jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-06-09 20:57:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

upgrade to istio 1.19 (#1211)

Browse Source 
Co-authored-by: CH3CHO <ch3cho@qq.com>
Co-authored-by: rinfx <893383980@qq.com>
This commit is contained in:
澄潭
2024-08-26 09:51:47 +08:00
committed by GitHub
parent a2c2d1d521
commit f7a419770d
401 changed files with 21171 additions and 7255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/ingress/kube/annotations/annotations.go
View File

@@ -18,24 +18,25 @@ import (
"strings"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/util/sets"
"istio.io/istio/pkg/cluster"
"istio.io/istio/pkg/util/sets"
listersv1 "k8s.io/client-go/listers/core/v1"
)
type GlobalContext struct {
// secret key is cluster/namespace/name
WatchedSecrets sets.Set
WatchedSecrets sets.Set[string]
ClusterSecretLister map[string]listersv1.SecretLister
ClusterSecretLister map[cluster.ID]listersv1.SecretLister
ClusterServiceList map[string]listersv1.ServiceLister
ClusterServiceList map[cluster.ID]listersv1.ServiceLister
}
type Meta struct {
Namespace string
Name string
RawClusterId string
ClusterId string
ClusterId cluster.ID
}
// Ingress defines the valid annotations present in one NGINX Ingress.

15
pkg/ingress/kube/annotations/auth_test.go
View File

@@ -20,10 +20,11 @@ import (
"testing"
"time"
"istio.io/istio/pilot/pkg/model"
"istio.io/istio/pilot/pkg/util/sets"
"istio.io/istio/pkg/cluster"
"istio.io/istio/pkg/util/sets"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes/fake"
listerv1 "k8s.io/client-go/listers/core/v1"
@@ -83,7 +84,7 @@ func TestAuthParse(t *testing.T) {
expect: &AuthConfig{
AuthType: defaultAuthType,
AuthSecret: util.ClusterNamespacedName{
NamespacedName: model.NamespacedName{
NamespacedName: types.NamespacedName{
Namespace: "foo",
Name: "bar",
},
@@ -112,7 +113,7 @@ func TestAuthParse(t *testing.T) {
expect: &AuthConfig{
AuthType: defaultAuthType,
AuthSecret: util.ClusterNamespacedName{
NamespacedName: model.NamespacedName{
NamespacedName: types.NamespacedName{
Namespace: "foo",
Name: "bar",
},
@@ -140,7 +141,7 @@ func TestAuthParse(t *testing.T) {
expect: &AuthConfig{
AuthType: defaultAuthType,
AuthSecret: util.ClusterNamespacedName{
NamespacedName: model.NamespacedName{
NamespacedName: types.NamespacedName{
Namespace: "default",
Name: "bar",
},
@@ -188,8 +189,8 @@ func initGlobalContext(secret *v1.Secret) (*GlobalContext, context.CancelFunc) {
cache.WaitForCacheSync(ctx.Done(), secretInformer.Informer().HasSynced)
return &GlobalContext{
WatchedSecrets: sets.NewSet(),
ClusterSecretLister: map[string]listerv1.SecretLister{
WatchedSecrets: sets.New[string](),
ClusterSecretLister: map[cluster.ID]listerv1.SecretLister{
"cluster": secretInformer.Lister(),
},
}, cancel

263
pkg/ingress/kube/annotations/canary_test.go
View File

@@ -15,11 +15,11 @@
package annotations
import (
"reflect"
"fmt"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
networking "istio.io/api/networking/v1alpha3"
)
@@ -125,87 +125,14 @@ func TestCanaryParse(t *testing.T) {
}
func TestApplyWeight(t *testing.T) {
route := &networking.HTTPRoute{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"normal": "true",
},
},
},
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
}
canary1 := &networking.HTTPRoute{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary1": "true",
},
},
},
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "canary1",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
}
canary2 := &networking.HTTPRoute{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary2": "true",
},
},
},
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "canary2",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
}
ApplyByWeight(canary1, route, &Ingress{
Canary: &CanaryConfig{
Weight: 30,
},
})
ApplyByWeight(canary2, route, &Ingress{
Canary: &CanaryConfig{
Weight: 20,
},
})
expect := &networking.HTTPRoute{
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
testCases := []struct {
normal *networking.HTTPRoute
canary []*networking.HTTPRoute
config []*Ingress
expect *networking.HTTPRoute
}{
{
normal: &networking.HTTPRoute{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
@@ -213,51 +140,132 @@ func TestApplyWeight(t *testing.T) {
},
},
},
},
{
Destination: &networking.Destination{
Host: "canary1",
Port: &networking.PortSelector{
Number: 80,
},
},
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary1": "true",
},
},
},
Weight: 30,
FallbackClusters: []*networking.Destination{
Route: []*networking.HTTPRouteDestination{
{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
Destination: &networking.Destination{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
},
{
Destination: &networking.Destination{
Host: "canary2",
Port: &networking.PortSelector{
Number: 80,
canary: []*networking.HTTPRoute{
{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary1": "true",
},
},
},
},
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary2": "true",
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "canary1",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
},
Weight: 20,
FallbackClusters: []*networking.Destination{
{
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary2": "true",
},
},
},
Route: []*networking.HTTPRouteDestination{
{
Destination: &networking.Destination{
Host: "canary2",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
},
},
config: []*Ingress{
{
Canary: &CanaryConfig{
Weight: 30,
},
},
{
Canary: &CanaryConfig{
Weight: 20,
},
},
},
expect: &networking.HTTPRoute{
Route: []*networking.HTTPRouteDestination{
{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
Destination: &networking.Destination{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"normal": "true",
},
},
},
},
{
Destination: &networking.Destination{
Host: "canary1",
Port: &networking.PortSelector{
Number: 80,
},
},
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary1": "true",
},
},
},
Weight: 30,
FallbackClusters: []*networking.Destination{
{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
{
Destination: &networking.Destination{
Host: "canary2",
Port: &networking.PortSelector{
Number: 80,
},
},
Headers: &networking.Headers{
Request: &networking.Headers_HeaderOperations{
Add: map[string]string{
"canary2": "true",
},
},
},
Weight: 20,
FallbackClusters: []*networking.Destination{
{
Host: "normal",
Port: &networking.PortSelector{
Number: 80,
},
},
},
},
},
@@ -265,7 +273,22 @@ func TestApplyWeight(t *testing.T) {
},
}
if !reflect.DeepEqual(route, expect) {
t.Fatal("Should be equal")
for _, testCase := range testCases {
t.Run("", func(t *testing.T) {
for i := range testCase.canary {
canary := testCase.canary[i]
config := testCase.config[i]
ApplyByWeight(canary, testCase.normal, config)
}
for index, route := range testCase.normal.Route {
fmt.Printf("actual route %d: %+v\n", index, route)
}
for index, route := range testCase.expect.Route {
fmt.Printf("expect route %d: %+v\n", index, route)
}
assert.Equal(t, testCase.expect, testCase.normal)
})
}
}

7
pkg/ingress/kube/annotations/cors.go
View File

@@ -18,7 +18,8 @@ import (
"net/url"
"strings"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
"github.com/golang/protobuf/ptypes/wrappers"
networking "istio.io/api/networking/v1alpha3"
)
@@ -125,10 +126,10 @@ func (c cors) ApplyRoute(route *networking.HTTPRoute, config *Ingress) {
AllowMethods: corsConfig.AllowMethods,
AllowHeaders: corsConfig.AllowHeaders,
ExposeHeaders: corsConfig.ExposeHeaders,
AllowCredentials: &types.BoolValue{
AllowCredentials: &wrappers.BoolValue{
Value: corsConfig.AllowCredentials,
},
MaxAge: &types.Duration{
MaxAge: &duration.Duration{
Seconds: int64(corsConfig.MaxAge),
},
}

14
pkg/ingress/kube/annotations/cors_test.go
View File

@@ -18,8 +18,8 @@ import (
"reflect"
"testing"
"github.com/gogo/protobuf/proto"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
"github.com/golang/protobuf/ptypes/wrappers"
networking "istio.io/api/networking/v1alpha3"
)
@@ -216,10 +216,10 @@ func TestCorsApplyRoute(t *testing.T) {
AllowMethods: []string{"GET", "POST"},
AllowHeaders: []string{"test", "unique"},
ExposeHeaders: []string{"hello", "bye"},
AllowCredentials: &types.BoolValue{
AllowCredentials: &wrappers.BoolValue{
Value: true,
},
MaxAge: &types.Duration{
MaxAge: &duration.Duration{
Seconds: defaultMaxAge,
},
},
@@ -260,10 +260,10 @@ func TestCorsApplyRoute(t *testing.T) {
AllowMethods: []string{"GET", "POST"},
AllowHeaders: []string{"test", "unique"},
ExposeHeaders: []string{"hello", "bye"},
AllowCredentials: &types.BoolValue{
AllowCredentials: &wrappers.BoolValue{
Value: true,
},
MaxAge: &types.Duration{
MaxAge: &duration.Duration{
Seconds: defaultMaxAge,
},
},
@@ -274,7 +274,7 @@ func TestCorsApplyRoute(t *testing.T) {
for _, testCase := range testCases {
t.Run("", func(t *testing.T) {
cors.ApplyRoute(testCase.route, testCase.config)
if !proto.Equal(testCase.route, testCase.expect) {
if !reflect.DeepEqual(testCase.route, testCase.expect) {
t.Fatal("Must be equal.")
}
})

8
pkg/ingress/kube/annotations/default_backend.go
View File

@@ -17,11 +17,10 @@ package annotations
import (
"strconv"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/model"
"github.com/alibaba/higress/pkg/ingress/kube/util"
. "github.com/alibaba/higress/pkg/ingress/log"
networking "istio.io/api/networking/v1alpha3"
"k8s.io/apimachinery/pkg/types"
)
const (
@@ -40,7 +39,7 @@ var (
)
type FallbackConfig struct {
DefaultBackend model.NamespacedName
DefaultBackend types.NamespacedName
Port uint32
customHTTPErrors []uint32
}
@@ -114,7 +113,6 @@ func (f fallback) ApplyRoute(route *networking.HTTPRoute, config *Ingress) {
return
}
// Add fallback svc
route.Route[0].FallbackClusters = []*networking.Destination{
{
Host: util.CreateServiceFQDN(fallback.DefaultBackend.Namespace, fallback.DefaultBackend.Name),

15
pkg/ingress/kube/annotations/default_backend_test.go
View File

@@ -21,9 +21,10 @@ import (
"time"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/model"
"istio.io/istio/pkg/cluster"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes/fake"
listerv1 "k8s.io/client-go/listers/core/v1"
@@ -64,7 +65,7 @@ func TestFallbackParse(t *testing.T) {
buildNginxAnnotationKey(annDefaultBackend): "test/app",
},
expect: &FallbackConfig{
DefaultBackend: model.NamespacedName{
DefaultBackend: types.NamespacedName{
Namespace: "test",
Name: "app",
},
@@ -76,7 +77,7 @@ func TestFallbackParse(t *testing.T) {
buildHigressAnnotationKey(annDefaultBackend): "app",
},
expect: &FallbackConfig{
DefaultBackend: model.NamespacedName{
DefaultBackend: types.NamespacedName{
Namespace: "test",
Name: "app",
},
@@ -94,7 +95,7 @@ func TestFallbackParse(t *testing.T) {
buildNginxAnnotationKey(customHTTPError): "404,503",
},
expect: &FallbackConfig{
DefaultBackend: model.NamespacedName{
DefaultBackend: types.NamespacedName{
Namespace: "test",
Name: "app",
},
@@ -108,7 +109,7 @@ func TestFallbackParse(t *testing.T) {
buildNginxAnnotationKey(customHTTPError): "404,5ac",
},
expect: &FallbackConfig{
DefaultBackend: model.NamespacedName{
DefaultBackend: types.NamespacedName{
Namespace: "test",
Name: "app",
},
@@ -152,7 +153,7 @@ func TestFallbackApplyRoute(t *testing.T) {
{
config: &Ingress{
Fallback: &FallbackConfig{
DefaultBackend: model.NamespacedName{
DefaultBackend: types.NamespacedName{
Namespace: "test",
Name: "app",
},
@@ -222,7 +223,7 @@ func initGlobalContextForService() (*GlobalContext, context.CancelFunc) {
cache.WaitForCacheSync(ctx.Done(), serviceInformer.Informer().HasSynced)
return &GlobalContext{
ClusterServiceList: map[string]listerv1.ServiceLister{
ClusterServiceList: map[cluster.ID]listerv1.ServiceLister{
"cluster": serviceInformer.Lister(),
},
}, cancel

10
pkg/ingress/kube/annotations/destination_test.go
View File

@@ -18,7 +18,7 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
networking "istio.io/api/networking/v1alpha3"
)
@@ -119,11 +119,17 @@ func TestDestinationParse(t *testing.T) {
},
}
unexportedIgnoredTypes := []interface{}{
networking.HTTPRouteDestination{},
networking.Destination{},
networking.PortSelector{},
}
for _, testCase := range testCases {
t.Run("", func(t *testing.T) {
config := &Ingress{}
_ = parser.Parse(testCase.input, config, nil)
if diff := cmp.Diff(config.Destination, testCase.expect); diff != "" {
if diff := cmp.Diff(config.Destination, testCase.expect, cmpopts.IgnoreUnexported(unexportedIgnoredTypes...)); diff != "" {
t.Fatalf("TestDestinationParse() mismatch: (-want +got)\n%s", diff)
}
})

12
pkg/ingress/kube/annotations/downstreamtls.go
View File

@@ -18,18 +18,18 @@ import (
"strings"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/credentials/kube"
"istio.io/istio/pilot/pkg/model"
gatewaytool "istio.io/istio/pkg/config/gateway"
"istio.io/istio/pkg/config/security"
"k8s.io/apimachinery/pkg/types"
"github.com/alibaba/higress/pkg/ingress/kube/util"
. "github.com/alibaba/higress/pkg/ingress/log"
)
const (
authTLSSecret = "auth-tls-secret"
sslCipher = "ssl-cipher"
authTLSSecret = "auth-tls-secret"
sslCipher = "ssl-cipher"
gatewaySdsCaSuffix = "-cacert"
)
var (
@@ -40,7 +40,7 @@ var (
type DownstreamTLSConfig struct {
CipherSuites []string
Mode networking.ServerTLSSettings_TLSmode
CASecretName model.NamespacedName
CASecretName types.NamespacedName
}
type downstreamTLS struct{}
@@ -97,7 +97,7 @@ func (d downstreamTLS) ApplyGateway(gateway *networking.Gateway, config *Ingress
serverCert := extraSecret(server.Tls.CredentialName)
if downstreamTLSConfig.CASecretName.Namespace != serverCert.Namespace ||
(downstreamTLSConfig.CASecretName.Name != serverCert.Name &&
downstreamTLSConfig.CASecretName.Name != serverCert.Name+kube.GatewaySdsCaSuffix) {
downstreamTLSConfig.CASecretName.Name != serverCert.Name+gatewaySdsCaSuffix) {
IngressLog.Errorf("CA secret %s is invalid", downstreamTLSConfig.CASecretName.String())
} else {
server.Tls.Mode = downstreamTLSConfig.Mode

12
pkg/ingress/kube/annotations/downstreamtls_test.go
View File

@@ -19,7 +19,7 @@ import (
"testing"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/model"
"k8s.io/apimachinery/pkg/types"
)
var parser = downstreamTLS{}
@@ -45,7 +45,7 @@ func TestParse(t *testing.T) {
buildNginxAnnotationKey(sslCipher): "ECDHE-RSA-AES256-GCM-SHA384:AES128-SHA",
},
expect: &DownstreamTLSConfig{
CASecretName: model.NamespacedName{
CASecretName: types.NamespacedName{
Namespace: "foo",
Name: "test",
},
@@ -59,7 +59,7 @@ func TestParse(t *testing.T) {
DefaultAnnotationsPrefix + "/" + sslCipher: "ECDHE-RSA-AES256-GCM-SHA384:AES128-SHA",
},
expect: &DownstreamTLSConfig{
CASecretName: model.NamespacedName{
CASecretName: types.NamespacedName{
Namespace: "test",
Name: "foo",
},
@@ -138,7 +138,7 @@ func TestApplyGateway(t *testing.T) {
},
config: &Ingress{
DownstreamTLS: &DownstreamTLSConfig{
CASecretName: model.NamespacedName{
CASecretName: types.NamespacedName{
Namespace: "foo",
Name: "bar",
},
@@ -177,7 +177,7 @@ func TestApplyGateway(t *testing.T) {
},
config: &Ingress{
DownstreamTLS: &DownstreamTLSConfig{
CASecretName: model.NamespacedName{
CASecretName: types.NamespacedName{
Namespace: "foo",
Name: "bar-cacert",
},
@@ -216,7 +216,7 @@ func TestApplyGateway(t *testing.T) {
},
config: &Ingress{
DownstreamTLS: &DownstreamTLSConfig{
CASecretName: model.NamespacedName{
CASecretName: types.NamespacedName{
Namespace: "bar",
Name: "foo",
},

10
pkg/ingress/kube/annotations/ignore_case_test.go
View File

@@ -18,7 +18,7 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
networking "istio.io/api/networking/v1alpha3"
)
@@ -82,11 +82,17 @@ func TestIgnoreCaseMatching_ApplyRoute(t *testing.T) {
},
}
unexportedIgnoredTypes := []interface{}{
networking.HTTPRoute{},
networking.HTTPMatchRequest{},
networking.StringMatch{},
}
t.Run("", func(t *testing.T) {
for _, tt := range testCases {
handler.ApplyRoute(tt.input, tt.config)
if diff := cmp.Diff(tt.expect, tt.input); diff != "" {
if diff := cmp.Diff(tt.expect, tt.input, cmpopts.IgnoreUnexported(unexportedIgnoredTypes...)); diff != "" {
t.Fatalf("TestIgnoreCaseMatching_ApplyRoute() mismatch(-want +got): \n%s", diff)
}
}

5
pkg/ingress/kube/annotations/ip_access_control.go
View File

@@ -16,7 +16,7 @@ package annotations
import (
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
//"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
)
const (
@@ -82,7 +82,8 @@ func (i ipAccessControl) ApplyRoute(route *networking.HTTPRoute, config *Ingress
}
route.RouteHTTPFilters = append(route.RouteHTTPFilters, &networking.HTTPFilter{
Name: mseingress.IPAccessControl,
// TODO: hardcode
Name: "ip-access-control",
Filter: &networking.HTTPFilter_IpAccessControl{
IpAccessControl: filter,
},

10
pkg/ingress/kube/annotations/loadbalance.go
View File

@@ -17,7 +17,7 @@ package annotations
import (
"strings"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
networking "istio.io/api/networking/v1alpha3"
)
@@ -62,7 +62,7 @@ type consistentHashByOther struct {
type consistentHashByCookie struct {
name string
path string
age *types.Duration
age *duration.Duration
}
type LoadBalanceConfig struct {
@@ -89,7 +89,7 @@ func (l loadBalance) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
loadBalanceConfig.cookie = &consistentHashByCookie{
name: defaultAffinityCookieName,
path: defaultAffinityCookiePath,
age: &types.Duration{},
age: &duration.Duration{},
}
if name, err := annotations.ParseStringASAP(sessionCookieName); err == nil {
loadBalanceConfig.cookie.name = name
@@ -98,11 +98,11 @@ func (l loadBalance) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
loadBalanceConfig.cookie.path = path
}
if age, err := annotations.ParseIntASAP(sessionCookieMaxAge); err == nil {
loadBalanceConfig.cookie.age = &types.Duration{
loadBalanceConfig.cookie.age = &duration.Duration{
Seconds: int64(age),
}
} else if age, err = annotations.ParseIntASAP(sessionCookieExpires); err == nil {
loadBalanceConfig.cookie.age = &types.Duration{
loadBalanceConfig.cookie.age = &duration.Duration{
Seconds: int64(age),
}
}

20
pkg/ingress/kube/annotations/loadbalance_test.go
View File

@@ -18,7 +18,7 @@ import (
"reflect"
"testing"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
networking "istio.io/api/networking/v1alpha3"
)
@@ -35,10 +35,11 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(affinityMode): "balanced",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
cookie: &consistentHashByCookie{
name: defaultAffinityCookieName,
path: defaultAffinityCookiePath,
age: &types.Duration{},
age: &duration.Duration{},
},
},
},
@@ -51,10 +52,11 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(sessionCookieMaxAge): "100",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
cookie: &consistentHashByCookie{
name: "test",
path: "/test",
age: &types.Duration{
age: &duration.Duration{
Seconds: 100,
},
},
@@ -68,10 +70,11 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(sessionCookieExpires): "10",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
cookie: &consistentHashByCookie{
name: "test",
path: defaultAffinityCookiePath,
age: &types.Duration{
age: &duration.Duration{
Seconds: 10,
},
},
@@ -82,6 +85,7 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(upstreamHashBy): "$request_uri",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
other: &consistentHashByOther{
header: ":path",
},
@@ -92,6 +96,7 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(upstreamHashBy): "$host",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
other: &consistentHashByOther{
header: ":authority",
},
@@ -102,6 +107,7 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(upstreamHashBy): "$remote_addr",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
other: &consistentHashByOther{
header: "x-envoy-external-address",
},
@@ -112,6 +118,7 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(upstreamHashBy): "$http_test",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
other: &consistentHashByOther{
header: "test",
},
@@ -122,6 +129,7 @@ func TestLoadBalanceParse(t *testing.T) {
buildNginxAnnotationKey(upstreamHashBy): "$arg_query",
},
expect: &LoadBalanceConfig{
simple: networking.LoadBalancerSettings_ROUND_ROBIN,
other: &consistentHashByOther{
queryParam: "query",
},
@@ -158,7 +166,7 @@ func TestLoadBalanceApplyTrafficPolicy(t *testing.T) {
cookie: &consistentHashByCookie{
name: "test",
path: "/",
age: &types.Duration{
age: &duration.Duration{
Seconds: 100,
},
},
@@ -173,7 +181,7 @@ func TestLoadBalanceApplyTrafficPolicy(t *testing.T) {
HttpCookie: &networking.LoadBalancerSettings_ConsistentHashLB_HTTPCookie{
Name: "test",
Path: "/",
Ttl: &types.Duration{
Ttl: &duration.Duration{
Seconds: 100,
},
},

14
pkg/ingress/kube/annotations/local_rate_limit.go
View File

@@ -15,10 +15,9 @@
package annotations
import (
types "github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
//"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
)
const (
@@ -34,11 +33,11 @@ var (
_ Parser = localRateLimit{}
_ RouteHandler = localRateLimit{}
second = &types.Duration{
second = &duration.Duration{
Seconds: 1,
}
minute = &types.Duration{
minute = &duration.Duration{
Seconds: 60,
}
)
@@ -46,7 +45,7 @@ var (
type localRateLimitConfig struct {
TokensPerFill uint32
MaxTokens uint32
FillInterval *types.Duration
FillInterval *duration.Duration
}
type localRateLimit struct{}
@@ -90,7 +89,8 @@ func (l localRateLimit) ApplyRoute(route *networking.HTTPRoute, config *Ingress)
}
route.RouteHTTPFilters = append(route.RouteHTTPFilters, &networking.HTTPFilter{
Name: mseingress.LocalRateLimit,
// TODO: hardcode
Name: "local-rate-limit",
Filter: &networking.HTTPFilter_LocalRateLimit{
LocalRateLimit: &networking.LocalRateLimit{
TokenBucket: &networking.TokenBucket{

4
pkg/ingress/kube/annotations/local_rate_limit_test.go
View File

@@ -19,7 +19,6 @@ import (
"testing"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
)
func TestLocalRateLimitParse(t *testing.T) {
@@ -99,7 +98,8 @@ func TestLocalRateLimitApplyRoute(t *testing.T) {
expect: &networking.HTTPRoute{
RouteHTTPFilters: []*networking.HTTPFilter{
{
Name: mseingress.LocalRateLimit,
// TODO: hardcode
Name: "local-rate-limit",
Filter: &networking.HTTPFilter_LocalRateLimit{
LocalRateLimit: &networking.LocalRateLimit{
TokenBucket: &networking.TokenBucket{

9
pkg/ingress/kube/annotations/match_test.go
View File

@@ -19,6 +19,7 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
networking "istio.io/api/networking/v1alpha3"
)
@@ -401,10 +402,16 @@ func TestMatch_ApplyRoute(t *testing.T) {
},
}
unexportedIgnoredTypes := []interface{}{
networking.HTTPRoute{},
networking.HTTPMatchRequest{},
networking.StringMatch{},
}
for _, tt := range testCases {
t.Run("", func(t *testing.T) {
handler.ApplyRoute(tt.input, tt.config)
if diff := cmp.Diff(tt.expect, tt.input); diff != "" {
if diff := cmp.Diff(tt.expect, tt.input, cmpopts.IgnoreUnexported(unexportedIgnoredTypes...)); diff != "" {
t.Fatalf("TestMatch_Parse() mismatch (-want +got):\n%s", diff)
}
})

9
pkg/ingress/kube/annotations/retry.go
View File

@@ -17,8 +17,7 @@ package annotations
import (
"strings"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
networking "istio.io/api/networking/v1alpha3"
)
@@ -39,7 +38,7 @@ var (
type RetryConfig struct {
retryCount int32
perRetryTimeout *types.Duration
perRetryTimeout *duration.Duration
retryOn string
}
@@ -52,7 +51,7 @@ func (r retry) Parse(annotations Annotations, config *Ingress, _ *GlobalContext)
retryConfig := &RetryConfig{
retryCount: defaultRetryCount,
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
retryOn: defaultRetryOn,
}
defer func() {
@@ -64,7 +63,7 @@ func (r retry) Parse(annotations Annotations, config *Ingress, _ *GlobalContext)
}
if timeout, err := annotations.ParseIntASAP(perRetryTimeout); err == nil {
retryConfig.perRetryTimeout = &types.Duration{
retryConfig.perRetryTimeout = &duration.Duration{
Seconds: int64(timeout),
}
}

21
pkg/ingress/kube/annotations/retry_test.go
View File

@@ -18,9 +18,8 @@ import (
"reflect"
"testing"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
"github.com/stretchr/testify/assert"
networking "istio.io/api/networking/v1alpha3"
)
@@ -38,7 +37,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 1,
retryOn: "5xx",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -47,7 +46,7 @@ func TestRetryParse(t *testing.T) {
},
expect: &RetryConfig{
retryCount: 3,
perRetryTimeout: &types.Duration{
perRetryTimeout: &duration.Duration{
Seconds: 10,
},
retryOn: "5xx",
@@ -61,7 +60,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 0,
retryOn: "5xx",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -72,7 +71,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 2,
retryOn: "5xx",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -83,7 +82,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 2,
retryOn: "5xx",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -93,7 +92,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 3,
retryOn: "5xx,non_idempotent",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -103,7 +102,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 3,
retryOn: "5xx,non_idempotent",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -113,7 +112,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 3,
retryOn: "5xx,retriable-status-codes,503,502,404",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
{
@@ -123,7 +122,7 @@ func TestRetryParse(t *testing.T) {
expect: &RetryConfig{
retryCount: 3,
retryOn: "5xx,retriable-status-codes,503,502,404",
perRetryTimeout: &types.Duration{},
perRetryTimeout: &duration.Duration{},
},
},
}

28
pkg/ingress/kube/annotations/rewrite.go
View File

@@ -15,6 +15,7 @@
package annotations
import (
"fmt"
"regexp"
"strings"
@@ -79,8 +80,13 @@ func (r rewrite) ApplyRoute(route *networking.HTTPRoute, config *Ingress) {
route.Rewrite.Uri = rewriteConfig.RewritePath
for _, match := range route.Match {
if strings.HasSuffix(match.Uri.GetPrefix(), "/") {
if !strings.HasSuffix(route.Rewrite.Uri, "/") {
route.Rewrite.Uri += "/"
if !strings.HasSuffix(rewriteConfig.RewritePath, "/") {
route.Rewrite.Uri = ""
matchPattern := fmt.Sprintf("^%s(/.*)?", strings.TrimSuffix(match.Uri.GetPrefix(), "/"))
route.Rewrite.UriRegexRewrite = &networking.RegexRewrite{
Match: matchPattern,
Rewrite: fmt.Sprintf(`%s\1`, rewriteConfig.RewritePath),
}
}
break
}
@@ -88,19 +94,19 @@ func (r rewrite) ApplyRoute(route *networking.HTTPRoute, config *Ingress) {
} else if rewriteConfig.RewriteTarget != "" {
uri := route.Match[0].Uri
if uri.GetExact() != "" {
route.Rewrite.UriRegex = &networking.RegexMatchAndSubstitute{
Pattern: uri.GetExact(),
Substitution: rewriteConfig.RewriteTarget,
route.Rewrite.UriRegexRewrite = &networking.RegexRewrite{
Match: uri.GetExact(),
Rewrite: rewriteConfig.RewriteTarget,
}
} else if uri.GetPrefix() != "" {
route.Rewrite.UriRegex = &networking.RegexMatchAndSubstitute{
Pattern: uri.GetPrefix(),
Substitution: rewriteConfig.RewriteTarget,
route.Rewrite.UriRegexRewrite = &networking.RegexRewrite{
Match: "^" + uri.GetPrefix(),
Rewrite: rewriteConfig.RewriteTarget,
}
} else {
route.Rewrite.UriRegex = &networking.RegexMatchAndSubstitute{
Pattern: uri.GetRegex(),
Substitution: rewriteConfig.RewriteTarget,
route.Rewrite.UriRegexRewrite = &networking.RegexRewrite{
Match: uri.GetRegex(),
Rewrite: rewriteConfig.RewriteTarget,
}
}
}

34
pkg/ingress/kube/annotations/rewrite_test.go
View File

@@ -18,6 +18,7 @@ import (
"reflect"
"testing"
"github.com/stretchr/testify/assert"
networking "istio.io/api/networking/v1alpha3"
)
@@ -197,9 +198,9 @@ func TestRewriteApplyRoute(t *testing.T) {
},
},
Rewrite: &networking.HTTPRewrite{
UriRegex: &networking.RegexMatchAndSubstitute{
Pattern: "/hello",
Substitution: "/test",
UriRegexRewrite: &networking.RegexRewrite{
Match: "/hello",
Rewrite: "/test",
},
},
},
@@ -246,9 +247,9 @@ func TestRewriteApplyRoute(t *testing.T) {
},
},
Rewrite: &networking.HTTPRewrite{
UriRegex: &networking.RegexMatchAndSubstitute{
Pattern: "/hello",
Substitution: "/test",
UriRegexRewrite: &networking.RegexRewrite{
Match: "/hello",
Rewrite: "/test",
},
Authority: "test.com",
},
@@ -331,7 +332,10 @@ func TestRewriteApplyRoute(t *testing.T) {
},
},
Rewrite: &networking.HTTPRewrite{
Uri: "/test/",
UriRegexRewrite: &networking.RegexRewrite{
Match: "^/hello(/.*)?",
Rewrite: `/test\1`,
},
},
},
},
@@ -363,9 +367,9 @@ func TestRewriteApplyRoute(t *testing.T) {
},
},
Rewrite: &networking.HTTPRewrite{
UriRegex: &networking.RegexMatchAndSubstitute{
Pattern: "/exact",
Substitution: "/test",
UriRegexRewrite: &networking.RegexRewrite{
Match: "/exact",
Rewrite: "/test",
},
},
},
@@ -398,9 +402,9 @@ func TestRewriteApplyRoute(t *testing.T) {
},
},
Rewrite: &networking.HTTPRewrite{
UriRegex: &networking.RegexMatchAndSubstitute{
Pattern: "/prefix",
Substitution: "/test",
UriRegexRewrite: &networking.RegexRewrite{
Match: "^/prefix",
Rewrite: "/test",
},
},
},
@@ -410,9 +414,7 @@ func TestRewriteApplyRoute(t *testing.T) {
for _, inputCase := range inputCases {
t.Run("", func(t *testing.T) {
rewrite.ApplyRoute(inputCase.input, inputCase.config)
if !reflect.DeepEqual(inputCase.input, inputCase.expect) {
t.Fatal("Should be equal")
}
assert.Equal(t, inputCase.expect, inputCase.input)
})
}
}

5
pkg/ingress/kube/annotations/timeout.go
View File

@@ -16,6 +16,7 @@ package annotations
import (
types "github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/duration"
networking "istio.io/api/networking/v1alpha3"
)
@@ -54,7 +55,9 @@ func (t timeout) ApplyRoute(route *networking.HTTPRoute, config *Ingress) {
return
}
route.Timeout = timeout.time
route.Timeout = &duration.Duration{
Seconds: timeout.time.Seconds,
}
}
func needTimeoutConfig(annotations Annotations) bool {

3
pkg/ingress/kube/annotations/timeout_test.go
View File

@@ -15,6 +15,7 @@
package annotations
import (
"github.com/golang/protobuf/ptypes/duration"
"reflect"
"testing"
@@ -104,7 +105,7 @@ func TestTimeoutApplyRoute(t *testing.T) {
},
input: &networking.HTTPRoute{},
expect: &networking.HTTPRoute{
Timeout: &types.Duration{
Timeout: &duration.Duration{
Seconds: 10,
},
},

4
pkg/ingress/kube/annotations/upstreamtls.go
View File

@@ -18,7 +18,7 @@ import (
"regexp"
"strings"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes/wrappers"
networking "istio.io/api/networking/v1alpha3"
"istio.io/istio/pilot/pkg/model/credentials"
@@ -155,7 +155,7 @@ func processMTLS(config *Ingress) *networking.ClientTLSSettings {
if !config.UpstreamTLS.SSLVerify {
// This api InsecureSkipVerify hasn't been support yet.
// Until this pr https://github.com/istio/istio/pull/35357.
tls.InsecureSkipVerify = &types.BoolValue{
tls.InsecureSkipVerify = &wrappers.BoolValue{
Value: false,
}
}

10
pkg/ingress/kube/annotations/upstreamtls_test.go
View File

@@ -18,7 +18,7 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
networking "istio.io/api/networking/v1alpha3"
)
@@ -148,11 +148,17 @@ func TestApplyTrafficPolicy(t *testing.T) {
},
},
}
unexportedIgnoredTypes := []interface{}{
networking.TrafficPolicy_PortTrafficPolicy{},
networking.ClientTLSSettings{},
networking.ConnectionPoolSettings{},
networking.ConnectionPoolSettings_HTTPSettings{},
}
for _, testCase := range testCases {
t.Run("", func(t *testing.T) {
parser.ApplyTrafficPolicy(nil, testCase.input, testCase.config)
if diff := cmp.Diff(testCase.expect, testCase.input); diff != "" {
if diff := cmp.Diff(testCase.expect, testCase.input, cmpopts.IgnoreUnexported(unexportedIgnoredTypes...)); diff != "" {
t.Fatalf("TestApplyTrafficPolicy() mismatch (-want +got): \n%s", diff)
}
})

14
pkg/ingress/kube/annotations/util.go
View File

@@ -17,20 +17,20 @@ package annotations
import (
"strings"
"istio.io/istio/pilot/pkg/model"
"istio.io/istio/pilot/pkg/model/credentials"
"istio.io/istio/pilot/pkg/util/sets"
"istio.io/istio/pkg/util/sets"
"k8s.io/apimachinery/pkg/types"
)
func extraSecret(name string) model.NamespacedName {
result := model.NamespacedName{}
func extraSecret(name string) types.NamespacedName {
result := types.NamespacedName{}
res := strings.TrimPrefix(name, credentials.KubernetesIngressSecretTypeURI)
split := strings.Split(res, "/")
if len(split) != 3 {
return result
}
return model.NamespacedName{
return types.NamespacedName{
Namespace: split[1],
Name: split[2],
}
@@ -49,6 +49,6 @@ func splitBySeparator(content, separator string) []string {
return result
}
func toSet(slice []string) sets.Set {
return sets.NewSet(slice...)
func toSet(slice []string) sets.Set[string] {
return sets.New[string](slice...)
}

10
pkg/ingress/kube/annotations/util_test.go
View File

@@ -19,25 +19,25 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"istio.io/istio/pilot/pkg/model"
"k8s.io/apimachinery/pkg/types"
)
func TestExtraSecret(t *testing.T) {
inputCases := []struct {
input string
expect model.NamespacedName
expect types.NamespacedName
}{
{
input: "test/test",
expect: model.NamespacedName{},
expect: types.NamespacedName{},
},
{
input: "kubernetes-ingress://test/test",
expect: model.NamespacedName{},
expect: types.NamespacedName{},
},
{
input: "kubernetes-ingress://cluster/foo/bar",
expect: model.NamespacedName{
expect: types.NamespacedName{
Namespace: "foo",
Name: "bar",
},