feat: Support installing higress to a K8s cluster with kernel version < 4.11 (#301 )

fix: Bug issue template is broken (#292 )
chore: Introduce issue chooser for better issue reporting (#294 )
2026-02-25 13:10:50 +08:00 · 2023-04-24 15:29:39 +08:00 · 2023-04-12 21:03:43 +08:00 · 2023-04-12 21:03:22 +08:00 · 2023-04-12 21:02:39 +08:00 · 2023-04-10 17:12:08 +08:00
19 changed files with 201 additions and 103 deletions
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Ask a question 💬
+    url: https://github.com/alibaba/higress/discussions
+    about: Ask a question or request support for using Higress.
--- a/.github/ISSUE_TEMPLATE/non--crash-security--bug.md
+++ b/.github/ISSUE_TEMPLATE/non--crash-security--bug.md
@@ -10,14 +10,6 @@ assignees: ''
 **If you are reporting *any* crash or *any* potential security issue, *do not*
 open an issue in this repo. Please report the issue via [ASRC](https://security.alibaba.com/)(Alibaba Security Response Center) where the issue will be triaged appropriately.**

-
---
-name: Bug Report
-about: If you would like to report an issue to Higress, please use this template.
-
-
---
-
 - [ ] I have searched the [issues](https://github.com/alibaba/higress/issues) of this repository and believe that this is not a duplicate.

 ### Ⅰ. Issue Description
--- a/README.md
+++ b/README.md
@@ -23,12 +23,14 @@ Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源
 ![arch](https://img.alicdn.com/imgextra/i4/O1CN01OgGP1728t0xeRfRYJ_!!6000000007989-0-tps-1726-1366.jpg)

 ## Summary
-
+    
+- [**功能展示**](#功能展示)
 - [**使用场景**](#使用场景)
 - [**核心优势**](#核心优势)
 - [**Quick Start**](https://higress.io/zh-cn/docs/user/quickstart)
 - [**社区**](#社区)

+
 ## 使用场景

 - **Kubernetes Ingress 网关**:
@@ -73,6 +75,42 @@ Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源

  插件支持热更新，变更插件逻辑和配置都对流量无损。

+## 功能展示
+    
+- **丰富的可观测**
+
+  提供开箱即用的可观测，Grafana&Prometheus 可以使用内置的也可对接自建的
+
+  ![](./docs/images/monitor.gif)
+    
+
+- **插件扩展机制**
+
+  官方提供了多种插件，用户也可以[开发](./plugins/wasm-go)自己的插件，构建成 docker/oci 镜像后在控制台配置，可以实时变更插件逻辑，对流量完全无损。
+
+  ![](./docs/images/plugin.gif)
+
+
+- **多种服务发现**
+
+  默认提供 K8s Service 服务发现，通过配置可以对接 Nacos/ZooKeeper 等注册中心实现服务发现，也可以基于静态 IP 或者 DNS 来发现
+
+  ![](./docs/images/service-source.gif)
+    
+
+- **域名和证书**
+
+  可以创建管理 TLS 证书，并配置域名的 HTTP/HTTPS 行为，域名策略里支持对特定域名生效插件
+
+  ![](./docs/images/domain.gif)
+
+
+- **丰富的路由能力**
+
+  通过上面定义的服务发现机制，发现的服务会出现在服务列表中；创建路由时，选择域名，定义路由匹配机制，再选择目标服务进行路由；路由策略里支持对特定路由生效插件
+
+  ![](./docs/images/route-service.gif)
+

 ## 社区

--- a/docs/images/domain.gif
+++ b/docs/images/domain.gif
--- a/docs/images/monitor.gif
+++ b/docs/images/monitor.gif
--- a/docs/images/plugin.gif
+++ b/docs/images/plugin.gif
--- a/docs/images/route-service.gif
+++ b/docs/images/route-service.gif
--- a/docs/images/service-source.gif
+++ b/docs/images/service-source.gif
--- a/helm/core/templates/deployment.yaml
+++ b/helm/core/templates/deployment.yaml
@@ -1,3 +1,13 @@
+{{- $unprivilegedPortSupported := true }}
+{{- range $index, $node := (lookup "v1" "Node" "default" "").items }}
+    {{- $kernelVersion := $node.status.nodeInfo.kernelVersion }}
+    {{- if $kernelVersion }}
+      {{- $kernelVersion = regexFind "^(\\d+\\.\\d+\\.\\d+)" $kernelVersion }}
+      {{- if and $kernelVersion (semverCompare "<4.11.0" $kernelVersion) }}
+      {{-   $unprivilegedPortSupported = false }}
+      {{- end }}
+    {{- end }}
+{{- end -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -50,7 +60,7 @@ spec:
      securityContext:
      {{- if .Values.gateway.securityContext }}
        {{- toYaml .Values.gateway.securityContext | nindent 8 }}
-      {{- else if and (not .Values.gateway.hostNetwork) (semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion) }}
+      {{- else if and $unprivilegedPortSupported (and (not .Values.gateway.hostNetwork) (semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion)) }}
        # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326
        sysctls:
        - name: net.ipv4.ip_unprivileged_port_start
@@ -71,7 +81,7 @@ spec:
          securityContext:
          {{- if .Values.gateway.containerSecurityContext }}
            {{- toYaml .Values.gateway.containerSecurityContext | nindent 12 }}
-          {{- else if and (not .Values.gateway.hostNetwork) (semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion) }}
+          {{- else if and $unprivilegedPortSupported (and (not .Values.gateway.hostNetwork) (semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion)) }}
            # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326
            capabilities:
              drop:
--- a/pkg/ingress/config/ingress_config.go
+++ b/pkg/ingress/config/ingress_config.go
@@ -559,27 +559,36 @@ func (m *IngressConfig) convertDestinationRule(configs []common.WrapperConfig) [
 	IngressLog.Debugf("traffic policy number %d", len(convertOptions.Service2TrafficPolicy))

 	for _, wrapperTrafficPolicy := range convertOptions.Service2TrafficPolicy {
-		m.annotationHandler.ApplyTrafficPolicy(wrapperTrafficPolicy.TrafficPolicy, wrapperTrafficPolicy.WrapperConfig.AnnotationsConfig)
+		m.annotationHandler.ApplyTrafficPolicy(wrapperTrafficPolicy.TrafficPolicy, wrapperTrafficPolicy.PortTrafficPolicy, wrapperTrafficPolicy.WrapperConfig.AnnotationsConfig)
 	}

 	// Merge multi-port traffic policy per service into one destination rule.
 	destinationRules := map[string]*common.WrapperDestinationRule{}
 	for key, wrapperTrafficPolicy := range convertOptions.Service2TrafficPolicy {
-		serviceName := util.CreateServiceFQDN(key.Namespace, key.Name)
+		var serviceName string
+		if key.ServiceFQDN != "" {
+			serviceName = key.ServiceFQDN
+		} else {
+			serviceName = util.CreateServiceFQDN(key.Namespace, key.Name)
+		}
 		dr, exist := destinationRules[serviceName]
 		if !exist {
+			trafficPolicy := &networking.TrafficPolicy{}
+			if wrapperTrafficPolicy.PortTrafficPolicy != nil {
+				trafficPolicy.PortLevelSettings = []*networking.TrafficPolicy_PortTrafficPolicy{wrapperTrafficPolicy.PortTrafficPolicy}
+			} else if wrapperTrafficPolicy.TrafficPolicy != nil {
+				trafficPolicy = wrapperTrafficPolicy.TrafficPolicy
+			}
 			dr = &common.WrapperDestinationRule{
 				DestinationRule: &networking.DestinationRule{
-					Host: serviceName,
-					TrafficPolicy: &networking.TrafficPolicy{
-						PortLevelSettings: []*networking.TrafficPolicy_PortTrafficPolicy{wrapperTrafficPolicy.TrafficPolicy},
-					},
+					Host:          serviceName,
+					TrafficPolicy: trafficPolicy,
 				},
 				WrapperConfig: wrapperTrafficPolicy.WrapperConfig,
 				ServiceKey:    key,
 			}
-		} else {
-			dr.DestinationRule.TrafficPolicy.PortLevelSettings = append(dr.DestinationRule.TrafficPolicy.PortLevelSettings, wrapperTrafficPolicy.TrafficPolicy)
+		} else if wrapperTrafficPolicy.PortTrafficPolicy != nil {
+			dr.DestinationRule.TrafficPolicy.PortLevelSettings = append(dr.DestinationRule.TrafficPolicy.PortLevelSettings, wrapperTrafficPolicy.PortTrafficPolicy)
 		}

 		destinationRules[serviceName] = dr
--- a/pkg/ingress/kube/annotations/annotations.go
+++ b/pkg/ingress/kube/annotations/annotations.go
@@ -192,8 +192,8 @@ func (h *AnnotationHandlerManager) ApplyRoute(route *networking.HTTPRoute, confi
 	}
 }

-func (h *AnnotationHandlerManager) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
+func (h *AnnotationHandlerManager) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy, portTrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
 	for _, handler := range h.trafficPolicyHandlers {
-		handler.ApplyTrafficPolicy(trafficPolicy, config)
+		handler.ApplyTrafficPolicy(trafficPolicy, portTrafficPolicy, config)
 	}
 }
--- a/pkg/ingress/kube/annotations/interface.go
+++ b/pkg/ingress/kube/annotations/interface.go
@@ -38,5 +38,5 @@ type RouteHandler interface {

 type TrafficPolicyHandler interface {
 	// ApplyTrafficPolicy parsed ingress annotation config reflected on traffic policy
-	ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress)
+	ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy, portTrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress)
 }
--- a/pkg/ingress/kube/annotations/loadbalance.go
+++ b/pkg/ingress/kube/annotations/loadbalance.go
@@ -136,14 +136,16 @@ func (l loadBalance) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
 	return nil
 }

-func (l loadBalance) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
+func (l loadBalance) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy, portTrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
 	loadBalanceConfig := config.LoadBalance
 	if loadBalanceConfig == nil {
 		return
 	}

+	var loadBalancer *networking.LoadBalancerSettings
+
 	if loadBalanceConfig.cookie != nil {
-		trafficPolicy.LoadBalancer = &networking.LoadBalancerSettings{
+		loadBalancer = &networking.LoadBalancerSettings{
 			LbPolicy: &networking.LoadBalancerSettings_ConsistentHash{
 				ConsistentHash: &networking.LoadBalancerSettings_ConsistentHashLB{
 					HashKey: &networking.LoadBalancerSettings_ConsistentHashLB_HttpCookie{
@@ -171,18 +173,25 @@ func (l loadBalance) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_
 				},
 			}
 		}
-		trafficPolicy.LoadBalancer = &networking.LoadBalancerSettings{
+		loadBalancer = &networking.LoadBalancerSettings{
 			LbPolicy: &networking.LoadBalancerSettings_ConsistentHash{
 				ConsistentHash: consistentHash,
 			},
 		}
 	} else {
-		trafficPolicy.LoadBalancer = &networking.LoadBalancerSettings{
+		loadBalancer = &networking.LoadBalancerSettings{
 			LbPolicy: &networking.LoadBalancerSettings_Simple{
 				Simple: loadBalanceConfig.simple,
 			},
 		}
 	}
+
+	if trafficPolicy != nil {
+		trafficPolicy.LoadBalancer = loadBalancer
+	}
+	if portTrafficPolicy != nil {
+		portTrafficPolicy.LoadBalancer = loadBalancer
+	}
 }

 func isCookieAffinity(annotations Annotations) bool {
--- a/pkg/ingress/kube/annotations/loadbalance_test.go
+++ b/pkg/ingress/kube/annotations/loadbalance_test.go
@@ -229,7 +229,7 @@ func TestLoadBalanceApplyTrafficPolicy(t *testing.T) {

 	for _, inputCase := range inputCases {
 		t.Run("", func(t *testing.T) {
-			loadBalance.ApplyTrafficPolicy(inputCase.input, inputCase.config)
+			loadBalance.ApplyTrafficPolicy(nil, inputCase.input, inputCase.config)
 			if !reflect.DeepEqual(inputCase.input, inputCase.expect) {
 				t.Fatal("Should be equal")
 			}
--- a/pkg/ingress/kube/annotations/upstreamtls.go
+++ b/pkg/ingress/kube/annotations/upstreamtls.go
@@ -75,6 +75,20 @@ func (u upstreamTLS) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
 		}
 	}

+	if sslVerify, err := annotations.ParseStringASAP(proxySSLVerify); err == nil {
+		if OnOffRegex.MatchString(sslVerify) {
+			upstreamTLSConfig.SSLVerify = onOffToBool(sslVerify)
+		}
+	}
+
+	upstreamTLSConfig.SNI, _ = annotations.ParseStringASAP(proxySSLName)
+
+	if enableSNI, err := annotations.ParseStringASAP(proxySSLServerName); err == nil {
+		if OnOffRegex.MatchString(enableSNI) {
+			upstreamTLSConfig.EnableSNI = onOffToBool(enableSNI)
+		}
+	}
+
 	secretName, _ := annotations.ParseStringASAP(proxySSLSecret)
 	namespacedName := util.SplitNamespacedName(secretName)
 	if namespacedName.Name == "" {
@@ -86,32 +100,19 @@ func (u upstreamTLS) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
 	}
 	upstreamTLSConfig.SecretName = namespacedName.String()

-	if sslVerify, err := annotations.ParseStringASAP(proxySSLVerify); err == nil {
-		if OnOffRegex.MatchString(sslVerify) {
-			upstreamTLSConfig.SSLVerify = onOffToBool(sslVerify)
-		}
-	}
-
-	upstreamTLSConfig.SNI, _ = annotations.ParseStringASAP(proxySSLName)
-
-	if enableSNI, err := annotations.ParseStringASAP(proxySSLServerName); err == nil {
-		if OnOffRegex.MatchString(enableSNI) {
-			upstreamTLSConfig.SSLVerify = onOffToBool(enableSNI)
-		}
-	}
-
 	return nil
 }

-func (u upstreamTLS) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
+func (u upstreamTLS) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy, portTrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy, config *Ingress) {
 	if config.UpstreamTLS == nil {
 		return
 	}

 	upstreamTLSConfig := config.UpstreamTLS

+	var connectionPool *networking.ConnectionPoolSettings
 	if isH2(upstreamTLSConfig.BackendProtocol) {
-		trafficPolicy.ConnectionPool = &networking.ConnectionPoolSettings{
+		connectionPool = &networking.ConnectionPoolSettings{
 			Http: &networking.ConnectionPoolSettings_HTTPSettings{
 				H2UpgradePolicy: networking.ConnectionPoolSettings_HTTPSettings_UPGRADE,
 			},
@@ -125,8 +126,14 @@ func (u upstreamTLS) ApplyTrafficPolicy(trafficPolicy *networking.TrafficPolicy_
 	} else if isHTTPS(upstreamTLSConfig.BackendProtocol) {
 		tls = processSimple(config)
 	}
-
-	trafficPolicy.Tls = tls
+	if trafficPolicy != nil {
+		trafficPolicy.ConnectionPool = connectionPool
+		trafficPolicy.Tls = tls
+	}
+	if portTrafficPolicy != nil {
+		portTrafficPolicy.ConnectionPool = connectionPool
+		portTrafficPolicy.Tls = tls
+	}
 }

 func processMTLS(config *Ingress) *networking.ClientTLSSettings {
--- a/pkg/ingress/kube/annotations/upstreamtls_test.go
+++ b/pkg/ingress/kube/annotations/upstreamtls_test.go
@@ -47,6 +47,7 @@ func TestUpstreamTLSParse(t *testing.T) {
 				SSLVerify:       true,
 				SNI:             "SSLName",
 				SecretName:      "namespace/SSLSecret",
+				EnableSNI:       true,
 			},
 		},
 		{
@@ -60,9 +61,10 @@ func TestUpstreamTLSParse(t *testing.T) {
 			},
 			expect: &UpstreamTLSConfig{
 				BackendProtocol: "HTTP2",
-				SSLVerify:       false,
-				SNI:             "",
+				SSLVerify:       true,
+				SNI:             "SSLName",
 				SecretName:      "",
+				EnableSNI:       true,
 			},
 		},
 	}
@@ -143,7 +145,7 @@ func TestApplyTrafficPolicy(t *testing.T) {

 	for _, testCase := range testCases {
 		t.Run("", func(t *testing.T) {
-			parser.ApplyTrafficPolicy(testCase.input, testCase.config)
+			parser.ApplyTrafficPolicy(nil, testCase.input, testCase.config)
 			if diff := cmp.Diff(testCase.expect, testCase.input); diff != "" {
 				t.Fatalf("TestApplyTrafficPolicy() mismatch (-want +got): \n%s", diff)
 			}
--- a/pkg/ingress/kube/common/controller.go
+++ b/pkg/ingress/kube/common/controller.go
@@ -28,9 +28,10 @@ import (
 )

 type ServiceKey struct {
-	Namespace string
-	Name      string
-	Port      int32
+	Namespace   string
+	Name        string
+	ServiceFQDN string
+	Port        int32
 }

 type WrapperConfig struct {
@@ -98,8 +99,9 @@ type WrapperVirtualService struct {
 }

 type WrapperTrafficPolicy struct {
-	TrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy
-	WrapperConfig *WrapperConfig
+	TrafficPolicy     *networking.TrafficPolicy
+	PortTrafficPolicy *networking.TrafficPolicy_PortTrafficPolicy
+	WrapperConfig     *WrapperConfig
 }

 type WrapperDestinationRule struct {
--- a/pkg/ingress/kube/ingress/controller.go
+++ b/pkg/ingress/kube/ingress/controller.go
@@ -848,20 +848,9 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 	}

 	if ingressV1Beta.Backend != nil {
-		serviceKey, err := c.createServiceKey(ingressV1Beta.Backend, cfg.Namespace)
+		err := c.storeBackendTrafficPolicy(wrapper, ingressV1Beta.Backend, convertOptions.Service2TrafficPolicy)
 		if err != nil {
-			IngressLog.Errorf("ignore default service %s within ingress %s/%s", serviceKey.Name, cfg.Namespace, cfg.Name)
-		} else {
-			if _, exist := convertOptions.Service2TrafficPolicy[serviceKey]; !exist {
-				convertOptions.Service2TrafficPolicy[serviceKey] = &common.WrapperTrafficPolicy{
-					TrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
-						Port: &networking.PortSelector{
-							Number: uint32(serviceKey.Port),
-						},
-					},
-					WrapperConfig: wrapper,
-				}
-			}
+			IngressLog.Errorf("ignore default service within ingress %s/%s, since error:%v", cfg.Namespace, cfg.Name, err)
 		}
 	}

@@ -871,22 +860,46 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 		}

 		for _, httpPath := range rule.HTTP.Paths {
-			if httpPath.Backend.ServiceName == "" {
-				continue
-			}
-
-			serviceKey, err := c.createServiceKey(&httpPath.Backend, cfg.Namespace)
+			err := c.storeBackendTrafficPolicy(wrapper, &httpPath.Backend, convertOptions.Service2TrafficPolicy)
 			if err != nil {
-				IngressLog.Errorf("ignore service %s within ingress %s/%s", serviceKey.Name, cfg.Namespace, cfg.Name)
-				continue
+				IngressLog.Errorf("ignore service within ingress %s/%s, since error:%v", cfg.Namespace, cfg.Name, err)
 			}
+		}
+	}

-			if _, exist := convertOptions.Service2TrafficPolicy[serviceKey]; exist {
-				continue
+	return nil
+}
+
+func (c *controller) storeBackendTrafficPolicy(wrapper *common.WrapperConfig, backend *ingress.IngressBackend, store map[common.ServiceKey]*common.WrapperTrafficPolicy) error {
+	if backend == nil {
+		return errors.New("invalid empty backend")
+	}
+	if common.ValidateBackendResource(backend.Resource) && wrapper.AnnotationsConfig.Destination != nil {
+		for _, dest := range wrapper.AnnotationsConfig.Destination.McpDestination {
+			serviceKey := common.ServiceKey{
+				Namespace:   "mcp",
+				Name:        dest.Destination.Host,
+				ServiceFQDN: dest.Destination.Host,
 			}
+			if _, exist := store[serviceKey]; !exist {
+				store[serviceKey] = &common.WrapperTrafficPolicy{
+					TrafficPolicy: &networking.TrafficPolicy{},
+					WrapperConfig: wrapper,
+				}
+			}
+		}
+	} else {
+		if backend.ServiceName == "" {
+			return nil
+		}
+		serviceKey, err := c.createServiceKey(backend, wrapper.Config.Namespace)
+		if err != nil {
+			return fmt.Errorf("ignore service %s within ingress %s/%s", serviceKey.Name, wrapper.Config.Namespace, wrapper.Config.Name)
+		}

-			convertOptions.Service2TrafficPolicy[serviceKey] = &common.WrapperTrafficPolicy{
-				TrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
+		if _, exist := store[serviceKey]; !exist {
+			store[serviceKey] = &common.WrapperTrafficPolicy{
+				PortTrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
 					Port: &networking.PortSelector{
 						Number: uint32(serviceKey.Port),
 					},
@@ -895,7 +908,6 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 			}
 		}
 	}
-
 	return nil
 }

--- a/pkg/ingress/kube/ingressv1/controller.go
+++ b/pkg/ingress/kube/ingressv1/controller.go
@@ -848,20 +848,9 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 	}

 	if ingressV1.DefaultBackend != nil {
-		serviceKey, err := c.createServiceKey(ingressV1.DefaultBackend.Service, cfg.Namespace)
+		err := c.storeBackendTrafficPolicy(wrapper, ingressV1.DefaultBackend, convertOptions.Service2TrafficPolicy)
 		if err != nil {
-			IngressLog.Errorf("ignore default service %s within ingress %s/%s", serviceKey.Name, cfg.Namespace, cfg.Name)
-		} else {
-			if _, exist := convertOptions.Service2TrafficPolicy[serviceKey]; !exist {
-				convertOptions.Service2TrafficPolicy[serviceKey] = &common.WrapperTrafficPolicy{
-					TrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
-						Port: &networking.PortSelector{
-							Number: uint32(serviceKey.Port),
-						},
-					},
-					WrapperConfig: wrapper,
-				}
-			}
+			IngressLog.Errorf("ignore default service within ingress %s/%s, since error:%v", cfg.Namespace, cfg.Name, err)
 		}
 	}

@@ -871,22 +860,46 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 		}

 		for _, httpPath := range rule.HTTP.Paths {
-			if httpPath.Backend.Service == nil {
-				continue
-			}
-
-			serviceKey, err := c.createServiceKey(httpPath.Backend.Service, cfg.Namespace)
+			err := c.storeBackendTrafficPolicy(wrapper, &httpPath.Backend, convertOptions.Service2TrafficPolicy)
 			if err != nil {
-				IngressLog.Errorf("ignore service %s within ingress %s/%s", serviceKey.Name, cfg.Namespace, cfg.Name)
-				continue
+				IngressLog.Errorf("ignore service within ingress %s/%s, since error:%v", cfg.Namespace, cfg.Name, err)
 			}
+		}
+	}

-			if _, exist := convertOptions.Service2TrafficPolicy[serviceKey]; exist {
-				continue
+	return nil
+}
+
+func (c *controller) storeBackendTrafficPolicy(wrapper *common.WrapperConfig, backend *ingress.IngressBackend, store map[common.ServiceKey]*common.WrapperTrafficPolicy) error {
+	if backend == nil {
+		return errors.New("invalid empty backend")
+	}
+	if common.ValidateBackendResource(backend.Resource) && wrapper.AnnotationsConfig.Destination != nil {
+		for _, dest := range wrapper.AnnotationsConfig.Destination.McpDestination {
+			serviceKey := common.ServiceKey{
+				Namespace:   "mcp",
+				Name:        dest.Destination.Host,
+				ServiceFQDN: dest.Destination.Host,
 			}
+			if _, exist := store[serviceKey]; !exist {
+				store[serviceKey] = &common.WrapperTrafficPolicy{
+					TrafficPolicy: &networking.TrafficPolicy{},
+					WrapperConfig: wrapper,
+				}
+			}
+		}
+	} else {
+		if backend.Service == nil {
+			return nil
+		}
+		serviceKey, err := c.createServiceKey(backend.Service, wrapper.Config.Namespace)
+		if err != nil {
+			return fmt.Errorf("ignore service %s within ingress %s/%s", serviceKey.Name, wrapper.Config.Namespace, wrapper.Config.Name)
+		}

-			convertOptions.Service2TrafficPolicy[serviceKey] = &common.WrapperTrafficPolicy{
-				TrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
+		if _, exist := store[serviceKey]; !exist {
+			store[serviceKey] = &common.WrapperTrafficPolicy{
+				PortTrafficPolicy: &networking.TrafficPolicy_PortTrafficPolicy{
 					Port: &networking.PortSelector{
 						Number: uint32(serviceKey.Port),
 					},
@@ -895,7 +908,6 @@ func (c *controller) ConvertTrafficPolicy(convertOptions *common.ConvertOptions,
 			}
 		}
 	}
-
 	return nil
 }
Author	SHA1	Message	Date
Kent Dong	4f16d6b70f	feat: Support installing higress to a K8s cluster with kernel version < 4.11 (#301 )	2023-04-24 15:29:39 +08:00
Tom Kerkhove	8c41dbc376	fix: Bug issue template is broken (#292 )	2023-04-12 21:03:43 +08:00
Tom Kerkhove	e98788a75c	chore: Introduce issue chooser for better issue reporting (#294 )	2023-04-12 21:03:22 +08:00
Tom Kerkhove	3b5850a5ba	docs: Move Console details after core features in README (#291 )	2023-04-12 21:02:39 +08:00
澄潭	df60dd4307	add intro gif (#283 )	2023-04-10 17:12:08 +08:00
澄潭	283432b6eb	Fix destination rule issues (#282 )	2023-04-10 13:41:43 +08:00
澄潭	a9742bbae1	Update README.md	2023-04-10 11:53:28 +08:00