From 6f17b8e869cce45d44f8f0738c9357eb5c5a2029 Mon Sep 17 00:00:00 2001 From: liaochuntao Date: Sat, 6 Jan 2024 23:26:29 +0800 Subject: [PATCH] fix:unix socket listen (#73) --- bootstrap/config/config.go | 2 +- envoy/rls/config.go | 12 +++++++++--- envoy/rls/server.go | 10 +++++++++- polaris-sidecar.yaml | 1 + security/mtls/agent/agent.go | 8 ++++++++ security/mtls/agent/option.go | 2 +- 6 files changed, 29 insertions(+), 6 deletions(-) diff --git a/bootstrap/config/config.go b/bootstrap/config/config.go index a110d37..9622eb6 100644 --- a/bootstrap/config/config.go +++ b/bootstrap/config/config.go @@ -231,7 +231,7 @@ func (s *SidecarConfig) mergeEnv() { s.PolarisConfig.Adddresses = getEnvStringsValue(EnvPolarisAddress, s.PolarisConfig.Adddresses) s.MTLS.Enable = getEnvBoolValue(EnvSidecarMtlsEnable, s.MTLS.Enable) s.MTLS.CAServer = getEnvStringValue(EnvSidecarMtlsCAServer, s.MTLS.CAServer) - s.RateLimit.Enable = getEnvBoolValue(EnvSidecarRLSEnable, s.MTLS.Enable) + s.RateLimit.Enable = getEnvBoolValue(EnvSidecarRLSEnable, s.RateLimit.Enable) s.Recurse.Enable = getEnvBoolValue(EnvSidecarRecurseEnable, s.Recurse.Enable) s.Recurse.TimeoutSec = getEnvIntValue(EnvSidecarRecurseTimeout, s.Recurse.TimeoutSec) s.Logger.RotateOutputPath = getEnvStringValue(EnvSidecarLogRotateOutputPath, s.Logger.RotateOutputPath) diff --git a/envoy/rls/config.go b/envoy/rls/config.go index f887473..d0021b8 100644 --- a/envoy/rls/config.go +++ b/envoy/rls/config.go @@ -19,13 +19,19 @@ package rls type Config struct { Enable bool `yaml:"enable"` - Network string `yaml:"-"` - Address string `yaml"-"` + Network string `yaml:"network"` + Address string `yaml:"address"` BindPort uint32 `yaml:"port"` TLSInfo *TLSInfo `yaml:"tls_info"` } -const DefaultRLSAddress = "/var/run/polaris/ratelimit/rls.sock" +func (c *Config) init() { + if c.Network == "unix" && c.Address == "" { + c.Address = DefaultRLSAddress + } +} + +const DefaultRLSAddress = "/tmp/polaris-sidecar/ratelimit/rls.sock" // TLSInfo tls 配置信息 type TLSInfo struct { diff --git a/envoy/rls/server.go b/envoy/rls/server.go index 74403c7..5a693ec 100644 --- a/envoy/rls/server.go +++ b/envoy/rls/server.go @@ -20,6 +20,8 @@ package rls import ( "context" "net" + "os" + "path/filepath" "strings" v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3" @@ -34,6 +36,7 @@ import ( ) func New(namespace string, conf *Config) (*RateLimitServer, error) { + conf.init() return &RateLimitServer{ namespace: namespace, conf: conf, @@ -49,6 +52,11 @@ type RateLimitServer struct { } func (svr *RateLimitServer) Run(ctx context.Context) error { + if svr.conf.Network == "unix" { + if err := os.MkdirAll(filepath.Dir(svr.conf.Address), os.ModePerm); err != nil { + return err + } + } ln, err := net.Listen(svr.conf.Network, svr.conf.Address) if err != nil { return err @@ -150,6 +158,6 @@ func (svr *RateLimitServer) buildQuotaRequest(domain string, acquireQuota uint32 req.SetNamespace(svr.namespace) req.SetService(domain) req.SetToken(acquireQuota) - + log.Info("[envoy-rls] build polaris quota request", zap.Any("param", req)) return req, nil } diff --git a/polaris-sidecar.yaml b/polaris-sidecar.yaml index 43928fd..18c8a2b 100644 --- a/polaris-sidecar.yaml +++ b/polaris-sidecar.yaml @@ -39,6 +39,7 @@ metrics: type: pull metricPort: 0 ratelimit: + enable: true network: unix resolvers: - name: dnsagent diff --git a/security/mtls/agent/agent.go b/security/mtls/agent/agent.go index 3c827e1..542641a 100644 --- a/security/mtls/agent/agent.go +++ b/security/mtls/agent/agent.go @@ -3,6 +3,8 @@ package agent import ( "context" "net" + "os" + "path/filepath" "google.golang.org/grpc" @@ -35,6 +37,12 @@ func New(opt Option) (*Agent, error) { a.rotator = rotator.New(opt.RotatePeriod, opt.FailedRetryDelay) a.sds = sds.New(opt.CryptombPollDelay) + if opt.Network == "unix" { + if err := os.MkdirAll(filepath.Dir(opt.Address), os.ModePerm); err != nil { + return nil, err + } + } + cli, err := caclient.NewWithRootCA(opt.CAServer, caclient.ServiceAccountToken(), defaultCAPath) if err != nil { return nil, err diff --git a/security/mtls/agent/option.go b/security/mtls/agent/option.go index d12885c..47eeb02 100644 --- a/security/mtls/agent/option.go +++ b/security/mtls/agent/option.go @@ -69,7 +69,7 @@ func EnvDefaultInt(name string, val int, def int) int { return def } -const DefaultSDSAddress = "/var/run/polaris/mtls/sds.sock" +const DefaultSDSAddress = "/tmp/polaris-sidecar/mtls/sds.sock" // init options with enviroment variables func (opt *Option) init() error {