Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optimized sidecar's config.json #341

Merged
merged 8 commits into from
Sep 16, 2024
Merged

optimized sidecar's config.json #341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9b00ed5
add isolation policy.
cybwan Sep 10, 2024
006384c
optimized sidecar's config.json.
cybwan Sep 13, 2024
e5c4087
optimized sidecar's config.json.
cybwan Sep 14, 2024
15849e3
optimized sidecar's config.json.
cybwan Sep 14, 2024
1b324cd
optimized sidecar's config.json.
cybwan Sep 14, 2024
d4122de
fix dns proxy issue.
cybwan Sep 15, 2024
683b81a
fix dns proxy issue.
cybwan Sep 15, 2024
60187a6
optimized sidecar's config.json.
cybwan Sep 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions charts/fsm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ The following table lists the configurable parameters of the fsm chart and their
| fsm.injector.resource | object | `{"limits":{"cpu":"1","memory":"512M"},"requests":{"cpu":"0.5","memory":"128M"}}` | Sidecar injector's container resource parameters |
| fsm.injector.tolerations | list | `[]` | Node tolerations applied to control plane pods. The specified tolerations allow pods to schedule onto nodes with matching taints. |
| fsm.injector.webhookTimeoutSeconds | int | `20` | Mutating webhook timeout |
| fsm.localDNSProxy | object | `{"enable":false,"searchesWithNamespace":true,"searchesWithTrustDomain":true,"wildcard":{"enable":false,"ipv4":["127.0.0.2"]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
| fsm.localDNSProxy | object | `{"enable":false,"generateIPv6BasedOnIPv4":false,"searchesWithNamespace":true,"searchesWithTrustDomain":true,"wildcard":{"enable":false,"ips":[{"ipv4":"127.0.0.2"}]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
| fsm.localProxyMode | string | `"Localhost"` | Proxy mode for the proxy sidecar. Acceptable values are ['Localhost', 'PodIP'] |
| fsm.maxDataPlaneConnections | int | `0` | Sets the max data plane connections allowed for an instance of fsm-controller, set to 0 to not enforce limits |
| fsm.meshName | string | `"fsm"` | Identifier for the instance of a service mesh within a cluster |
Expand Down Expand Up @@ -445,11 +445,11 @@ The following table lists the configurable parameters of the fsm chart and their
| fsm.remoteLogging.port | int | `30514` | Port of the remote logging service |
| fsm.remoteLogging.sampledFraction | string | `"1.0"` | Sampled Fraction |
| fsm.remoteLogging.secretName | string | `"fsm-remote-logging-secret"` | Secret Name |
| fsm.repoServer | object | `{"codebase":"","image":{"name":"pipy-repo","registry":"flomesh","tag":"1.2.0"},"ipaddr":"127.0.0.1","port":6060,"standalone":false}` | Pipy RepoServer |
| fsm.repoServer | object | `{"codebase":"","image":{"name":"pipy-repo","registry":"flomesh","tag":"1.4.1"},"ipaddr":"127.0.0.1","port":6060,"standalone":false}` | Pipy RepoServer |
| fsm.repoServer.codebase | string | `""` | codebase is the folder used by fsmController. |
| fsm.repoServer.image.name | string | `"pipy-repo"` | Repo server image name |
| fsm.repoServer.image.registry | string | `"flomesh"` | Registry for repo server image |
| fsm.repoServer.image.tag | string | `"1.2.0"` | Repo server image tag |
| fsm.repoServer.image.tag | string | `"1.4.1"` | Repo server image tag |
| fsm.repoServer.ipaddr | string | `"127.0.0.1"` | ipaddr of host/service where Pipy RepoServer is installed |
| fsm.repoServer.port | int | `6060` | port of pipy RepoServer |
| fsm.repoServer.standalone | bool | `false` | if false , Pipy RepoServer is installed within fsmController pod. |
Expand All @@ -458,10 +458,10 @@ The following table lists the configurable parameters of the fsm chart and their
| fsm.serviceLB.image.name | string | `"mirrored-klipper-lb"` | service-lb image name |
| fsm.serviceLB.image.registry | string | `"flomesh"` | Registry for service-lb image |
| fsm.serviceLB.image.tag | string | `"v0.4.7"` | service-lb image tag |
| fsm.sidecar | object | `{"image":{"name":"pipy","registry":"flomesh","tag":"1.2.0"},"sidecarDisabledMTLS":false,"sidecarLogLevel":"error","sidecarTimeout":60}` | Sidecar supported by fsm |
| fsm.sidecar | object | `{"image":{"name":"pipy","registry":"flomesh","tag":"1.4.1"},"sidecarDisabledMTLS":false,"sidecarLogLevel":"error","sidecarTimeout":60}` | Sidecar supported by fsm |
| fsm.sidecar.image.name | string | `"pipy"` | Sidecar image name |
| fsm.sidecar.image.registry | string | `"flomesh"` | Registry for sidecar image |
| fsm.sidecar.image.tag | string | `"1.2.0"` | Sidecar image tag |
| fsm.sidecar.image.tag | string | `"1.4.1"` | Sidecar image tag |
| fsm.sidecar.sidecarDisabledMTLS | bool | `false` | Sidecar runs without mTLS |
| fsm.sidecar.sidecarLogLevel | string | `"error"` | Log level for the proxy sidecar. Non developers should generally never set this value. In production environments the LogLevel should be set to `error` |
| fsm.sidecar.sidecarTimeout | int | `60` | Sets connect/idle/read/write timeout |
Expand Down
2 changes: 1 addition & 1 deletion charts/fsm/templates/fsm-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ rules:

# FSM's custom policy API
- apiGroups: ["policy.flomesh.io"]
resources: ["egresses", "egressgateways", "ingressbackends", "accesscontrols", "accesscerts", "retries", "upstreamtrafficsettings"]
resources: ["egresses", "egressgateways", "ingressbackends", "accesscontrols", "accesscerts", "isolations", "retries", "upstreamtrafficsettings"]
verbs: ["list", "get", "watch"]
- apiGroups: ["policy.flomesh.io"]
resources: ["ingressbackends/status", "accesscontrols/status", "accesscerts/status", "upstreamtrafficsettings/status"]
Expand Down
63 changes: 49 additions & 14 deletions charts/fsm/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1238,14 +1238,20 @@
"title": "Secondary upstream DNS server for local DNS Proxy",
"description": "Secondary upstream DNS server for local DNS Proxy"
},
"generateIPv6BasedOnIPv4": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/generateIPv6BasedOnIPv4",
"type": "boolean",
"title": "Auto generate IPv6 based on IPv4",
"description": "Auto generate IPv6 based on IPv4"
},
"wildcard": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard",
"type": "object",
"title": "The wildcard schema for local DNS Proxy",
"description": "The wildcard schema for local DNS Proxy",
"required": [
"enable",
"ipv4"
"ips"
],
"properties": {
"enable": {
Expand All @@ -1254,14 +1260,28 @@
"title": "The enable schema for wildcard",
"description": "Indicates whether wildcard is enabled or not"
},
"ipv4": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/ipv4",
"ips": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/ips",
"type": "array",
"title": "The ipv4 schema for wildcard",
"pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$",
"title": "The ips schema for wildcard",
"items": {
"type": "string",
"pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$"
"type": "object",
"required": [
"ipv4"
],
"properties": {
"ipv4": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/ips/properties/ipv4",
"type": "string",
"title": "ipv4",
"pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$"
},
"ipv6": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/ips/properties/ipv6",
"type": "string",
"title": "ipv6"
}
}
}
}
}
Expand All @@ -1275,22 +1295,37 @@
"type": "object",
"required": [
"dn",
"ipv4"
"ips"
],
"properties": {
"dn": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/db/properties/dn",
"$id": "#/properties/fsm/properties/localDNSProxy/properties/db/properties/db/properties/dn",
"type": "string",
"title": "The dn schema for wildcard",
"description": "FQDN"
},
"ipv4": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/wildcard/properties/db/properties/ipv4",
"ips": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/db/properties/ips",
"type": "array",
"title": "ipv4",
"title": "The ips schema for wildcard",
"items": {
"type": "string",
"pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$"
"type": "object",
"required": [
"ipv4"
],
"properties": {
"ipv4": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/db/properties/ips/properties/ipv4",
"type": "string",
"title": "ipv4",
"pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})$"
},
"ipv6": {
"$id": "#/properties/fsm/properties/localDNSProxy/properties/db/properties/ips/properties/ipv6",
"type": "string",
"title": "ipv6"
}
}
}
}
}
Expand Down
9 changes: 5 additions & 4 deletions charts/fsm/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ fsm:
# -- Sidecar image name
name: pipy
# -- Sidecar image tag
tag: 1.2.0
tag: 1.4.1
# -- Sidecar runs without mTLS
sidecarDisabledMTLS: false
# -- Log level for the proxy sidecar. Non developers should generally never set this value. In production environments the LogLevel should be set to `error`
Expand All @@ -92,7 +92,7 @@ fsm:
# -- Repo server image name
name: pipy-repo
# -- Repo server image tag
tag: 1.2.0
tag: 1.4.1
# -- if false , Pipy RepoServer is installed within fsmController pod.
standalone: false
# -- ipaddr of host/service where Pipy RepoServer is installed
Expand Down Expand Up @@ -507,10 +507,11 @@ fsm:
enable: false
searchesWithNamespace: true
searchesWithTrustDomain: true
generateIPv6BasedOnIPv4: false
wildcard:
enable: false
ipv4:
- 127.0.0.2
ips:
- ipv4: 127.0.0.2
# -- Sets the max data plane connections allowed for an instance of fsm-controller, set to 0 to not enforce limits
maxDataPlaneConnections: 0

Expand Down
46 changes: 37 additions & 9 deletions cmd/fsm-bootstrap/crds/config.flomesh.io_meshconfigs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2161,21 +2161,36 @@ spec:
dn:
description: DN defines resolve DN.
type: string
ipv4:
description: IPv4 defines a ipv4 address for resolve
DN.
ips:
description: IPs defines ip addresses for resolve DN.
items:
type: string
description: ResolveAddr is the type to represent
FSM's Resolve Addr configuration.
properties:
ipv4:
description: IPv4 defines a ipv4 address for resolve
DN.
type: string
ipv6:
description: IPv6 defines a ipv6 address for resolve
DN.
type: string
required:
- ipv4
type: object
type: array
required:
- dn
- ipv4
- ips
type: object
type: array
enable:
description: Enable defines a boolean indicating if the sidecars
are enabled for local DNS Proxy.
type: boolean
generateIPv6BasedOnIPv4:
default: false
type: boolean
primaryUpstreamDNSServerIPAddr:
description: PrimaryUpstreamDNSServerIPAddr defines a primary
upstream DNS server for local DNS Proxy.
Expand All @@ -2191,14 +2206,27 @@ spec:
description: Enable defines a boolean indicating if wildcard
are enabled for local DNS Proxy.
type: boolean
ipv4:
description: IPv4 defines a ipv4 address for wildcard
DN.
ips:
description: IPs defines ip addresses for resolve DN.
items:
type: string
description: ResolveAddr is the type to represent FSM's
Resolve Addr configuration.
properties:
ipv4:
description: IPv4 defines a ipv4 address for resolve
DN.
type: string
ipv6:
description: IPv6 defines a ipv6 address for resolve
DN.
type: string
required:
- ipv4
type: object
type: array
required:
- enable
- ips
type: object
required:
- enable
Expand Down
71 changes: 71 additions & 0 deletions cmd/fsm-bootstrap/crds/policy.flomesh.io_isolations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
labels:
app.kubernetes.io/name: flomesh.io
name: isolations.policy.flomesh.io
spec:
group: policy.flomesh.io
names:
kind: Isolation
listKind: IsolationList
plural: isolations
shortNames:
- iso
singular: isolation
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Isolation is the type used to represent an isolation policy.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec is the Isolation specification
properties:
cidrs:
description: |-
cidr is a string representing the IP Isolation
Valid examples are "192.168.1.0/24"
items:
type: string
minItems: 1
type: array
required:
- cidrs
type: object
status:
description: Status is the status of the Isolation configuration.
properties:
currentStatus:
description: CurrentStatus defines the current status of an Isolation
resource.
type: string
reason:
description: Reason defines the reason for the current status of an
Isolation resource.
type: string
type: object
type: object
served: true
storage: true
9 changes: 9 additions & 0 deletions pkg/announcements/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,15 @@ const (
// GlobalTrafficPolicyUpdated is the type of announcement emitted when we observe an update to serviceimports.flomesh.io
GlobalTrafficPolicyUpdated Kind = "globaltrafficpolicy-updated"

// IsolationPolicyAdded is the type of announcement emitted when we observe an addition of isolations.policy.flomesh.io
IsolationPolicyAdded Kind = "isolation-added"

// IsolationPolicyDeleted the type of announcement emitted when we observe a deletion of isolations.policy.flomesh.io
IsolationPolicyDeleted Kind = "isolation-deleted"

// IsolationPolicyUpdated is the type of announcement emitted when we observe an update to isolations.policy.flomesh.io
IsolationPolicyUpdated Kind = "isolation-updated"

// RetryPolicyAdded is the type of announcement emitted when we observe an addition of retries.policy.flomesh.io
RetryPolicyAdded Kind = "retry-added"

Expand Down
21 changes: 17 additions & 4 deletions pkg/apis/config/v1alpha3/mesh_config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,22 +87,31 @@ const (
LocalProxyModePodIP LocalProxyMode = "PodIP"
)

// ResolveAddr is the type to represent FSM's Resolve Addr configuration.
type ResolveAddr struct {
// IPv4 defines a ipv4 address for resolve DN.
IPv4 string `json:"ipv4"`

// IPv6 defines a ipv6 address for resolve DN.
IPv6 string `json:"ipv6,omitempty"`
}

// WildcardDN is the type to represent FSM's Wildcard DN configuration.
type WildcardDN struct {
// Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy.
Enable bool `json:"enable"`

// IPv4 defines a ipv4 address for wildcard DN.
IPv4 []string `json:"ipv4,omitempty"`
// IPs defines ip addresses for resolve DN.
IPs []ResolveAddr `json:"ips"`
}

// ResolveDN is the type to represent FSM's Resolve DN configuration.
type ResolveDN struct {
// DN defines resolve DN.
DN string `json:"dn"`

// IPv4 defines a ipv4 address for resolve DN.
IPv4 []string `json:"ipv4"`
// IPs defines ip addresses for resolve DN.
IPs []ResolveAddr `json:"ips"`
}

// LocalDNSProxy is the type to represent FSM's local DNS proxy configuration.
Expand All @@ -118,6 +127,10 @@ type LocalDNSProxy struct {
// +optional
SecondaryUpstreamDNSServerIPAddr string `json:"secondaryUpstreamDNSServerIPAddr,omitempty"`

// +kubebuilder:default=false
// +optional
GenerateIPv6BasedOnIPv4 bool `json:"generateIPv6BasedOnIPv4,omitempty"`

// Wildcard defines Wildcard DN.
Wildcard WildcardDN `json:"wildcard"`

Expand Down
Loading
Loading