("[mesh] updated lookup table with %d hosts, allHosts are %v", + log.Infof("[mesh] updated lookup table with %d hosts, allHosts are %v", len(lookupTable.allHosts), lookupTable.allHosts) } diff --git a/resolver/meshproxy/plugin.go b/resolver/meshproxy/plugin.go index ad18fc1..b02e954 100644 --- a/resolver/meshproxy/plugin.go +++ b/resolver/meshproxy/plugin.go @@ -90,7 +90,7 @@ func (r *resolverMesh) Destroy() { func (r *resolverMesh) ServeDNS(ctx context.Context, question dns.Question, qname string) *dns.Msg { _, matched := resolver.MatchSuffix(qname, r.suffix) if !matched { - log.Debugf("[Mesh] suffix not matched for name %s, suffix %s", qname, r.suffix) + log.Infof("[Mesh] suffix not matched for name %s, suffix %s", qname, r.suffix) return nil } ret := r.localDNSServer.ServeDNS(ctx, &question, qname) @@ -104,7 +104,7 @@ func (r *resolverMesh) ServeDNS(ctx context.Context, question dns.Question, qnam qname = qname + "." + r.config.Namespace + "." ret = r.localDNSServer.ServeDNS(ctx, &question, qname) if ret == nil { - log.Debugf("[Mesh] host not found for name %s", qname) + log.Infof("[Mesh] host not found for name %s", qname) } return ret } diff --git a/resolver/server.go b/resolver/server.go index 713742f..410d115 100644 --- a/resolver/server.go +++ b/resolver/server.go @@ -103,7 +103,7 @@ func NewServers(conf *ResolverConfig) (*Server, error) { recurseAddresses = append(recurseAddresses, fmt.Sprintf("%s:53", nameserver)) } udpServer := &dns.Server{ - Addr: conf.BindIP + ":" + strconv.Itoa(int(conf.BindPort)), Net: "udp", + Addr: conf.BindIP + ":" + strconv.FormatUint(uint64(conf.BindPort), 10), Net: "udp", Handler: buildDNSServer( "udp", resolvers, @@ -114,7 +114,7 @@ func NewServers(conf *ResolverConfig) (*Server, error) { ), } tcpServer := &dns.Server{ - Addr: conf.BindIP + ":" + strconv.Itoa(int(conf.BindPort)), Net: "tcp", + Addr: conf.BindIP + ":" + strconv.FormatUint(uint64(conf.BindPort), 10), Net: "tcp", Handler: buildDNSServer( "tcp", resolvers, @@ -126,7 +126,7 @@ func NewServers(conf *ResolverConfig) (*Server, error) { } return &Server{ - dnsSvrs: []*dns.Server{tcpServer, udpServer}, + dnsSvrs: []*dns.Server{udpServer, tcpServer}, resolvers: resolvers, }, nil } @@ -144,6 +144,7 @@ func (svr *Server) Run(ctx context.Context) <-chan error { errChan := make(chan error) for i := range svr.dnsSvrs { go func(dnsSvr *dns.Server) { + log.Infof("[agent] success to start dns server %s %s", dnsSvr.Addr, dnsSvr.Net) errChan <- dnsSvr.ListenAndServe() }(svr.dnsSvrs[i]) } From 5189f83aca1fac6ba6f840ebd4187f61fd654066 Mon Sep 17 00:00:00 2001 From: chuntaojun Date: Sat, 6 Jan 2024 23:24:43 +0800 Subject: [PATCH 3/3] fix:unix socket listen --- bootstrap/config/config.go | 2 +- envoy/rls/config.go | 12 +++++++++--- envoy/rls/server.go | 10 +++++++++- polaris-sidecar.yaml | 1 + security/mtls/agent/agent.go | 8 ++++++++ security/mtls/agent/option.go | 2 +- 6 files changed, 29 insertions(+), 6 deletions(-) diff --git a/bootstrap/config/config.go b/bootstrap/config/config.go index a110d37..9622eb6 100644 --- a/bootstrap/config/config.go +++ b/bootstrap/config/config.go @@ -231,7 +231,7 @@ func (s *SidecarConfig) mergeEnv() { s.PolarisConfig.Adddresses = getEnvStringsValue(EnvPolarisAddress, s.PolarisConfig.Adddresses) s.MTLS.Enable = getEnvBoolValue(EnvSidecarMtlsEnable, s.MTLS.Enable) s.MTLS.CAServer = getEnvStringValue(EnvSidecarMtlsCAServer, s.MTLS.CAServer) - s.RateLimit.Enable = getEnvBoolValue(EnvSidecarRLSEnable, s.MTLS.Enable) + s.RateLimit.Enable = getEnvBoolValue(EnvSidecarRLSEnable, s.RateLimit.Enable) s.Recurse.Enable = getEnvBoolValue(EnvSidecarRecurseEnable, s.Recurse.Enable) s.Recurse.TimeoutSec = getEnvIntValue(EnvSidecarRecurseTimeout, s.Recurse.TimeoutSec) s.Logger.RotateOutputPath = getEnvStringValue(EnvSidecarLogRotateOutputPath, s.Logger.RotateOutputPath) diff --git a/envoy/rls/config.go b/envoy/rls/config.go index f887473..d0021b8 100644 --- a/envoy/rls/config.go +++ b/envoy/rls/config.go @@ -19,13 +19,19 @@ package rls type Config struct { Enable bool `yaml:"enable"` - Network string `yaml:"-"` - Address string `yaml"-"` + Network string `yaml:"network"` + Address string `yaml:"address"` BindPort uint32 `yaml:"port"` TLSInfo *TLSInfo `yaml:"tls_info"` } -const DefaultRLSAddress = "/var/run/polaris/ratelimit/rls.sock" +func (c *Config) init() { + if c.Network == "unix" && c.Address == "" { + c.Address = DefaultRLSAddress + } +} + +const DefaultRLSAddress = "/tmp/polaris-sidecar/ratelimit/rls.sock" // TLSInfo tls 配置信息 type TLSInfo struct { diff --git a/envoy/rls/server.go b/envoy/rls/server.go index 74403c7..5a693ec 100644 --- a/envoy/rls/server.go +++ b/envoy/rls/server.go @@ -20,6 +20,8 @@ package rls import ( "context" "net" + "os" + "path/filepath" "strings" v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3" @@ -34,6 +36,7 @@ import ( ) func New(namespace string, conf *Config) (*RateLimitServer, error) { + conf.init() return &RateLimitServer{ namespace: namespace, conf: conf, @@ -49,6 +52,11 @@ type RateLimitServer struct { } func (svr *RateLimitServer) Run(ctx context.Context) error { + if svr.conf.Network == "unix" { + if err := os.MkdirAll(filepath.Dir(svr.conf.Address), os.ModePerm); err != nil { + return err + } + } ln, err := net.Listen(svr.conf.Network, svr.conf.Address) if err != nil { return err @@ -150,6 +158,6 @@ func (svr *RateLimitServer) buildQuotaRequest(domain string, acquireQuota uint32 req.SetNamespace(svr.namespace) req.SetService(domain) req.SetToken(acquireQuota) - + log.Info("[envoy-rls] build polaris quota request", zap.Any("param", req)) return req, nil } diff --git a/polaris-sidecar.yaml b/polaris-sidecar.yaml index 43928fd..18c8a2b 100644 --- a/polaris-sidecar.yaml +++ b/polaris-sidecar.yaml @@ -39,6 +39,7 @@ metrics: type: pull metricPort: 0 ratelimit: + enable: true network: unix resolvers: - name: dnsagent diff --git a/security/mtls/agent/agent.go b/security/mtls/agent/agent.go index 3c827e1..542641a 100644 --- a/security/mtls/agent/agent.go +++ b/security/mtls/agent/agent.go @@ -3,6 +3,8 @@ package agent import ( "context" "net" + "os" + "path/filepath" "google.golang.org/grpc" @@ -35,6 +37,12 @@ func New(opt Option) (*Agent, error) { a.rotator = rotator.New(opt.RotatePeriod, opt.FailedRetryDelay) a.sds = sds.New(opt.CryptombPollDelay) + if opt.Network == "unix" { + if err := os.MkdirAll(filepath.Dir(opt.Address), os.ModePerm); err != nil { + return nil, err + } + } + cli, err := caclient.NewWithRootCA(opt.CAServer, caclient.ServiceAccountToken(), defaultCAPath) if err != nil { return nil, err diff --git a/security/mtls/agent/option.go b/security/mtls/agent/option.go index d12885c..47eeb02 100644 --- a/security/mtls/agent/option.go +++ b/security/mtls/agent/option.go @@ -69,7 +69,7 @@ func EnvDefaultInt(name string, val int, def int) int { return def } -const DefaultSDSAddress = "/var/run/polaris/mtls/sds.sock" +const DefaultSDSAddress = "/tmp/polaris-sidecar/mtls/sds.sock" // init options with enviroment variables func (opt *Option) init() error {