patch istio to support multi ns deploy & query prefix match (#280)

2026-03-08 02:30:56 +08:00 · 2023-04-08 17:43:02 +08:00
parent 7ff1d2c414
commit 06b09066a3
3 changed files with 69 additions and 15 deletions
--- a/helm/core/templates/controller-deployment.yaml
+++ b/helm/core/templates/controller-deployment.yaml
@@ -173,12 +173,12 @@ spec:
          - "serve"
          - --gatewaySelectorKey=higress
          - --gatewaySelectorValue={{ .Release.Namespace }}-{{ include "gateway.name" . }}
-          {{- if not .Values.enableStatus }}
-          - --enableStatus={{ .Values.enableStatus }}
+          {{- if not .Values.global.enableStatus }}
+          - --enableStatus={{ .Values.global.enableStatus }}
          {{- end }}
-          - --ingressClass={{ .Values.ingressClass }}
-          {{- if .Values.watchNamespace }}
-          - --watchNamespace={{ .Values.watchNamespace }}
+          - --ingressClass={{ .Values.global.ingressClass }}
+          {{- if .Values.global.watchNamespace }}
+          - --watchNamespace={{ .Values.global.watchNamespace }}
          {{- end }}
          env:
          - name: POD_NAME
--- a/helm/core/values.yaml
+++ b/helm/core/values.yaml
@@ -1,5 +1,15 @@
 revision: ""
 global:
+  # IngressClass filters which ingress resources the higress controller watches.
+  # The default ingress class is higress.
+  # There are some special cases for special ingress class.
+  # 1. When the ingress class is set as nginx, the higress controller will watch ingress
+  # resources with the nginx ingress class or without any ingress class.
+  # 2. When the ingress class is set empty, the higress controller will watch all ingress
+  # resources in the k8s cluster.
+  ingressClass: "higress"
+  watchNamespace: ""
+  enableStatus: true
  # whether to use autoscaling/v2 template for HPA settings
  # for internal usage only, not to be configured by users.
  autoscalingv2API: true
@@ -323,16 +333,6 @@ global:
  caName: ""
 hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress

-# IngressClass filters which ingress resources the higress controller watches.
-# The default ingress class is higress.
-# There are some special cases for special ingress class.
-# 1. When the ingress class is set as nginx, the higress controller will watch ingress
-# resources with the nginx ingress class or without any ingress class.
-# 2. When the ingress class is set empty, the higress controller will watch all ingress
-# resources in the k8s cluster.
-ingressClass: "higress"
-watchNamespace: ""
-enableStatus: true
 clusterName: ""
 # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior
 # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options
--- a/istio/1.12/patches/istio/20230408-ignore-ns.patch
+++ b/istio/1.12/patches/istio/20230408-ignore-ns.patch
@@ -0,0 +1,54 @@
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/route/route.go istio-new/pilot/pkg/networking/core/v1alpha3/route/route.go
+--- istio/pilot/pkg/networking/core/v1alpha3/route/route.go	2023-04-08 16:02:02.000000000 +0800
+++ istio-new/pilot/pkg/networking/core/v1alpha3/route/route.go	2023-04-07 18:19:20.000000000 +0800
+@@ -1049,6 +1049,10 @@
+ 		out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{
+ 			StringMatch: &matcher.StringMatcher{MatchPattern: &matcher.StringMatcher_Exact{Exact: m.Exact}},
+ 		}
+	case *networking.StringMatch_Prefix:
+		out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{
+			StringMatch: &matcher.StringMatcher{MatchPattern: &matcher.StringMatcher_Prefix{Prefix: m.Prefix}},
+		}
+ 	case *networking.StringMatch_Regex:
+ 		out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{
+ 			StringMatch: &matcher.StringMatcher{
+diff -Naur istio/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go istio-new/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go
+--- istio/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go	2023-04-08 16:02:02.000000000 +0800
+++ istio-new/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go	2023-04-08 14:35:57.000000000 +0800
+@@ -16,6 +16,7 @@
+ 
+ import (
+ 	"fmt"
+	"os"
+ 	"time"
+ 
+ 	v1 "k8s.io/api/core/v1"
+@@ -171,9 +172,16 @@
+ 	return k8s.InsertDataToConfigMap(nc.client, nc.configmapLister, meta, nc.caBundleWatcher.GetCABundle())
+ }
+ 
+var podNs = os.Getenv("POD_NAMESPACE")
+
+ // On namespace change, update the config map.
+ // If terminating, this will be skipped
+ func (nc *NamespaceController) namespaceChange(ns *v1.Namespace) {
+	// Added by ingress
+	if ns.Name != podNs {
+		return
+	}
+	// End added by ingress
+ 	if ns.Status.Phase != v1.NamespaceTerminating {
+ 		nc.syncNamespace(ns.Name)
+ 	}
+@@ -186,6 +194,11 @@
+ 		log.Errorf("failed to convert to configmap: %v", err)
+ 		return
+ 	}
+	// Added by ingress
+	if cm.Namespace != podNs {
+		return
+	}
+	// End added by ingress
+ 	// This is a change to a configmap we don't watch, ignore it
+ 	if cm.Name != dynamicCACertNamespaceConfigMap {
+ 		return