jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-06-24 09:45:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Jwt policy compat (#266)

Browse Source
This commit is contained in:
澄潭
2023-04-03 16:14:42 +08:00
committed by GitHub
parent 7fd3f43c0d
commit 5f32e159e5
10 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.core.mk
View File

@@ -193,7 +193,7 @@ kube-load-image: $(tools/kind) ## Install the EG image to a kind cluster using t
run-ingress-e2e-test: run-ingress-e2e-test:
@echo -e "\n\033[36mRunning higress conformance tests...\033[0m" @echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n" @echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
kubectl wait --timeout=5m -n higress-system deployment/higress-controller --for=condition=Available kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n" @echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
kubectl wait --timeout=5m -n higress-system deployment/higress-gateway --for=condition=Available kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
go test -v -tags conformance ./test/ingress/e2e_test.go --ingress-class=higress --debug=true go test -v -tags conformance ./test/ingress/e2e_test.go --ingress-class=higress --debug=true

2
VERSION
View File

@@ -1 +1 @@
v0.7.0 v0.7.1

4
helm/core/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.7.0 appVersion: 0.7.1
description: Helm chart for deploying higress gateways description: Helm chart for deploying higress gateways
icon: https://higress.io/img/higress_logo_small.png icon: https://higress.io/img/higress_logo_small.png
keywords: keywords:
@@ -9,4 +9,4 @@ name: higress-core
sources: sources:
- http://github.com/alibaba/higress - http://github.com/alibaba/higress
type: application type: application
version: 0.7.0 version: 0.7.1

8
helm/core/templates/_helpers.tpl
View File

@@ -87,3 +87,11 @@ higress: {{ include "controller.name" . }}
{{- .Values.controller.serviceAccount.name | default "default" }} {{- .Values.controller.serviceAccount.name | default "default" }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- define "controller.jwtPolicy" -}}
{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion }}
{{- .Values.global.jwtPolicy | default "third-party-jwt" }}
{{- else }}
{{- print "first-party-jwt" }}
{{- end }}
{{- end }}

1
helm/core/templates/configmap.yaml
View File

@@ -4,6 +4,7 @@
trustDomain: "cluster.local" trustDomain: "cluster.local"
accessLogEncoding: TEXT accessLogEncoding: TEXT
accessLogFile: "/dev/stdout" accessLogFile: "/dev/stdout"
ingressControllerMode: "OFF"
accessLogFormat: '{"authority":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"} accessLogFormat: '{"authority":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
' '

8
helm/core/templates/controller-deployment.yaml
View File

@@ -80,7 +80,7 @@ spec:
- name: REVISION - name: REVISION
value: "{{ .Values.revision | default `default` }}" value: "{{ .Values.revision | default `default` }}"
- name: JWT_POLICY - name: JWT_POLICY
value: {{ .Values.global.jwtPolicy }} value: {{ include "controller.jwtPolicy" . }}
- name: PILOT_CERT_PROVIDER - name: PILOT_CERT_PROVIDER
value: "istiod" value: "istiod"
- name: POD_NAME - name: POD_NAME
@@ -147,7 +147,7 @@ spec:
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /etc/istio/config mountPath: /etc/istio/config
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }} {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token - name: istio-token
mountPath: /var/run/secrets/tokens mountPath: /var/run/secrets/tokens
readOnly: true readOnly: true
@@ -241,7 +241,7 @@ spec:
- emptyDir: - emptyDir:
medium: Memory medium: Memory
name: local-certs name: local-certs
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }} {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token - name: istio-token
projected: projected:
sources: sources:
@@ -249,6 +249,7 @@ spec:
audience: {{ .Values.global.sds.token.aud }} audience: {{ .Values.global.sds.token.aud }}
expirationSeconds: 43200 expirationSeconds: 43200
path: istio-token path: istio-token
{{- end }}
# Optional: user-generated root # Optional: user-generated root
- name: cacerts - name: cacerts
secret: secret:
@@ -264,4 +265,3 @@ spec:
name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

6
helm/core/templates/deployment.yaml
View File

@@ -129,7 +129,7 @@ spec:
- name: ENABLE_INGRESS_GATEWAY_SDS - name: ENABLE_INGRESS_GATEWAY_SDS
value: "false" value: "false"
- name: JWT_POLICY - name: JWT_POLICY
value: {{ .Values.global.jwtPolicy }} value: {{ include "controller.jwtPolicy" . }}
- name: ISTIO_META_HTTP10 - name: ISTIO_META_HTTP10
value: "1" value: "1"
- name: ISTIO_META_CLUSTER_ID - name: ISTIO_META_CLUSTER_ID
@@ -177,7 +177,7 @@ spec:
{{- toYaml .Values.gateway.resources | nindent 12 }} {{- toYaml .Values.gateway.resources | nindent 12 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }} {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token - name: istio-token
mountPath: /var/run/secrets/tokens mountPath: /var/run/secrets/tokens
readOnly: true readOnly: true
@@ -213,7 +213,7 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
volumes: volumes:
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }} {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
- name: istio-token - name: istio-token
projected: projected:
sources: sources:

2
helm/core/values.yaml
View File

@@ -455,7 +455,7 @@ controller:
name: "higress-controller" name: "higress-controller"
replicas: 1 replicas: 1
image: higress image: higress
tag: "0.7.0" tag: "0.7.1"
env: {} env: {}
labels: {} labels: {}

8
helm/higress/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: higress-core - name: higress-core
repository: file://../core repository: file://../core
version: 0.7.0 version: 0.7.1
- name: higress-console - name: higress-console
repository: https://higress.io/helm-charts/ repository: https://higress.io/helm-charts/
version: 0.1.0 version: 0.1.1
digest: sha256:3fd6cfb0fd10178927569d57e0cbff5250870dd677cbf30995c49ced83e38f7c digest: sha256:051fbd7b2916d1d0c26839d0e27653f6e42d20e9294bd9eed9628f24c5a7b228
generated: "2023-03-15T15:09:02.878072+08:00" generated: "2023-04-03T13:42:23.705379+08:00"

8
helm/higress/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.7.0 appVersion: 0.7.1
description: Helm chart for deploying higress gateways description: Helm chart for deploying higress gateways
icon: https://higress.io/img/higress_logo_small.png icon: https://higress.io/img/higress_logo_small.png
keywords: keywords:
@@ -11,9 +11,9 @@ sources:
dependencies: dependencies:
- name: higress-core - name: higress-core
repository: "file://../core" repository: "file://../core"
version: 0.7.0 version: 0.7.1
- name: higress-console - name: higress-console
repository: "https://higress.io/helm-charts/" repository: "https://higress.io/helm-charts/"
version: 0.1.0 version: 0.1.1
type: application type: application
version: 0.7.0 version: 0.7.1