From cc37d9e4e56befcaf8cf7563631f50ba46167641 Mon Sep 17 00:00:00 2001 From: chuntaojun Date: Sat, 6 Jan 2024 23:21:02 +0800 Subject: [PATCH] fix:polaris-sidecar linsten unix socket file share to envoy --- .../helm/templates/_params.tpl | 32 ++----------------- .../templates/controller-clusterrole.yaml | 2 +- .../controller-configmap-sidecar.yaml | 17 ++++++++-- .../kubernetes_v1.21/kubernetes/injector.yaml | 12 ++++--- deploy/kubernetes_v1.21/kubernetes/rbac.yaml | 3 +- .../templates/controller-clusterrole.yaml | 2 +- .../controller-configmap-sidecar.yaml | 8 +++++ .../kubernetes_v1.22/kubernetes/injector.yaml | 8 +++++ deploy/kubernetes_v1.22/kubernetes/rbac.yaml | 2 +- .../bootstrap_template.yaml | 2 +- .../bootstrap_template_odcds.yaml | 2 +- .../bootstrap_template_tls.yaml | 4 +-- .../bootstrap_template_tls_odcds.yaml | 4 +-- 13 files changed, 51 insertions(+), 47 deletions(-) diff --git a/deploy/kubernetes_v1.21/helm/templates/_params.tpl b/deploy/kubernetes_v1.21/helm/templates/_params.tpl index e93dd7d9..e783f52f 100644 --- a/deploy/kubernetes_v1.21/helm/templates/_params.tpl +++ b/deploy/kubernetes_v1.21/helm/templates/_params.tpl @@ -24,41 +24,15 @@ data: Define the volume mounts for the sidecar container. */}} {{- define "configmap-sidecar.polaris_volume_mounts" -}} -- name: sds - mountPath: /var/run/polaris/mtls +- mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket {{ "{{" }} if ne ( index .ObjectMeta.Annotations `polarismesh.cn/tls-mode`) "none" {{ "}}" }} - name: root-ca mountPath: /etc/polaris-sidecar/certs {{ "{{" }} end {{ "}}" }} {{- end -}} -{{/* -Define the volume for the bootstrap init container. -*/}} -{{- define "configmap-sidecar.bootstrap_volume" -}} -- name: sds - emptyDir: {} -{{ "{{" }} if ne ( index .ObjectMeta.Annotations `polarismesh.cn/tls-mode`) "none"{{ "}}" }} -- name: root-ca - secret: - secretName: polaris-sidecar-secret - items: - - key: root-cert - path: rootca.pem -{{ "{{" }} end {{ "}}" }} -- name: polaris-client-config - emptyDir: {} -- name: envoy-bootstrap - emptyDir: {} -- name: envoy-logs - emptyDir: {} -- name: polaris-dir - emptyDir: {} -- name: polaris-log - emptyDir: {} -{{- end -}} - - {{/* Define the cmd envs for the bootstrap init container. */}} diff --git a/deploy/kubernetes_v1.21/helm/templates/controller-clusterrole.yaml b/deploy/kubernetes_v1.21/helm/templates/controller-clusterrole.yaml index 92bc5939..fa854ba4 100644 --- a/deploy/kubernetes_v1.21/helm/templates/controller-clusterrole.yaml +++ b/deploy/kubernetes_v1.21/helm/templates/controller-clusterrole.yaml @@ -9,7 +9,6 @@ rules: - services - namespaces - pods - - endpoints verbs: - get - list @@ -19,6 +18,7 @@ rules: resources: - events - configmaps + - endpoints verbs: - create - update diff --git a/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml b/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml index 4ace83ce..814d94e7 100644 --- a/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml +++ b/deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml @@ -114,8 +114,9 @@ data: - mountPath: /etc/envoy_logs name: envoy-logs readOnly: false - - name: sds - mountPath: /var/run/polaris/mtls + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket - image: {{ include "polaris-controller.sidecar.image" . }} name: polaris-sidecar securityContext: @@ -130,7 +131,15 @@ data: cpu: 100m memory: 50Mi volumeMounts: - {{ include "configmap-sidecar.polaris_volume_mounts" . | nindent 10 }} + - mountPath: /root/polaris + defaultMode: 777 + name: polaris-dir + - mountPath: /root/log + defaultMode: 777 + name: polaris-log + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket initContainers: - name: polaris-bootstrap-writer image: {{ include "polaris-controller.sidecar.envoy_init.image" . }} @@ -182,4 +191,6 @@ data: - name: polaris-dir emptyDir: {} - name: polaris-log + emptyDir: {} + - name: polaris-socket emptyDir: {} \ No newline at end of file diff --git a/deploy/kubernetes_v1.21/kubernetes/injector.yaml b/deploy/kubernetes_v1.21/kubernetes/injector.yaml index fc24eda3..2eb4837b 100644 --- a/deploy/kubernetes_v1.21/kubernetes/injector.yaml +++ b/deploy/kubernetes_v1.21/kubernetes/injector.yaml @@ -157,8 +157,9 @@ data: - mountPath: /etc/envoy_logs name: envoy-logs readOnly: false - - name: sds - mountPath: /var/run/polaris/mtls + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket - image: polarismesh/polaris-sidecar:#SIDECAR_VERSION# name: polaris-sidecar securityContext: @@ -173,8 +174,9 @@ data: cpu: 100m memory: 50Mi volumeMounts: - - name: sds - mountPath: /var/run/polaris/mtls + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket {{ if ( openTlsMode .ObjectMeta.Annotations `polarismesh.cn/tls-mode` ) }} - name: root-ca mountPath: /etc/polaris-sidecar/certs @@ -268,6 +270,8 @@ data: emptyDir: {} - name: polaris-log emptyDir: {} + - name: polaris-socket + emptyDir: {} --- apiVersion: v1 kind: Service diff --git a/deploy/kubernetes_v1.21/kubernetes/rbac.yaml b/deploy/kubernetes_v1.21/kubernetes/rbac.yaml index c9c8a9f5..30353200 100644 --- a/deploy/kubernetes_v1.21/kubernetes/rbac.yaml +++ b/deploy/kubernetes_v1.21/kubernetes/rbac.yaml @@ -15,9 +15,7 @@ rules: resources: - services - namespaces - - configmaps - pods - - endpoints verbs: - get - list @@ -27,6 +25,7 @@ rules: resources: - events - configmaps + - endpoints verbs: - create - update diff --git a/deploy/kubernetes_v1.22/helm/templates/controller-clusterrole.yaml b/deploy/kubernetes_v1.22/helm/templates/controller-clusterrole.yaml index 6c59f215..849511fa 100644 --- a/deploy/kubernetes_v1.22/helm/templates/controller-clusterrole.yaml +++ b/deploy/kubernetes_v1.22/helm/templates/controller-clusterrole.yaml @@ -9,7 +9,6 @@ rules: - services - namespaces - pods - - endpoints verbs: - get - list @@ -19,6 +18,7 @@ rules: resources: - events - configmaps + - endpoints verbs: - create - update diff --git a/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml b/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml index d240172a..814d94e7 100644 --- a/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml +++ b/deploy/kubernetes_v1.22/helm/templates/controller-configmap-sidecar.yaml @@ -114,6 +114,9 @@ data: - mountPath: /etc/envoy_logs name: envoy-logs readOnly: false + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket - image: {{ include "polaris-controller.sidecar.image" . }} name: polaris-sidecar securityContext: @@ -134,6 +137,9 @@ data: - mountPath: /root/log defaultMode: 777 name: polaris-log + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket initContainers: - name: polaris-bootstrap-writer image: {{ include "polaris-controller.sidecar.envoy_init.image" . }} @@ -185,4 +191,6 @@ data: - name: polaris-dir emptyDir: {} - name: polaris-log + emptyDir: {} + - name: polaris-socket emptyDir: {} \ No newline at end of file diff --git a/deploy/kubernetes_v1.22/kubernetes/injector.yaml b/deploy/kubernetes_v1.22/kubernetes/injector.yaml index e5af04b5..1a5a8ae2 100644 --- a/deploy/kubernetes_v1.22/kubernetes/injector.yaml +++ b/deploy/kubernetes_v1.22/kubernetes/injector.yaml @@ -142,6 +142,9 @@ data: - mountPath: /etc/envoy_logs name: envoy-logs readOnly: false + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket - image: polarismesh/polaris-sidecar:#SIDECAR_VERSION# name: polaris-sidecar securityContext: @@ -162,6 +165,9 @@ data: - mountPath: /root/log defaultMode: 777 name: polaris-log + - mountPath: /tmp/polaris-sidecar + defaultMode: 777 + name: polaris-socket initContainers: - name: polaris-bootstrap-writer image: polarismesh/polaris-envoy-bootstrap-generator:#CONTROLLER_VERSION# @@ -241,3 +247,5 @@ data: emptyDir: {} - name: polaris-log emptyDir: {} + - name: polaris-socket + emptyDir: {} diff --git a/deploy/kubernetes_v1.22/kubernetes/rbac.yaml b/deploy/kubernetes_v1.22/kubernetes/rbac.yaml index 6c66f73f..dc4cb819 100644 --- a/deploy/kubernetes_v1.22/kubernetes/rbac.yaml +++ b/deploy/kubernetes_v1.22/kubernetes/rbac.yaml @@ -16,7 +16,6 @@ rules: - services - namespaces - pods - - endpoints verbs: - get - list @@ -26,6 +25,7 @@ rules: resources: - events - configmaps + - endpoints verbs: - create - update diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml index 1e56f88a..4a1c6beb 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml @@ -49,7 +49,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/ratelimit/rls.sock + path: /tmp/polaris-sidecar/ratelimit/rls.sock dynamic_resources: lds_config: api_config_source: diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_odcds.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_odcds.yaml index 7b8a5b73..cbbe9f47 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_odcds.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_odcds.yaml @@ -49,7 +49,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/ratelimit/rls.sock + path: /tmp/polaris-sidecar/ratelimit/rls.sock dynamic_resources: lds_config: api_config_source: diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml index fb5c6e08..9b13a0c4 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml @@ -34,7 +34,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/mtls/sds.sock + path: /tmp/polaris-sidecar/mtls/sds.sock - name: polaris_xds_server connect_timeout: 5s typed_extension_protocol_options: @@ -65,7 +65,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/ratelimit/rls.sock + path: /tmp/polaris-sidecar/ratelimit/rls.sock dynamic_resources: lds_config: api_config_source: diff --git a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls_odcds.yaml b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls_odcds.yaml index eb86cb9e..700e18d0 100644 --- a/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls_odcds.yaml +++ b/sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls_odcds.yaml @@ -34,7 +34,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/mtls/sds.sock + path: /tmp/polaris-sidecar/mtls/sds.sock - name: polaris_xds_server connect_timeout: 5s typed_extension_protocol_options: @@ -65,7 +65,7 @@ static_resources: - endpoint: address: pipe: - path: /var/run/polaris/ratelimit/rls.sock + path: /tmp/polaris-sidecar/ratelimit/rls.sock dynamic_resources: lds_config: api_config_source: