From 06b09066a373c79a2eb3219d3e99c0305dbd874a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=BE=84=E6=BD=AD?= Date: Sat, 8 Apr 2023 17:43:02 +0800 Subject: [PATCH] patch istio to support multi ns deploy & query prefix match (#280) --- .../core/templates/controller-deployment.yaml | 10 ++-- helm/core/values.yaml | 20 +++---- .../patches/istio/20230408-ignore-ns.patch | 54 +++++++++++++++++++ 3 files changed, 69 insertions(+), 15 deletions(-) create mode 100644 istio/1.12/patches/istio/20230408-ignore-ns.patch diff --git a/helm/core/templates/controller-deployment.yaml b/helm/core/templates/controller-deployment.yaml index 5f072d746..f2907d963 100644 --- a/helm/core/templates/controller-deployment.yaml +++ b/helm/core/templates/controller-deployment.yaml @@ -173,12 +173,12 @@ spec: - "serve" - --gatewaySelectorKey=higress - --gatewaySelectorValue={{ .Release.Namespace }}-{{ include "gateway.name" . }} - {{- if not .Values.enableStatus }} - - --enableStatus={{ .Values.enableStatus }} + {{- if not .Values.global.enableStatus }} + - --enableStatus={{ .Values.global.enableStatus }} {{- end }} - - --ingressClass={{ .Values.ingressClass }} - {{- if .Values.watchNamespace }} - - --watchNamespace={{ .Values.watchNamespace }} + - --ingressClass={{ .Values.global.ingressClass }} + {{- if .Values.global.watchNamespace }} + - --watchNamespace={{ .Values.global.watchNamespace }} {{- end }} env: - name: POD_NAME diff --git a/helm/core/values.yaml b/helm/core/values.yaml index 5f3094e75..24f344afe 100644 --- a/helm/core/values.yaml +++ b/helm/core/values.yaml @@ -1,5 +1,15 @@ revision: "" global: + # IngressClass filters which ingress resources the higress controller watches. + # The default ingress class is higress. + # There are some special cases for special ingress class. + # 1. When the ingress class is set as nginx, the higress controller will watch ingress + # resources with the nginx ingress class or without any ingress class. + # 2. When the ingress class is set empty, the higress controller will watch all ingress + # resources in the k8s cluster. + ingressClass: "higress" + watchNamespace: "" + enableStatus: true # whether to use autoscaling/v2 template for HPA settings # for internal usage only, not to be configured by users. autoscalingv2API: true @@ -323,16 +333,6 @@ global: caName: "" hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress -# IngressClass filters which ingress resources the higress controller watches. -# The default ingress class is higress. -# There are some special cases for special ingress class. -# 1. When the ingress class is set as nginx, the higress controller will watch ingress -# resources with the nginx ingress class or without any ingress class. -# 2. When the ingress class is set empty, the higress controller will watch all ingress -# resources in the k8s cluster. -ingressClass: "higress" -watchNamespace: "" -enableStatus: true clusterName: "" # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options diff --git a/istio/1.12/patches/istio/20230408-ignore-ns.patch b/istio/1.12/patches/istio/20230408-ignore-ns.patch new file mode 100644 index 000000000..940ad5790 --- /dev/null +++ b/istio/1.12/patches/istio/20230408-ignore-ns.patch @@ -0,0 +1,54 @@ +diff -Naur istio/pilot/pkg/networking/core/v1alpha3/route/route.go istio-new/pilot/pkg/networking/core/v1alpha3/route/route.go +--- istio/pilot/pkg/networking/core/v1alpha3/route/route.go 2023-04-08 16:02:02.000000000 +0800 ++++ istio-new/pilot/pkg/networking/core/v1alpha3/route/route.go 2023-04-07 18:19:20.000000000 +0800 +@@ -1049,6 +1049,10 @@ + out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{ + StringMatch: &matcher.StringMatcher{MatchPattern: &matcher.StringMatcher_Exact{Exact: m.Exact}}, + } ++ case *networking.StringMatch_Prefix: ++ out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{ ++ StringMatch: &matcher.StringMatcher{MatchPattern: &matcher.StringMatcher_Prefix{Prefix: m.Prefix}}, ++ } + case *networking.StringMatch_Regex: + out.QueryParameterMatchSpecifier = &route.QueryParameterMatcher_StringMatch{ + StringMatch: &matcher.StringMatcher{ +diff -Naur istio/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go istio-new/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go +--- istio/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go 2023-04-08 16:02:02.000000000 +0800 ++++ istio-new/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go 2023-04-08 14:35:57.000000000 +0800 +@@ -16,6 +16,7 @@ + + import ( + "fmt" ++ "os" + "time" + + v1 "k8s.io/api/core/v1" +@@ -171,9 +172,16 @@ + return k8s.InsertDataToConfigMap(nc.client, nc.configmapLister, meta, nc.caBundleWatcher.GetCABundle()) + } + ++var podNs = os.Getenv("POD_NAMESPACE") ++ + // On namespace change, update the config map. + // If terminating, this will be skipped + func (nc *NamespaceController) namespaceChange(ns *v1.Namespace) { ++ // Added by ingress ++ if ns.Name != podNs { ++ return ++ } ++ // End added by ingress + if ns.Status.Phase != v1.NamespaceTerminating { + nc.syncNamespace(ns.Name) + } +@@ -186,6 +194,11 @@ + log.Errorf("failed to convert to configmap: %v", err) + return + } ++ // Added by ingress ++ if cm.Namespace != podNs { ++ return ++ } ++ // End added by ingress + // This is a change to a configmap we don't watch, ignore it + if cm.Name != dynamicCACertNamespaceConfigMap { + return