├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── documentation.md │ ├── feature_request.md │ └── q-a.md ├── pull_request_template.md └── workflows │ ├── codeql.yml │ ├── docker.yml │ ├── golangci-lint.yml │ ├── license-checker.yml │ ├── release.yml │ └── testing.yml ├── .gitignore ├── .golangci.yml ├── .licenserc.yaml ├── Makefile ├── README-zh.md ├── README.md ├── build.sh ├── cmd └── polaris-controller │ ├── app │ ├── client_builder.go │ ├── config.go │ ├── informer_factory.go │ ├── options │ │ ├── config.go │ │ ├── debugging.go │ │ ├── generic.go │ │ ├── leaderelection.go │ │ ├── options.go │ │ ├── polaris.go │ │ └── serve.go │ └── polaris-controller-manager.go │ └── main.go ├── common ├── common.go └── log │ ├── config.go │ ├── default.go │ ├── logger.go │ ├── options.go │ ├── scope.go │ └── type.go ├── deploy ├── README-zh.md ├── README.md ├── init_helm.sh ├── kubernetes_v1.21 │ ├── helm │ │ ├── .helmignore │ │ ├── CHANGELOG.md │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── secrets │ │ │ ├── ca-cert.pem │ │ │ ├── cert.pem │ │ │ └── key.pem │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── _params.tpl │ │ │ ├── admission-webhooks │ │ │ │ └── mutating-webhook.yaml │ │ │ ├── controller-clusterrole.yaml │ │ │ ├── controller-clusterrolebinding.yaml │ │ │ ├── controller-configmap-client.yaml │ │ │ ├── controller-configmap-javaagent.yaml │ │ │ ├── controller-configmap-mesh.yaml │ │ │ ├── controller-configmap-sidecar.yaml │ │ │ ├── controller-poddisruptionbudget.yaml │ │ │ ├── controller-secret-certs.yaml │ │ │ ├── controller-service-injector.yaml │ │ │ ├── controller-service-metrics.yaml │ │ │ ├── controller-serviceaccount.yaml │ │ │ └── controller-statefulset.yaml │ │ └── values.yaml │ └── kubernetes │ │ ├── configmap.yaml │ │ ├── injector.yaml │ │ ├── install.sh │ │ ├── javaagent-configmap.yaml │ │ ├── namespace.yaml │ │ ├── polaris-client-config-tpl.yaml │ │ ├── polaris-controller.yaml │ │ ├── polaris-metrics-svc.yaml │ │ ├── rbac.yaml │ │ └── secrets │ │ ├── ca-cert.pem │ │ ├── cert.pem │ │ └── key.pem ├── kubernetes_v1.22 │ ├── helm │ │ ├── .helmignore │ │ ├── CHANGELOG.md │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── secrets │ │ │ ├── ca-cert.pem │ │ │ ├── cert.pem │ │ │ └── key.pem │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── _params.tpl │ │ │ ├── admission-webhooks │ │ │ │ └── mutating-webhook.yaml │ │ │ ├── controller-clusterrole.yaml │ │ │ ├── controller-clusterrolebinding.yaml │ │ │ ├── controller-configmap-client.yaml │ │ │ ├── controller-configmap-javaagent.yaml │ │ │ ├── controller-configmap-mesh.yaml │ │ │ ├── controller-configmap-sidecar.yaml │ │ │ ├── controller-poddisruptionbudget.yaml │ │ │ ├── controller-secret-certs.yaml │ │ │ ├── controller-service-injector.yaml │ │ │ ├── controller-service-metrics.yaml │ │ │ ├── controller-serviceaccount.yaml │ │ │ └── controller-statefulset.yaml │ │ └── values.yaml │ └── kubernetes │ │ ├── configmap.yaml │ │ ├── injector.yaml │ │ ├── install.sh │ │ ├── javaagent-configmap.yaml │ │ ├── namespace.yaml │ │ ├── polaris-client-config-tpl.yaml │ │ ├── polaris-controller.yaml │ │ ├── polaris-metrics-svc.yaml │ │ ├── rbac.yaml │ │ └── secrets │ │ ├── ca-cert.pem │ │ ├── cert.pem │ │ └── key.pem └── variables.txt ├── docker └── Dockerfile ├── go.mod ├── go.sum ├── import-formater.sh ├── pkg ├── cache │ ├── config_cache.go │ └── service_cache.go ├── controller │ ├── apis.go │ ├── configmap.go │ ├── controller.go │ ├── endpoint.go │ ├── namespace.go │ ├── rsync.go │ ├── service.go │ └── types.go ├── inject │ ├── api │ │ ├── LICENSE │ │ └── annotation │ │ │ └── annotations.gen.go │ └── pkg │ │ ├── LICENSE │ │ ├── config │ │ ├── constants │ │ │ └── constants.go │ │ ├── inject_config.go │ │ ├── mesh │ │ │ └── mesh.go │ │ ├── safe_config.go │ │ └── template_file.go │ │ ├── kube │ │ └── inject │ │ │ ├── apply │ │ │ ├── base │ │ │ │ └── patch.go │ │ │ ├── javaagent │ │ │ │ ├── patch.go │ │ │ │ └── patch_test.go │ │ │ └── mesh │ │ │ │ ├── patch.go │ │ │ │ └── sidecar_env.go │ │ │ ├── base.go │ │ │ ├── base_test.go │ │ │ ├── common.go │ │ │ ├── concurrency.go │ │ │ ├── initializer.go │ │ │ ├── inject.go │ │ │ ├── pod.go │ │ │ ├── pod_patch.go │ │ │ ├── template_funcs.go │ │ │ ├── validate_funcs.go │ │ │ └── webhook.go │ │ └── util │ │ └── protomarshal.go ├── metrics │ └── metrics.go ├── polarisapi │ ├── config_api.go │ ├── constant.go │ ├── error.go │ ├── service_api.go │ └── types.go ├── util │ ├── address │ │ └── address.go │ ├── common.go │ ├── configz │ │ └── configz.go │ ├── controller_utils.go │ ├── feature │ │ └── feature_gate.go │ ├── flag │ │ └── flags.go │ ├── helper.go │ ├── map.go │ ├── scheduler.go │ └── types.go └── version │ ├── base.go │ └── version.go ├── sidecar ├── envoy-bootstrap-config-generator │ ├── Dockerfile │ ├── bootstrap_template.yaml │ ├── bootstrap_template_odcds.yaml │ ├── bootstrap_template_tls.yaml │ ├── bootstrap_template_tls_odcds.yaml │ └── start.sh └── polaris-sidecar-init │ ├── Dockerfile │ └── start.sh └── version /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior. 15 | 16 | **Expected behavior** 17 | A clear and concise description of what you expected to happen. 18 | 19 | **Environment** 20 | - Version: [e.g. v1.0.0] 21 | - OS: [e.g. CentOS8] 22 | 23 | **Additional context** 24 | Add any other context about the problem here. 25 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/documentation.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Documentation 3 | about: Improvements or additions to documentation 4 | title: '' 5 | labels: documentation 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **What is the feature you want to add?** 11 | 12 | **Why do you want to add this feature?** 13 | 14 | **How to implement this feature?** 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/q-a.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Q&A 3 | about: Please tell me your questions 4 | title: '' 5 | labels: question 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | **Please provide issue(s) of this PR:** 2 | Fixes # 3 | 4 | **To help us figure out who should review this PR, please put an X in all the areas that this PR affects.** 5 | 6 | - [ ] Docs 7 | - [ ] Inject Sidecar 8 | - [ ] Installation 9 | - [ ] Performance and Scalability 10 | - [ ] Test and Release 11 | 12 | **Please check any characteristics that apply to this pull request.** 13 | 14 | - [ ] Does not have any user-facing changes. This may include API changes, behavior changes, performance improvements, etc. 15 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ "main" ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ "main" ] 20 | schedule: 21 | - cron: '39 1 * * 4' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} 27 | timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} 28 | permissions: 29 | actions: read 30 | contents: read 31 | security-events: write 32 | 33 | strategy: 34 | fail-fast: false 35 | matrix: 36 | language: [ 'go' ] 37 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] 38 | # Use only 'java' to analyze code written in Java, Kotlin or both 39 | # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both 40 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 41 | 42 | steps: 43 | - name: Checkout repository 44 | uses: actions/checkout@v3 45 | 46 | # Initializes the CodeQL tools for scanning. 47 | - name: Initialize CodeQL 48 | uses: github/codeql-action/init@v2 49 | with: 50 | languages: ${{ matrix.language }} 51 | # If you wish to specify custom queries, you can do so here or in a config file. 52 | # By default, queries listed here will override any specified in a config file. 53 | # Prefix the list here with "+" to use these queries and those in the config file. 54 | 55 | # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 56 | # queries: security-extended,security-and-quality 57 | 58 | 59 | # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). 60 | # If this step fails, then you should remove it and run the build manually (see below) 61 | - name: Autobuild 62 | uses: github/codeql-action/autobuild@v2 63 | 64 | # ℹ️ Command-line programs to run using the OS shell. 65 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 66 | 67 | # If the Autobuild fails above, remove it and uncomment the following three lines. 68 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 69 | 70 | # - run: | 71 | # echo "Run, Build Application using script" 72 | # ./location_of_script_within_repo/buildscript.sh 73 | 74 | - name: Perform CodeQL Analysis 75 | uses: github/codeql-action/analyze@v2 76 | with: 77 | category: "/language:${{matrix.language}}" 78 | -------------------------------------------------------------------------------- /.github/workflows/docker.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | release: 9 | name: Release Polaris Docker Image 10 | runs-on: ubuntu-latest 11 | strategy: 12 | matrix: 13 | goos: [linux] 14 | goarch: [amd64] 15 | steps: 16 | - name: Checkout code 17 | uses: actions/checkout@v2 18 | with: 19 | ref: ${{ github.event.inputs.polaris_tag }} 20 | 21 | - name: Set up Go 22 | uses: actions/setup-go@v2 23 | with: 24 | go-version: "1.21" 25 | 26 | - name: Set up Docker Buildx 27 | uses: docker/setup-buildx-action@v1 28 | with: 29 | config-inline: | 30 | insecure-entitlements = [ "network.host" ] 31 | 32 | - name: Get version 33 | id: get_version 34 | run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} 35 | 36 | - name: Set up Docker Buildx 37 | uses: docker/setup-buildx-action@v1 38 | 39 | - name: Log in to Docker Hub 40 | uses: docker/login-action@v1 41 | with: 42 | username: ${{ secrets.POLARIS_DOCKER_NAME }} 43 | password: ${{ secrets.POLARIS_DOCKER_PASSWORD }} 44 | 45 | - name: Build 46 | id: build 47 | env: 48 | DOCKER_TAG: ${{ steps.get_version.outputs.VERSION }} 49 | run: | 50 | go mod tidy 51 | make all ORG=polarismesh REPO=polaris-controller IMAGE_TAG=${DOCKER_TAG} 52 | -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | name: golangci-lint 17 | on: 18 | push: 19 | branches: 20 | - main 21 | - release* 22 | pull_request: 23 | branches: 24 | - main 25 | - release* 26 | - feature/** 27 | 28 | jobs: 29 | golangci: 30 | strategy: 31 | matrix: 32 | go-version: [ "1.21" ] 33 | name: golangci-lint 34 | runs-on: ubuntu-latest 35 | steps: 36 | - uses: actions/setup-go@v3 37 | - uses: actions/checkout@v3 38 | - name: golangci-lint 39 | uses: golangci/golangci-lint-action@v3.6.0 40 | with: 41 | # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. 42 | version: latest 43 | args: --timeout=30m 44 | -------------------------------------------------------------------------------- /.github/workflows/license-checker.yml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | name: License checker 17 | 18 | on: 19 | push: 20 | branches: 21 | - main 22 | - release* 23 | pull_request: 24 | branches: 25 | - main 26 | - release* 27 | 28 | jobs: 29 | check-license: 30 | runs-on: ubuntu-latest 31 | steps: 32 | - uses: actions/checkout@v2 33 | 34 | - name: Check License Header 35 | uses: apache/skywalking-eyes@main 36 | env: 37 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 38 | with: 39 | log: info 40 | config: .licenserc.yaml 41 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | release: 9 | name: Release polaris 10 | runs-on: ubuntu-latest 11 | strategy: 12 | matrix: 13 | goos: [linux] 14 | goarch: [amd64] 15 | 16 | steps: 17 | - name: Checkout code 18 | uses: actions/checkout@v2 19 | 20 | - name: Get version 21 | id: get_version 22 | run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} 23 | 24 | - name: Set up Go 25 | uses: actions/setup-go@v2 26 | with: 27 | go-version: "1.21" 28 | 29 | - name: Build 30 | id: build 31 | env: 32 | GOOS: ${{ matrix.goos }} 33 | GOARCH: ${{ matrix.goarch }} 34 | VERSION: ${{ steps.get_version.outputs.VERSION }} 35 | run: | 36 | echo "version is $VERSION" 37 | bash build.sh $VERSION 38 | PACKAGE_NAME=$(ls polaris-controller-release*.zip | sed -n '1p') 39 | echo ::set-output name=name::${PACKAGE_NAME} 40 | PACKAGE_NAME=$(ls polaris-controller-release*.zip | sed -n '2p') 41 | echo ::set-output name=name1::${PACKAGE_NAME} 42 | 43 | - name: Upload asset 44 | uses: actions/upload-release-asset@v1 45 | env: 46 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 47 | with: 48 | upload_url: ${{ github.event.release.upload_url }} 49 | asset_path: ./${{ steps.build.outputs.name }} 50 | asset_name: ${{ steps.build.outputs.name }} 51 | asset_content_type: application/gzip 52 | 53 | - name: Upload asset 54 | uses: actions/upload-release-asset@v1 55 | env: 56 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 57 | with: 58 | upload_url: ${{ github.event.release.upload_url }} 59 | asset_path: ./${{ steps.build.outputs.name1 }} 60 | asset_name: ${{ steps.build.outputs.name1 }} 61 | asset_content_type: application/gzip 62 | -------------------------------------------------------------------------------- /.github/workflows/testing.yml: -------------------------------------------------------------------------------- 1 | name: Testing 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | 9 | jobs: 10 | 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v2 15 | 16 | - name: Set up Go 17 | uses: actions/setup-go@v2 18 | with: 19 | go-version: "1.21" 20 | 21 | - name: Build polairs-controller 22 | run: make build 23 | 24 | - name: Test 25 | run: go mod vendor && go test -timeout 80m ./... -v -covermode=count -coverprofile=coverage_1.cover 26 | 27 | - name: Upload Codecov 28 | uses: codecov/codecov-action@v3 29 | with: 30 | token: ${{ secrets.CODECOV_TOKEN }} 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.log 3 | tags 4 | *.exe 5 | **/*.exe 6 | # Build output 7 | bin 8 | .vscode/ 9 | vendor 10 | .codecc/ 11 | 12 | 13 | style_tool/ 14 | goimports-reviser 15 | -------------------------------------------------------------------------------- /.licenserc.yaml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | header: # `header` section is configurations for source codes license header. 17 | license: 18 | spdx-id: BSD-3-Clause # the spdx id of the license, it's convenient when your license is standard SPDX license. 19 | copyright-owner: Tencent # the copyright owner to replace the [owner] in the `spdx-id` template. 20 | content: 21 | | # `license` will be used as the content when `fix` command needs to insert a license header. 22 | Tencent is pleased to support the open source community by making Polaris available. 23 | 24 | Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 25 | 26 | Licensed under the BSD 3-Clause License (the "License"); 27 | you may not use this file except in compliance with the License. 28 | You may obtain a copy of the License at 29 | 30 | https://opensource.org/licenses/BSD-3-Clause 31 | 32 | Unless required by applicable law or agreed to in writing, software distributed 33 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 34 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 35 | specific language governing permissions and limitations under the License. 36 | # `pattern` is optional regexp if all the file headers are the same as `license` or the license of `spdx-id` and `copyright-owner`. 37 | pattern: | 38 | Tencent is pleased to support the open source community by making Polaris available. 39 | 40 | Copyright \(C\) 2019 THL A29 Limited, a Tencent company. All rights reserved. 41 | 42 | Licensed under the BSD 3-Clause License \(the "License"\); 43 | you may not use this file except in compliance with the License. 44 | You may obtain a copy of the License at 45 | 46 | https://opensource.org/licenses/BSD-3-Clause 47 | 48 | Unless required by applicable law or agreed to in writing, software distributed 49 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 50 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 51 | specific language governing permissions and limitations under the License. 52 | paths: # `paths` are the path list that will be checked (and fixed) by license-eye, default is ['**']. 53 | - "**" 54 | 55 | paths-ignore: # `paths-ignore` are the path list that will be ignored by license-eye. 56 | # folder 57 | - "deploy" 58 | - "cmd/polaris-controller/app/options" 59 | - "cmd/polaris-controller/app/" 60 | - "pkg/inject" 61 | - "pkg/util/configz" 62 | - "pkg/util/feature" 63 | - "pkg/util/flag" 64 | - "pkg/version" 65 | 66 | # single file 67 | - "LICENSE" 68 | - ".gitignore" 69 | - "Makefile" 70 | - "Dockerfile" 71 | - "version" 72 | - ".golangci.yml" 73 | - ".github" 74 | - "logo.svg" 75 | - "**/*.pb.go" 76 | - "**/*.gen.go" 77 | - "**/*_mock.go" 78 | - "**/*.proto" 79 | - "**/*.md" 80 | - "**/go.mod" 81 | - "**/go.sum" 82 | comment: on-failure # on what condition license-eye will comment on the pull request, `on-failure`, `always`, `never`. 83 | 84 | # license-location-threshold specifies the index threshold where the license header can be located, 85 | # after all, a "header" cannot be TOO far from the file start. 86 | license-location-threshold: 80 87 | language: 88 | Go: 89 | extensions: 90 | - ".go" 91 | comment_style_id: SlashAsterisk 92 | 93 | dependency: 94 | files: 95 | - go.mod 96 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | REGISTRY = "" 2 | ORG = polarismesh 3 | REPO = polaris-controller 4 | SIDECAR_INIT_REPO = polaris-sidecar-init 5 | ENVOY_SIDECAR_INIT_REPO = polaris-envoy-bootstrap-generator 6 | IMAGE_TAG = v1.7.3 7 | PLATFORMS = linux/amd64,linux/arm64 8 | 9 | .PHONY: all 10 | all: fmt build-amd64 build-arm64 build-multi-arch-image \ 11 | build-sidecar-init build-envoy-sidecar-init push-image 12 | 13 | .PHONY: build-amd64 14 | build-amd64: 15 | @echo "------------------" 16 | @echo "--> Building binary for polaris-controller (linux/amd64)" 17 | @echo "------------------" 18 | CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o ./bin/amd64/polaris-controller ./cmd/polaris-controller/main.go 19 | 20 | .PHONY: build-arm64 21 | build-arm64: 22 | @echo "------------------" 23 | @echo "--> Building binary for polaris-controller (linux/arm64)" 24 | @echo "------------------" 25 | CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o ./bin/arm64/polaris-controller ./cmd/polaris-controller/main.go 26 | 27 | .PHONY: build-multi-arch-image 28 | build-multi-arch-image: 29 | @echo "------------------" 30 | @echo "--> Building multi-arch docker image for polaris-controller" 31 | @echo "------------------" 32 | @docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push ./ 33 | 34 | .PHONY: build-sidecar-init 35 | build-sidecar-init: 36 | docker build ./sidecar/polaris-sidecar-init -f ./sidecar/polaris-sidecar-init/Dockerfile -t $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) 37 | 38 | .PHONY: build-envoy-sidecar-init 39 | build-envoy-sidecar-init: 40 | docker build ./sidecar/envoy-bootstrap-config-generator -f ./sidecar/envoy-bootstrap-config-generator/Dockerfile -t $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) 41 | 42 | .PHONY: push-image 43 | push-image: 44 | docker push $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) 45 | docker push $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) 46 | 47 | .PHONY: clean 48 | clean: 49 | rm -rf bin 50 | rm -rf polaris-controller-release* 51 | 52 | .PHONY: fmt 53 | fmt: ## Run go fmt against code. 54 | go fmt ./... 55 | 56 | .PHONY: generate-multi-arch-image 57 | generate-multi-arch-image: fmt build-amd64 build-arm64 58 | @echo "------------------" 59 | @echo "--> Generate multi-arch docker image to registry for polaris-controller" 60 | @echo "------------------" 61 | @docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) ./ 62 | 63 | .PHONY: push-multi-arch-image 64 | push-multi-arch-image: generate-multi-arch-image 65 | @echo "------------------" 66 | @echo "--> Push multi-arch docker image to registry for polaris-controller" 67 | @echo "------------------" 68 | @docker image push $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Tencent is pleased to support the open source community by making Polaris available. 3 | # 4 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 | # 6 | # Licensed under the BSD 3-Clause License (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://opensource.org/licenses/BSD-3-Clause 11 | # 12 | # Unless required by applicable law or agreed to in writing, software distributed 13 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations under the License. 16 | 17 | set -e 18 | 19 | if [ $# -gt 0 ]; then 20 | version="$1" 21 | else 22 | current=$(date "+%Y-%m-%d %H:%M:%S") 23 | timeStamp=$(date -d "$current" +%s) 24 | currentTimeStamp=$(((timeStamp * 1000 + 10#$(date "+%N") / 1000000) / 1000)) 25 | version="$currentTimeStamp" 26 | fi 27 | workdir=$(dirname $(realpath $0)) 28 | 29 | if [ "$(uname)" == "Darwin" ]; then 30 | sed -i "" "s/##VERSION##/$version/g" "$workdir"/deploy/variables.txt 31 | else 32 | sed -i "s/##VERSION##/$version/g" "$workdir"/deploy/variables.txt 33 | fi 34 | cat "$workdir"/deploy/variables.txt 35 | 36 | function replaceVar() { 37 | for file in $(ls *.yaml); do 38 | key="#$1#" 39 | echo "process replace file $file, key $key, value $2" 40 | if [ "$(uname)" == "Darwin" ]; then 41 | sed -i "" "s?$key?$2?g" $file 42 | else 43 | sed -i "s?$key?$2?g" $file 44 | fi 45 | done 46 | } 47 | 48 | cd $workdir 49 | 50 | export -f replaceVar 51 | 52 | # 处理 kubernetes <= 1.21 的 polaris-controller 发布包 53 | 54 | folder_name="polaris-controller-release_${version}.k8s1.21" 55 | pkg_name="${folder_name}.zip" 56 | 57 | cd $workdir 58 | 59 | # 清理环境 60 | rm -rf ${folder_name} 61 | rm -f "${pkg_name}" 62 | 63 | # 打包 64 | mkdir -p ${folder_name} 65 | 66 | cp -r deploy/kubernetes_v1.21/* ${folder_name} 67 | cp deploy/variables.txt ${folder_name}/kubernetes 68 | 69 | cd ${folder_name}/helm 70 | varFile="../kubernetes/variables.txt" 71 | if [ ! -f "$varFile" ]; then 72 | echo "variables.txt not exists" 73 | exit 1 74 | fi 75 | cat $varFile | awk -F ':' '{print "replaceVar", $1, $2}' | "/bin/bash" 76 | 77 | cd $workdir 78 | zip -r "${pkg_name}" ${folder_name} 79 | #md5sum ${pkg_name} > "${pkg_name}.md5sum" 80 | 81 | if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then 82 | md5 ${pkg_name} >"${pkg_name}.md5sum" 83 | else 84 | md5sum ${pkg_name} >"${pkg_name}.md5sum" 85 | fi 86 | 87 | # 处理 kubernetes >= 1.22 的 polaris-controller 发布包 88 | 89 | folder_name="polaris-controller-release_${version}.k8s1.22" 90 | pkg_name="${folder_name}.zip" 91 | 92 | cd $workdir 93 | 94 | # 清理环境 95 | rm -rf ${folder_name} 96 | rm -f "${pkg_name}" 97 | 98 | # 打包 99 | mkdir -p ${folder_name} 100 | 101 | cp -r deploy/kubernetes_v1.22/* ${folder_name} 102 | cp deploy/variables.txt ${folder_name}/kubernetes 103 | 104 | cd ${folder_name}/helm 105 | varFile="../kubernetes/variables.txt" 106 | if [ ! -f "$varFile" ]; then 107 | echo "variables.txt not exists" 108 | exit 1 109 | fi 110 | cat $varFile | awk -F ':' '{print "replaceVar", $1, $2}' | "/bin/bash" 111 | cd $workdir 112 | zip -r "${pkg_name}" ${folder_name} 113 | #md5sum ${pkg_name} > "${pkg_name}.md5sum" 114 | 115 | if [[ $(uname -a | grep "Darwin" | wc -l) -eq 1 ]]; then 116 | md5 ${pkg_name} >"${pkg_name}.md5sum" 117 | else 118 | md5sum ${pkg_name} >"${pkg_name}.md5sum" 119 | fi 120 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/client_builder.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2016 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package app 18 | 19 | import ( 20 | "go.uber.org/zap" 21 | clientset "k8s.io/client-go/kubernetes" 22 | v1authentication "k8s.io/client-go/kubernetes/typed/authentication/v1" 23 | v1core "k8s.io/client-go/kubernetes/typed/core/v1" 24 | restclient "k8s.io/client-go/rest" 25 | 26 | "github.com/polarismesh/polaris-controller/common/log" 27 | ) 28 | 29 | // ControllerClientBuilder allows you to get clients and configs for controllers 30 | // Please note a copy also exists in staging/src/k8s.io/cloud-provider/cloud.go 31 | // TODO: Extract this into a separate controller utilities repo (issues/68947) 32 | type ControllerClientBuilder interface { 33 | Config(name string) (*restclient.Config, error) 34 | ConfigOrDie(name string) *restclient.Config 35 | Client(name string) (clientset.Interface, error) 36 | ClientOrDie(name string) clientset.Interface 37 | } 38 | 39 | // SimpleControllerClientBuilder returns a fixed client with different user agents 40 | type SimpleControllerClientBuilder struct { 41 | // ClientConfig is a skeleton config to clone and use as the basis for each controller client 42 | ClientConfig *restclient.Config 43 | } 44 | 45 | // Config 46 | func (b SimpleControllerClientBuilder) Config(name string) (*restclient.Config, error) { 47 | clientConfig := *b.ClientConfig 48 | return restclient.AddUserAgent(&clientConfig, name), nil 49 | } 50 | 51 | // ConfigOrDie 52 | func (b SimpleControllerClientBuilder) ConfigOrDie(name string) *restclient.Config { 53 | clientConfig, err := b.Config(name) 54 | if err != nil { 55 | log.Fatal("ConfigOrDie", zap.Error(err)) 56 | } 57 | return clientConfig 58 | } 59 | 60 | // Client 61 | func (b SimpleControllerClientBuilder) Client(name string) (clientset.Interface, error) { 62 | clientConfig, err := b.Config(name) 63 | if err != nil { 64 | return nil, err 65 | } 66 | return clientset.NewForConfig(clientConfig) 67 | } 68 | 69 | // ClientOrDie 70 | func (b SimpleControllerClientBuilder) ClientOrDie(name string) clientset.Interface { 71 | client, err := b.Client(name) 72 | if err != nil { 73 | log.Fatal("ClientOrDie", zap.Error(err)) 74 | } 75 | return client 76 | } 77 | 78 | // SAControllerClientBuilder is a ControllerClientBuilder that returns clients identifying as 79 | // service accounts 80 | type SAControllerClientBuilder struct { 81 | // ClientConfig is a skeleton config to clone and use as the basis for each controller client 82 | ClientConfig *restclient.Config 83 | 84 | // CoreClient is used to provision service accounts if needed and watch for their associated tokens 85 | // to construct a controller client 86 | CoreClient v1core.CoreV1Interface 87 | 88 | // AuthenticationClient is used to check API tokens to make sure they are valid before 89 | // building a controller client from them 90 | AuthenticationClient v1authentication.AuthenticationV1Interface 91 | 92 | // Namespace is the namespace used to host the service accounts that will back the 93 | // controllers. It must be highly privileged namespace which normal users cannot inspect. 94 | Namespace string 95 | } 96 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/config.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package app 17 | 18 | import ( 19 | "os" 20 | 21 | "gopkg.in/yaml.v2" 22 | 23 | "github.com/polarismesh/polaris-controller/cmd/polaris-controller/app/options" 24 | "github.com/polarismesh/polaris-controller/common" 25 | "github.com/polarismesh/polaris-controller/common/log" 26 | ) 27 | 28 | // ProxyMetadata mesh envoy用到的配置 29 | type ProxyMetadata struct { 30 | ServerAddress string `yaml:"serverAddress"` 31 | ClusterName string `yaml:"clusterName"` 32 | OpenDemand string `yaml:"openDemand"` 33 | CAAddress string `yaml:"caAddress"` 34 | } 35 | 36 | // DefaultConfig mesh envoy sidecar 用到的配置 37 | type DefaultConfig struct { 38 | ProxyMetadata ProxyMetadata `yaml:"proxyMetadata"` 39 | } 40 | 41 | // SidecarInject sidecar 注入相关 42 | type SidecarInject struct { 43 | Mode string `yaml:"mode"` 44 | Ignores []IgnorePod `yaml:"ignorePods"` 45 | } 46 | 47 | type IgnorePod struct { 48 | Namespace string `yaml:"namespace"` 49 | PodName string `yaml:"podName"` 50 | } 51 | 52 | type Server struct { 53 | // 健康探测时间间隔 54 | HealthCheckDuration string `yaml:"healthCheckDuration"` 55 | // 定时对账时间间隔 56 | ResyncDuration string `yaml:"resyncDuration"` 57 | } 58 | 59 | type controllerConfig struct { 60 | // 北极星服务端地址 61 | ServerAddress string `yaml:"serverAddress"` 62 | // 北极星服务端token(北极星开启鉴权时需要配置) 63 | PolarisAccessToken string `yaml:"accessToken"` 64 | // Operator 北极星主账户ID, 用于数据同步 65 | Operator string `yaml:"operator"` 66 | // 容器集群名称或ID 67 | ClusterName string `yaml:"clusterName"` 68 | // k8s服务同步配置 69 | ServiceSync *options.ServiceSync `yaml:"serviceSync"` 70 | // 配置同步配置 71 | ConfigSync *options.ConfigSync `yaml:"configSync"` 72 | // sidecar注入相关配置 73 | SidecarInject SidecarInject `yaml:"sidecarInject"` 74 | // mesh envoy 相关配置 75 | DefaultConfig DefaultConfig `yaml:"defaultConfig"` 76 | // 组件日志配置 77 | Logger map[string]*log.Options `yaml:"logger"` 78 | // 健康检查和对账配置 79 | Server Server `yaml:"server"` 80 | } 81 | 82 | func (c *controllerConfig) getPolarisServerAddress() string { 83 | // 新配置格式 84 | if c.ServerAddress != "" { 85 | return c.ServerAddress 86 | } 87 | // 老的配置格式 88 | if c.ServiceSync.ServerAddress != "" { 89 | return c.ServiceSync.ServerAddress 90 | } 91 | return common.PolarisServerAddress 92 | } 93 | 94 | func (c *controllerConfig) getPolarisAccessToken() string { 95 | // 新配置格式 96 | if c.PolarisAccessToken != "" { 97 | return c.PolarisAccessToken 98 | } 99 | // 老的配置格式 100 | if c.ServiceSync.PolarisAccessToken != "" { 101 | return c.ServiceSync.PolarisAccessToken 102 | } 103 | return "" 104 | } 105 | 106 | func (c *controllerConfig) getPolarisOperator() string { 107 | // 新配置格式 108 | if c.Operator != "" { 109 | return c.Operator 110 | } 111 | // 老的配置格式 112 | if c.ServiceSync.Operator != "" { 113 | return c.ServiceSync.Operator 114 | } 115 | return "" 116 | } 117 | 118 | func readConfFromFile() (*controllerConfig, error) { 119 | buf, err := os.ReadFile(BootstrapConfigFile) 120 | if err != nil { 121 | log.Errorf("read file error, %v", err) 122 | return nil, err 123 | } 124 | 125 | c := &controllerConfig{} 126 | err = yaml.Unmarshal(buf, c) 127 | if err != nil { 128 | log.Errorf("unmarshal config error, %v", err) 129 | return nil, err 130 | } 131 | 132 | return c, nil 133 | } 134 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/informer_factory.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package app 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime/schema" 21 | "k8s.io/client-go/informers" 22 | "k8s.io/client-go/metadata/metadatainformer" 23 | ) 24 | 25 | // InformerFactory creates informers for each group version resource. 26 | type InformerFactory interface { 27 | ForResource(resource schema.GroupVersionResource) (informers.GenericInformer, error) 28 | Start(stopCh <-chan struct{}) 29 | } 30 | 31 | // informerFactory 32 | type informerFactory struct { 33 | typedInformerFactory informers.SharedInformerFactory 34 | metadataInformerFactory metadatainformer.SharedInformerFactory 35 | } 36 | 37 | // ForResource 38 | func (i *informerFactory) ForResource(resource schema.GroupVersionResource) (informers.GenericInformer, error) { 39 | informer, err := i.typedInformerFactory.ForResource(resource) 40 | if err != nil { 41 | return i.metadataInformerFactory.ForResource(resource), nil 42 | } 43 | return informer, nil 44 | } 45 | 46 | // Start 47 | func (i *informerFactory) Start(stopCh <-chan struct{}) { 48 | i.typedInformerFactory.Start(stopCh) 49 | i.metadataInformerFactory.Start(stopCh) 50 | } 51 | 52 | // NewInformerFactory creates a new InformerFactory which works with both typed 53 | // resources and metadata-only resources 54 | func NewInformerFactory(typedInformerFactory informers.SharedInformerFactory, 55 | metadataInformerFactory metadatainformer.SharedInformerFactory) InformerFactory { 56 | return &informerFactory{ 57 | typedInformerFactory: typedInformerFactory, 58 | metadataInformerFactory: metadataInformerFactory, 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/options/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package options 18 | 19 | import ( 20 | clientset "k8s.io/client-go/kubernetes" 21 | restclient "k8s.io/client-go/rest" 22 | "k8s.io/client-go/tools/record" 23 | ) 24 | 25 | // Config is the main context object for the controller manager. 26 | type Config struct { 27 | ComponentConfig KubeControllerManagerConfiguration 28 | 29 | // the general kube client 30 | Client *clientset.Clientset 31 | 32 | // the client only used for leader election 33 | LeaderElectionClient *clientset.Clientset 34 | 35 | // the rest config for the master 36 | Kubeconfig *restclient.Config 37 | 38 | // the event sink 39 | EventRecorder record.EventRecorder 40 | } 41 | 42 | // completedConfig 43 | type completedConfig struct { 44 | *Config 45 | } 46 | 47 | // CompletedConfig same as Config, just to swap private object. 48 | type CompletedConfig struct { 49 | // Embed a private pointer that cannot be instantiated outside of this package. 50 | *completedConfig 51 | } 52 | 53 | // Complete fills in any fields not set that are required to have valid data. It's mutating the receiver. 54 | func (c *Config) Complete() *CompletedConfig { 55 | cc := completedConfig{c} 56 | 57 | return &CompletedConfig{&cc} 58 | } 59 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/options/debugging.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package options 18 | 19 | import ( 20 | "github.com/spf13/pflag" 21 | componentbaseconfig "k8s.io/component-base/config" 22 | ) 23 | 24 | // DebuggingOptions holds the Debugging options. 25 | type DebuggingOptions struct { 26 | *componentbaseconfig.DebuggingConfiguration 27 | } 28 | 29 | // AddFlags adds flags related to debugging for controller manager to the specified FlagSet. 30 | func (o *DebuggingOptions) AddFlags(fs *pflag.FlagSet) { 31 | if o == nil { 32 | return 33 | } 34 | 35 | fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling, 36 | "Enable profiling via web interface host:port/debug/pprof/") 37 | fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling, 38 | "Enable lock contention profiling, if profiling is enabled") 39 | } 40 | 41 | // ApplyTo fills up Debugging config with options. 42 | func (o *DebuggingOptions) ApplyTo(cfg *componentbaseconfig.DebuggingConfiguration) error { 43 | if o == nil { 44 | return nil 45 | } 46 | 47 | cfg.EnableProfiling = o.EnableProfiling 48 | cfg.EnableContentionProfiling = o.EnableContentionProfiling 49 | 50 | return nil 51 | } 52 | 53 | // Validate checks validation of DebuggingOptions. 54 | func (o *DebuggingOptions) Validate() []error { 55 | if o == nil { 56 | return nil 57 | } 58 | 59 | errs := []error{} 60 | return errs 61 | } 62 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/options/leaderelection.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package options 18 | 19 | import ( 20 | "time" 21 | 22 | "github.com/spf13/pflag" 23 | rl "k8s.io/client-go/tools/leaderelection/resourcelock" 24 | componentbaseconfig "k8s.io/component-base/config" 25 | ) 26 | 27 | const ( 28 | // DefaultLeaseDuration is a 15 second lease duration. 29 | DefaultLeaseDuration = 15 * time.Second 30 | // DefaultRenewDeadline is a 10 second renewal deadline. 31 | DefaultRenewDeadline = 10 * time.Second 32 | // DefaultRetryPeriod is a 2 second retry period. 33 | DefaultRetryPeriod = 2 * time.Second 34 | // DefaultLeaseDurationNamespace is kube-system 35 | DefaultLeaseDurationNamespace = "kube-system" 36 | ) 37 | 38 | // BindFlags binds the LeaderElectionConfiguration struct fields to a flagset 39 | func BindFlags(l *componentbaseconfig.LeaderElectionConfiguration, fs *pflag.FlagSet) { 40 | fs.BoolVar(&l.LeaderElect, "leader-elect", l.LeaderElect, ""+ 41 | "Start a leader election client and gain leadership before "+ 42 | "executing the main loop. Enable this when running replicated "+ 43 | "components for high availability.") 44 | fs.DurationVar(&l.LeaseDuration.Duration, "leader-elect-lease-duration", DefaultLeaseDuration, ""+ 45 | "The duration that non-leader candidates will wait after observing a leadership "+ 46 | "renewal until attempting to acquire leadership of a led but unrenewed leader "+ 47 | "slot. This is effectively the maximum duration that a leader can be stopped "+ 48 | "before it is replaced by another candidate. This is only applicable if leader "+ 49 | "election is enabled.") 50 | fs.DurationVar(&l.RenewDeadline.Duration, "leader-elect-renew-deadline", DefaultRenewDeadline, ""+ 51 | "The interval between attempts by the acting master to renew a leadership slot "+ 52 | "before it stops leading. This must be less than or equal to the lease duration. "+ 53 | "This is only applicable if leader election is enabled.") 54 | fs.DurationVar(&l.RetryPeriod.Duration, "leader-elect-retry-period", DefaultRetryPeriod, ""+ 55 | "The duration the clients should wait between attempting acquisition and renewal "+ 56 | "of a leadership. This is only applicable if leader election is enabled.") 57 | fs.StringVar(&l.ResourceLock, "leader-elect-resource-lock", rl.EndpointsLeasesResourceLock, ""+ 58 | "The type of resource object that is used for locking during "+ 59 | "leader election. Supported options are `endpoints` (default) and `configmaps`.") 60 | fs.StringVar(&l.ResourceNamespace, "leader-elect-namespace", DefaultLeaseDurationNamespace, ""+ 61 | "The namespace of resource object that is used for locking during "+ 62 | "leader election. ") 63 | } 64 | -------------------------------------------------------------------------------- /cmd/polaris-controller/app/options/serve.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package options 18 | 19 | import ( 20 | "context" 21 | "fmt" 22 | "net/http" 23 | goruntime "runtime" 24 | "time" 25 | 26 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 27 | "k8s.io/apiserver/pkg/endpoints/filters" 28 | apirequest "k8s.io/apiserver/pkg/endpoints/request" 29 | genericfilters "k8s.io/apiserver/pkg/server/filters" 30 | "k8s.io/apiserver/pkg/server/healthz" 31 | "k8s.io/apiserver/pkg/server/mux" 32 | "k8s.io/apiserver/pkg/server/routes" 33 | componentbaseconfig "k8s.io/component-base/config" 34 | "k8s.io/component-base/metrics/legacyregistry" 35 | _ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration 36 | 37 | "github.com/polarismesh/polaris-controller/common/log" 38 | "github.com/polarismesh/polaris-controller/pkg/util/configz" 39 | ) 40 | 41 | // BuildHandlerChain builds a handler chain with a base handler and CompletedConfig. 42 | func BuildHandlerChain(apiHandler http.Handler) http.Handler { 43 | requestInfoResolver := &apirequest.RequestInfoFactory{} 44 | handler := apiHandler 45 | 46 | handler = filters.WithRequestInfo(handler, requestInfoResolver) 47 | handler = filters.WithCacheControl(handler) 48 | handler = genericfilters.WithPanicRecovery(handler, requestInfoResolver) 49 | 50 | return handler 51 | } 52 | 53 | // NewBaseHandler takes in CompletedConfig and returns a handler. 54 | func NewBaseHandler(c *componentbaseconfig.DebuggingConfiguration, 55 | checks ...healthz.HealthChecker) *mux.PathRecorderMux { 56 | mux := mux.NewPathRecorderMux("controller-manager") 57 | healthz.InstallHandler(mux, checks...) 58 | if c.EnableProfiling { 59 | routes.Profiling{}.Install(mux) 60 | if c.EnableContentionProfiling { 61 | goruntime.SetBlockProfileRate(1) 62 | } 63 | } 64 | configz.InstallHandler(mux) 65 | ////lint:ignore SA1019 See the Metrics Stability Migration KEP 66 | mux.Handle("/metrics", legacyregistry.Handler()) 67 | 68 | return mux 69 | } 70 | 71 | // Serve starts an insecure http server with the given handler. It fails only if 72 | // the initial listen call fails. It does not block. 73 | func RunServe(handler http.Handler, bindPort int32, shutdownTimeout time.Duration, stopCh <-chan struct{}) error { 74 | server := &http.Server{ 75 | Addr: fmt.Sprintf(":%v", bindPort), 76 | Handler: handler, 77 | MaxHeaderBytes: 1 << 20, 78 | } 79 | 80 | _, err := RunServer(server, shutdownTimeout, stopCh) 81 | // NOTE: we do not handle stoppedCh returned by RunServer for graceful termination here 82 | return err 83 | } 84 | 85 | // RunServer 86 | func RunServer( 87 | server *http.Server, 88 | shutDownTimeout time.Duration, 89 | stopCh <-chan struct{}, 90 | ) (<-chan struct{}, error) { 91 | 92 | // Shutdown server gracefully. 93 | stoppedCh := make(chan struct{}) 94 | go func() { 95 | defer close(stoppedCh) 96 | <-stopCh 97 | ctx, cancel := context.WithTimeout(context.Background(), shutDownTimeout) 98 | if err := server.Shutdown(ctx); err != nil { 99 | log.Warnf("server Shutdown error:%+v", err) 100 | } 101 | cancel() 102 | }() 103 | 104 | go func() { 105 | defer utilruntime.HandleCrash() 106 | 107 | err := server.ListenAndServe() 108 | 109 | select { 110 | case <-stopCh: 111 | log.Infof("Stop Listening %s", server.Addr) 112 | default: 113 | panic(fmt.Sprintf("%s due to error: %v", server.Addr, err)) 114 | } 115 | }() 116 | 117 | return stoppedCh, nil 118 | } 119 | -------------------------------------------------------------------------------- /cmd/polaris-controller/main.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package main 17 | 18 | import ( 19 | "fmt" 20 | "math/rand" 21 | "os" 22 | "time" 23 | 24 | _ "go.uber.org/automaxprocs" 25 | "k8s.io/component-base/logs" 26 | 27 | "github.com/polarismesh/polaris-controller/cmd/polaris-controller/app" 28 | ) 29 | 30 | func main() { 31 | rand.New(rand.NewSource(time.Now().UnixNano())) 32 | 33 | command := app.NewPolarisControllerManagerCommand() 34 | logs.InitLogs() 35 | defer logs.FlushLogs() 36 | if err := command.Execute(); err != nil { 37 | fmt.Fprintf(os.Stderr, "%v\n", err) 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /common/common.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package common 17 | 18 | import "os" 19 | 20 | var ( 21 | PolarisServerAddress string = "127.0.0.1" 22 | PolarisServerGrpcAddress string = "127.0.0.1:8091" 23 | PolarisControllerNamespace string = os.Getenv("POD_NAMESPACE") 24 | ) 25 | -------------------------------------------------------------------------------- /common/log/logger.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package log 17 | 18 | import ( 19 | "errors" 20 | ) 21 | 22 | func SetLogOutputLevel(scopeName string, levelName string) error { 23 | scope := FindScope(scopeName) 24 | if scope == nil { 25 | return errors.New("invalid scope name") 26 | } 27 | 28 | l, exist := stringToLevel[levelName] 29 | if !exist { 30 | return errors.New("invalid log level") 31 | } 32 | 33 | scope.SetOutputLevel(l) 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /common/log/type.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package log 17 | 18 | // logger type 19 | const ( 20 | // ConfigLoggerName config logger name, can use FindScope function to get the logger 21 | InjectLoggerName = "inject" 22 | // SyncNamingLoggerName naming sync logger name, can use FindScope function to get the logger 23 | SyncNamingLoggerName = "syncnaming" 24 | // SyncConfigLoggerName config sync logger name, can use FindScope function to get the logger 25 | SyncConfigLoggerName = "syncconfig" 26 | // SyncConfigLoggerName config map sync logger name, can use FindScope function to get the logger 27 | SyncConfigMapLoggerName = "synccm" 28 | // TraceLoggerName trace logger name, can use FindScope function to get the logger 29 | TraceLoggerName = "trace" 30 | ) 31 | 32 | var ( 33 | injectScope = RegisterScope(InjectLoggerName, "pod inject logging messages.", 0) 34 | syncNamingScope = RegisterScope(SyncNamingLoggerName, "naming sync logging messages.", 0) 35 | syncConfigScope = RegisterScope(SyncConfigLoggerName, "config sync logging messages.", 0) 36 | syncCmScope = RegisterScope(SyncConfigMapLoggerName, "configmap sync logging messages.", 0) 37 | traceScope = RegisterScope(TraceLoggerName, "trace logging messages.", 0) 38 | ) 39 | 40 | func allLoggerTypes() []string { 41 | return []string{SyncNamingLoggerName, SyncConfigLoggerName, 42 | SyncConfigMapLoggerName, InjectLoggerName, DefaultLoggerName} 43 | } 44 | 45 | // DefaultScope default logging scope handler 46 | func DefaultScope() *Scope { 47 | return defaultScope 48 | } 49 | 50 | // SyncNamingScope naming logging scope handler 51 | func SyncNamingScope() *Scope { 52 | return syncNamingScope 53 | } 54 | 55 | // SyncConfigScope naming logging scope handler 56 | func SyncConfigScope() *Scope { 57 | return syncConfigScope 58 | } 59 | 60 | // SyncConfigMapScope naming logging scope handler 61 | func SyncConfigMapScope() *Scope { 62 | return syncCmScope 63 | } 64 | 65 | // InjectScope 66 | func InjectScope() *Scope { 67 | return injectScope 68 | } 69 | 70 | // TraceScope 71 | func TraceScope() *Scope { 72 | return traceScope 73 | } 74 | -------------------------------------------------------------------------------- /deploy/README-zh.md: -------------------------------------------------------------------------------- 1 | # Polaris Controller helm安装文档 2 | 3 | 简体中文 | [English](./README.md) 4 | 5 | 本文档介绍如何使用 helm chart 安装 polaris-controller 服务。 6 | 7 | ## 准备工作 8 | 9 | 确保已经安装 k8s 集群,且安装了 helm。 10 | 在polaris-system命名空间下已经成功部署polaris server服务 11 | (参考文档见: [helm部署北极星](https://github.com/polarismesh/polaris/tree/main/release/cluster/helm)) 12 | 13 | ## 安装 14 | ### 初始化helm配置 15 | 确认`deploy/variables.txt`文件中的变量赋值符合预期,示例如下 16 | ```shell 17 | cd deploy 18 | $ cat variables.txt deploy -> main ? ! |• 19 | POLARIS_HOST:polaris.polaris-system 20 | CONTROLLER_VERSION:v1.7.1 21 | SIDECAR_VERSION:v1.5.1 22 | POLARIS_TOKEN:nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I= 23 | ENVOY_VERSION:v1.26.2 24 | CLUSTER_NAME:default 25 | JAVA_AGENT_INIT:v0.0.1% 26 | ``` 27 | 初始化helm项目的`values.yaml`文件 28 | ```shell 29 | sh init_helm.sh 30 | ``` 31 | 32 | ### 部署 33 | 使用`helm install ${release_name} .`命令安装,将 `${release_name}` 替换为您需要的 release 名。示例如下 34 | ```shell 35 | cd helm 36 | helm install polaris-controller . 37 | ``` 38 | 39 | ### 更新 40 | 使用`helm upgrade -i ${release_name} .`命令更新,将 `${release_name}` 替换为您需要的 release 名。示例如下 41 | ```shell 42 | helm upgrade -i polaris-controller . 43 | ``` 44 | 45 | ### 卸载 46 | 使用`helm uninstall `${release_name}``命令更新,将 `${release_name}` 替换为您需要的 release 名。示例如下 47 | ```shell 48 | $ helm uninstall polaris-controller 49 | ``` 50 | 51 | ## 配置 52 | 支持的配置可查看helm项目的`values.yaml`文件 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /deploy/README.md: -------------------------------------------------------------------------------- 1 | # Polaris Controller helm 2 | 3 | English | [简体中文](./README-zh.md) 4 | 5 | This page show how to get polaris-controller service started by helm chart。 6 | 7 | ## Prerequisites 8 | Make sure k8s cluster is installed and helm is installed. And the polaris-server is running in the polaris-system namespaces of k8s. 9 | (Guidance:[polaris installation by using helm](https://github.com/polarismesh/polaris/tree/main/release/cluster/helm)) 10 | 11 | ## Installation 12 | ### helm init 13 | Confirm that the variable assignments in the `deploy/variables.txt` file are as expected, the example is as follows 14 | ```shell 15 | cd deploy 16 | $ cat variables.txt deploy -> main ? ! |• 17 | POLARIS_HOST:polaris.polaris-system 18 | CONTROLLER_VERSION:v1.7.1 19 | SIDECAR_VERSION:v1.5.1 20 | POLARIS_TOKEN:token 21 | ENVOY_VERSION:v1.26.2 22 | CLUSTER_NAME:default 23 | JAVA_AGENT_INIT:v0.0.1% 24 | ``` 25 | Initialize the `values.yaml` file of the helm project 26 | ```shell 27 | sh init_helm.sh 28 | ``` 29 | 30 | ### install 31 | Use the `helm install ${release_name}.` command to install, replacing `${release_name}` with the release name you need. 32 | Examples are as follows 33 | ```shell 34 | cd helm 35 | helm install polaris-controller . 36 | ``` 37 | 38 | ### update 39 | Use the `helm upgrade -i ${release_name} .` command to update and replace `${release_name}` with the release name you need. 40 | Examples are as follows 41 | ```shell 42 | helm upgrade -i polaris-controller . 43 | ``` 44 | 45 | ### uninstall 46 | Use the `helm uninstall `${release_name}` command to update, replacing `${release_name}` with the release name you need. 47 | Examples are as follows 48 | ```shell 49 | $ helm uninstall polaris-controller 50 | ``` 51 | 52 | ## Configuration 53 | Configs in `values.yaml` of helm will explain how to configure the service. 54 | -------------------------------------------------------------------------------- /deploy/init_helm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # preprocess the variables 6 | 7 | function replaceVar() { 8 | for file in $(ls */helm/values.yaml); do 9 | key="#$1#" 10 | echo "process replace file $file, key $key, value $2" 11 | if [ "$(uname)" == "Darwin" ]; then 12 | sed -i "" "s?$key?$2?g" $file 13 | else 14 | sed -i "s?$key?$2?g" $file 15 | fi 16 | done 17 | } 18 | 19 | varFile="variables.txt" 20 | if [ ! -f "$varFile" ]; then 21 | echo "variables.txt not exists" 22 | exit 1 23 | fi 24 | 25 | export -f replaceVar 26 | 27 | cat $varFile | awk -F ':' '{print "replaceVar", $1, $2}' | "/bin/bash" -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | See full changelog: https://github.com/polarismesh/polaris-controller/releases -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v1.3.0 3 | description: Polaris controller for Kubernetes is used to synchronize endpoints to polaris and inject sidecars into business pods 4 | home: https://github.com/polarismesh/polaris-controller 5 | icon: https://avatars.githubusercontent.com/u/85474408?s=200&v=4 6 | keywords: 7 | - controller 8 | - polaris 9 | maintainers: 10 | - name: jlongzhou@tencent.com 11 | name: polaris-controller 12 | sources: 13 | - https://github.com/polarismesh/polaris-controller 14 | version: 1.3.0 15 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/secrets/ca-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/secrets/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/secrets/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy2WvO+nQbXwUb 3 | q2SuovhNxCvEGxGfnoZnuXGosZYw6TUR7aq6G+uGtW1kkHdUgf9nqplm3FVnJ/00 4 | zzfV1Bu25eC0YnVQSl/Ne8xglxfpKY5tzcwJcRg/spssSMoVylPfqe04vSMzRLDu 5 | DiV2QZ2/VrF3usWyOxnkBfWLgb/rcwi+UbX3W0ZC03esmsOlVy1g6dZEBPAmQ7B/ 6 | XUn5QMhwUfmf+Y6NJtrd0sW+eTozl6fFOnsJk38OrVKuYMH3qXF3DUIlDK6MWLbs 7 | tS4F3gO7P9Fgce/lUDmMhR4mQAeFlnRyOSgR8WIhz+3HMomv9x9Aol1Pmm8LeMvS 8 | +L3kdLfX3P5r1kDOYT3Dl6cOSHjZT6NHTqIAjLTI4vdCwBCnSwEms5Qjh7LkI+ht 9 | 4sejfsOPnP1C2qhkwz4OvhuD/ckBGObguOGGIyB5XAV6xhdE0CSxS96sb7uVfomq 10 | rrP4n6xvXnLa3MirOVdxgx4grTsHKC49uS5oXNcdBqDk32fu0z+euK92O6lGqgcF 11 | 19XQ4zdAwJkmOVJpi4WoJvZjqqmfDqFnAuq0A1AaZpmjOdUxHckNJbAbB+TgaI2b 12 | kXchZzMtV8EReTM7ZDKIBbyWoYO11ENgO0gIh6oiAXD9nuieO09Uo5CvOSadTFRJ 13 | zumh1ahqKQaJkfwO9EkUysY70J7z/wIDAQABAoICAQCeEAl3o2F5z0B0c8VHkkBg 14 | ej8z0biBmViv0vTgYhKap4B/l8yLLqG5LB7CAet0hG907xEkFxZjVLQzN+/gytSz 15 | j/ZHdby4eQKyV/cIZoB7UH7QDFGHBqynnvIE8U+ocmguA7/jpUS2yr6TpWz2VodT 16 | 0wqFBkwyeIkpPRsFcGZtb/0KNqzbL4+o/7uEkELYnXM9c2wqMTMMnkYeShRWdSqw 17 | GcLD34pctTo5UU3ySLFnZ2CerlCO5gwkrImmE11ZxCbDULRkihC5eK4yBO3nwY8K 18 | rhwdYJTj1UMHLZ63r172cUH4sQr40Jwpxdofckq9eWnldZmCALqjKN76VVt9zKms 19 | YSlY4Xo9AR3spgq/HepRyeu2FQE5XxXoRoxA0xa+SapR0FoirgzvscmmngTYmqy3 20 | tFw+wLc9KMYw6gCyjiSzuAWPZ0lEQ2NSgoKmwLMoLlKWxvAjywwimP+IjfTaRcEt 21 | ELaONDhNsXWk0s+WBUZ8ul7UaH7DT9v7fWndSftYE6Rt0Q39CCesXZflnay7g7+M 22 | mTEgbG4ZDdiyy5C6dPi6lJNYfnLmM7X/1l1TWaeH/n1E/n1h+T4vJgTQfitn3upV 23 | BWuC5X3HSmHXJI07XirT4EI0RslFkbyE55BgRnp46drPg/rhbzAwiuC1SmdZ5i78 24 | ryzsb5fQNS1VTiYRb/0yAQKCAQEA7TIj5GMTA05mePgHiBRqXGrHtEmXAISkiEHC 25 | P8T83uvzb0RXMPObrw6WHvR5fHcUU87Feyf70s1NUUZLVdXJNvbIQsK/P8ZBN3YI 26 | sxrX9xbrGZDBo4MFEeJGHOE9jRyeGSulTTKCNROjLjhPx83igFlXMwkaokMSVl31 27 | f2pMrcfTpq0/yI75HIJEqR34u1wWBOyq9OoS9RWpJKhsyKfRemu8fzQSNGgP+DIj 28 | PYkYf577WQBUrDgjGgM59NreGwT6loDDwtNaRMei6MvOJKgT4DkBt3eiVize/Gzn 29 | IL+XPBxuI7pqXPWz0nsmSshdt6vS22j7+J+a/glZ5l0DqPMzpQKCAQEAwQclGoPt 30 | LFAv17h61SRLE8MbLgsf25uZ51j4TP3Mga8+mvWeei3BP7NDpaXyJMkltkhJwx36 31 | wpmomif6E1bIBVOiTiBIGudGr1t/WrijS1uKriwRAcFF3V6L1E9MxqFp8WPs9NOJ 32 | AkUfMifT6mRdgl7gjSH/l10dPvJ7KvwRiDS+9ArrY/LAYD102ldF+p5G6TnyOeCI 33 | 9PriR09aJWMvHH4qS18P9UCij+/xdRtLFYNxJX+K/wh+ocImMfxFg9NzCfJ6DF1r 34 | IO7ZNEIcBrsp91ZfCnjv1UN0pU+UjZmdCrWd8qMvvdiD8kacHME2MlBzPrjeqFWq 35 | N1ISCXzhf5Rn0wKCAQAmOC4QXuZxYfChDVYpVyDMQ2hqZHEwZC8exXnHTLZyNRLE 36 | mv5xpM8xJeiKlFn+9DEST/8CGS86iFos/malLg1+DcW2/CpU3F0l0p8UPP8PkWHQ 37 | fMK21iW6+/rQLHr+gd33sFCyX7EbXE6u4+P3DfWxOLQURSNFggkyYXFtVnOEjO5N 38 | rRzZ9C+vqE3n8ixiBDSIFpp1XEIxu4vFnF3q9x+J2lJFLN7CEwJ/u5RyFeUcq0FU 39 | 1fjOxzzgtCRij+G5+NNn7NeeTO/+pSxa1nwg6/RH7OeZ6Gz/9br4cZPMcxKrXOli 40 | WGdLE0wmXjGNWzu+nLEdKY1wQkd3J4qU0+gDES0BAoIBAGNsJrRNl2/nrXzTTJFU 41 | LEd1ix5gJHyc3NzIerxNTXTOqtRuBr6vqoYA86rympJP+Ni2yydw3aQ2OR2N0cT8 42 | QfJcbZEIF5uj3EiePC6iQ5mhAQFNOUVKI44uEJ++aLE2mrb23SoNethsefD/iquE 43 | HpX0AH0xMdDo6RNvGfm989nQMTrKFQxaELSBcxqzMRwxQh0G97jP6jskrkBEow32 44 | 1GE8qtQ/lpygOhshX6EN+dKO7Ux/MTzDR1ZSBhJg+f04gFxzRGHyDCfeXooIMx9U 45 | b/0xw6pFOGMEZ6RuJPn6UWUevsgnPYPvbabwr6Av9JZd0b5Qwn66AP6ViyzP4eYw 46 | rnkCggEAQo7nkZnFqzF2qk7vZ7mfDXLdsCHxNuKBRPvOe0/jHTgREPgI2yecTPBn 47 | XMJvKufyzoa0zALKNaA1Ljm/8/HhjX2abTYRVO9BS9aJN0F+u3t4Sf6+8ZICgmmo 48 | rkRt3vRmFFGr935veMk7yx18/ezstkK3LLuFZFII55XhO+LBaezsVCtPCESU7Vqs 49 | K2V0Ab+9qNC4xNGCFZXRmmyzFSwsuJ3zCKygb3J8HG4sp1R4q+EqN3C++y9CGbgm 50 | YSog19R5+7P8qOopC8cod8jWuMsAsLwoSGc0L0+G2dIqgR0wSGE8P3VLqq3UN9hx 51 | QYNToXs8PwtyNIbvckrJQvbqO8WoBA== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The polaris controller has been installed. 2 | Visit http://{{ .Values.polaris.server.address }}:8080 to access polaris console via HTTP. -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "polaris-controller.name" -}} 6 | {{- default .Chart.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | 10 | {{/* 11 | Polaris controller deployment labels 12 | */}} 13 | {{- define "polaris-controller.controller.labels" -}} 14 | qcloud-app: polaris-controller 15 | {{- if .Chart.AppVersion }} 16 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 17 | {{- end }} 18 | app.kubernetes.io/managed-by: {{ .Release.Service }} 19 | {{- end -}} 20 | 21 | 22 | {{/* 23 | Get specific image for controller 24 | */}} 25 | {{- define "polaris-controller.controller.image" -}} 26 | {{- printf "%s:%s" .Values.controller.image.repo .Values.controller.image.tag -}} 27 | {{- end -}} 28 | 29 | {{/* 30 | Get specific image for sidecar 31 | */}} 32 | {{- define "polaris-controller.sidecar.image" -}} 33 | {{- printf "%s:%s" .Values.sidecar.image.repo .Values.sidecar.image.tag -}} 34 | {{- end -}} 35 | 36 | 37 | {{/* 38 | Get specific image for sidecar init container 39 | */}} 40 | {{- define "polaris-controller.sidecar.init.image" -}} 41 | {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}} 42 | {{- end -}} 43 | 44 | {{/* 45 | Get specific image for sidecar init container 46 | */}} 47 | {{- define "polaris-controller.sidecar.envoy_init.image" -}} 48 | {{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}} 49 | {{- end -}} 50 | 51 | {{/* 52 | Get specific image for sidecar init container 53 | */}} 54 | {{- define "polaris-controller.sidecar.envoy.image" -}} 55 | {{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}} 56 | {{- end -}} 57 | 58 | {{/* 59 | Get specific image for javaagent init container 60 | */}} 61 | {{- define "polaris-controller.sidecar.javaagent.image" -}} 62 | {{- printf "%s:%s" .Values.sidecar.javaagent.image.repo .Values.sidecar.javaagent.image.tag -}} 63 | {{- end -}} 64 | 65 | {{/* 66 | Get specific image for sidecar init container 67 | */}} 68 | {{- define "polaris-controller.sidecar.istio.image" -}} 69 | {{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}} 70 | {{- end -}} 71 | 72 | {{/* 73 | Create a default fully qualified controller name. 74 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 75 | */}} 76 | {{- define "polaris-controller.controller.fullname" -}} 77 | {{- printf "%s-%s" .Release.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}} 78 | {{- end -}} 79 | 80 | 81 | {{/* 82 | Selector labels 83 | */}} 84 | {{- define "polaris-controller.controller.selectorLabels" -}} 85 | app.kubernetes.io/name: {{ include "polaris-controller.name" . }} 86 | app.kubernetes.io/instance: {{ .Release.Name }} 87 | app: sidecar-injector 88 | {{- end -}} 89 | 90 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/_params.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* Note: In the controller, the go template will be used again to render the configuration, 3 | so some symbols {{ expr }} need to be kept from being rendered here. */}} 4 | 5 | {{/* 6 | Define the cmd args for the bootstrap init container. 7 | */}} 8 | {{- define "configmap-client.config_tpl" -}} 9 | apiVersion: v1 10 | kind: ConfigMap 11 | metadata: 12 | namespace: {{ "{{" }} .Namespace {{ "}}" }} 13 | name: {{ "{{" }} .Name {{ "}}" }} 14 | data: 15 | polaris.yaml: |- 16 | global: 17 | serverConnector: 18 | addresses: 19 | - {{ "{{" }} .PolarisServer {{ "}}" }} 20 | {{- end -}} 21 | 22 | 23 | {{/* 24 | Define the volume mounts for the sidecar container. 25 | */}} 26 | {{- define "configmap-sidecar.polaris_volume_mounts" -}} 27 | - mountPath: /tmp/polaris-sidecar 28 | defaultMode: 777 29 | name: polaris-socket 30 | {{ "{{" }} if ne ( index .ObjectMeta.Annotations `polarismesh.cn/tls-mode`) "none" {{ "}}" }} 31 | - name: root-ca 32 | mountPath: /etc/polaris-sidecar/certs 33 | {{ "{{" }} end {{ "}}" }} 34 | {{- end -}} 35 | 36 | {{/* 37 | Define the cmd envs for the bootstrap init container. 38 | */}} 39 | {{- define "configmap-sidecar.bootstrap_envs" -}} 40 | - name: METADATA 41 | value: "{{ "{{" }} index .ObjectMeta.Annotations `sidecar.polarismesh.cn/envoyMetadata` {{ "}}" }}" 42 | {{ "{{" }}if ne ( index .ObjectMeta.Annotations `polarismesh.cn/tls-mode`) "none"{{ "}}" }} 43 | - name: TLS_MODE 44 | value: "{{ "{{" }}index .ObjectMeta.Annotations `polarismesh.cn/tls-mode`{{ "}}" }}" 45 | {{ "{{" }}end{{ "}}" }} 46 | - name: NAMESPACE 47 | valueFrom: 48 | fieldRef: 49 | fieldPath: metadata.namespace 50 | - name: POD_NAME 51 | valueFrom: 52 | fieldRef: 53 | fieldPath: metadata.name 54 | - name: INSTANCE_IP 55 | valueFrom: 56 | fieldRef: 57 | fieldPath: status.podIP 58 | - name: POLARIS_SERVER_URL 59 | value: {{ "{{" }}.ProxyConfig.ProxyMetadata.serverAddress{{ "}}" }}:15010 60 | - name: POLARIS_SERVER_HOST 61 | value: {{ "{{" }}.ProxyConfig.ProxyMetadata.serverAddress{{ "}}" }} 62 | - name: POLARIS_SERVER_PORT 63 | value: 15010 64 | - name: CLUSTER_NAME 65 | value: {{ "{{" }}.ProxyConfig.ProxyMetadata.clusterName{{ "}}" }} 66 | - name: OPEN_DEMAND 67 | value: {{ "{{" }}.ProxyConfig.ProxyMetadata.openDemand{{ "}}" }} 68 | {{- end -}} 69 | 70 | 71 | {{/* 72 | Define the container resources for the envoy container. 73 | */}} 74 | {{- define "configmap-sidecar.envoy_resources" -}} 75 | {{ "{{" }}- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit`) {{ "}}" }} 76 | {{ "{{" }}- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) {{ "}}" }} 77 | requests: 78 | {{ "{{" }} if (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) -{{ "}}" }} 79 | cpu: "{{ "{{" }} index .ObjectMeta.Annotations `polarismesh.cn/proxyCPU` {{ "}}" }}" 80 | {{ "{{" }} end {{ "}}" }} 81 | {{ "{{" }} if (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) -{{ "}}" }} 82 | memory: "{{ "{{" }} index .ObjectMeta.Annotations `polarismesh.cn/proxyMemory` {{ "}}" }}" 83 | {{ "{{" }} end {{ "}}" }} 84 | {{ "{{" }}- end {{ "}}" }} 85 | {{ "{{" }}- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit`) {{ "}}" }} 86 | limits: 87 | {{ "{{" }} if (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit`) -{{ "}}" }} 88 | cpu: "{{ "{{" }} index .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit` {{ "}}" }}" 89 | {{ "{{" }} end {{ "}}" }} 90 | {{ "{{" }} if (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit`) -{{ "}}" }} 91 | memory: "{{ "{{" }} index .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit` {{ "}}" }}" 92 | {{ "{{" }} end {{ "}}" }} 93 | {{ "{{" }}- end {{ "}}" }} 94 | {{ "{{" }}- else {{ "}}" }} 95 | {{ "{{" }}- if .Values.global.proxy.resources {{ "}}" }} 96 | {{ "{{" }} toYaml .Values.global.proxy.resources | indent 6 {{ "}}" }} 97 | {{ "{{" }}- end {{ "}}" }} 98 | {{ "{{" }}- end {{ "}}" }} 99 | {{- end -}} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - services 10 | - namespaces 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - events 20 | - configmaps 21 | - endpoints 22 | verbs: 23 | - create 24 | - update 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - "coordination.k8s.io" 30 | resources: 31 | - leases 32 | verbs: 33 | - create 34 | - get 35 | - list 36 | - update -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ include "polaris-controller.controller.fullname" . }} 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ include "polaris-controller.controller.fullname" . }} 12 | namespace: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-configmap-client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }}-tpl 5 | namespace: polaris-system 6 | data: 7 | polaris.yaml: |- 8 | {{ include "configmap-client.config_tpl" . | nindent 4 }} 9 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-configmap-mesh.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }}-mesh 5 | namespace: polaris-system 6 | data: 7 | mesh: |- 8 | logger: 9 | default: 10 | rotateOutputPath: logs/polaris-default.log 11 | errorRotateOutputPath: logs/polaris-default-error.log 12 | rotationMaxSize: 100 13 | rotationMaxBackups: 10 14 | rotationMaxAge: 7 15 | outputLevel: info 16 | outputPaths: 17 | - stdout 18 | errorOutputPaths: 19 | - stderr 20 | synccm: 21 | rotateOutputPath: logs/polaris-synccm.log 22 | errorRotateOutputPath: logs/polaris-synccm-error.log 23 | rotationMaxSize: 100 24 | rotationMaxBackups: 10 25 | rotationMaxAge: 7 26 | outputLevel: info 27 | outputPaths: 28 | - stdout 29 | errorOutputPaths: 30 | - stderr 31 | syncnaming: 32 | rotateOutputPath: logs/polaris-syncnaming.log 33 | errorRotateOutputPath: logs/polaris-syncnaming-error.log 34 | rotationMaxSize: 100 35 | rotationMaxBackups: 10 36 | rotationMaxAge: 7 37 | outputLevel: info 38 | outputPaths: 39 | - stdout 40 | errorOutputPaths: 41 | - stderr 42 | syncconfig: 43 | rotateOutputPath: logs/polaris-syncconfig.log 44 | errorRotateOutputPath: logs/polaris-syncconfig-error.log 45 | rotationMaxSize: 100 46 | rotationMaxBackups: 10 47 | rotationMaxAge: 7 48 | outputLevel: info 49 | outputPaths: 50 | - stdout 51 | errorOutputPaths: 52 | - stderr 53 | inject: 54 | rotateOutputPath: logs/polaris-inject.log 55 | errorRotateOutputPath: logs/polaris-inject-error.log 56 | rotationMaxSize: 100 57 | rotationMaxBackups: 10 58 | rotationMaxAge: 7 59 | outputLevel: info 60 | outputPaths: 61 | - stdout 62 | errorOutputPaths: 63 | - stderr 64 | # 北极星服务端地址 65 | serverAddress: {{ .Values.polaris.server.address }} 66 | # 北极星服务端token(北极星开启鉴权时需要配置) 67 | accessToken: {{ .Values.polaris.server.token }} 68 | # 北极星主账户ID 69 | operator: {{ .Values.polaris.server.operator }} 70 | # k8s cluster name 71 | clusterName: "{{ .Values.cluster.name }}" 72 | # polaris-sidecar 注入的默认启动模式, 可以配置 java-agent, mesh 或者 dns 73 | sidecarInject: 74 | mode: "{{ .Values.sidecar.mode }}" 75 | # service sync 76 | serviceSync: 77 | mode: {{ .Values.polaris.sync.service.mode }} 78 | configSync: 79 | enable: {{ .Values.polaris.sync.config.enable }} 80 | allowDelete: {{ .Values.polaris.sync.config.allowDelete }} 81 | # 配置同步方向: kubernetesToPolaris|polarisToKubernetes|both 82 | syncDirection: {{ .Values.polaris.sync.config.direction }} 83 | defaultGroup: {{ .Values.polaris.sync.config.groupName }} 84 | defaultConfig: 85 | proxyMetadata: 86 | serverAddress: {{ .Values.polaris.server.address }} 87 | clusterName: "{{ .Values.cluster.name }}" 88 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | namespace: polaris-system 6 | labels: 7 | app: sidecar-injector 8 | spec: 9 | minAvailable: 1 10 | selector: 11 | matchLabels: 12 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 6 }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-secret-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | {{- $root := . -}} 4 | {{- range $path, $bytes := .Files.Glob "secrets/**.pem" }} 5 | {{ base $path }}: {{ $root.Files.Get $path | b64enc }} 6 | {{- end }} 7 | kind: Secret 8 | metadata: 9 | name: {{ include "polaris-controller.controller.fullname" . }} 10 | namespace: polaris-system 11 | type: Opaque -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-service-injector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.controller.webhook.service }} 5 | namespace: polaris-system 6 | labels: 7 | app: sidecar-injector 8 | spec: 9 | ports: 10 | - port: {{ .Values.sidecar.port }} 11 | targetPort: 9443 12 | selector: 13 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 4 }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-service-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "{{ default 80 .Values.controller.metrics.port }}" 6 | prometheus.io/scrape: "true" 7 | labels: 8 | k8s-app: polaris-controller 9 | name: {{ include "polaris-controller.controller.fullname" . }}-metrics 10 | namespace: polaris-system 11 | spec: 12 | ports: 13 | - port: {{ default 80 .Values.controller.metrics.port }} 14 | protocol: TCP 15 | targetPort: {{ default 80 .Values.controller.metrics.port }} 16 | selector: 17 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 4 }} 18 | sessionAffinity: None 19 | type: {{ .Values.controller.metrics.type }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | namespace: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/templates/controller-statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | labels: 5 | {{- include "polaris-controller.controller.labels" . | nindent 4 }} 6 | name: {{ include "polaris-controller.controller.fullname" . }} 7 | namespace: polaris-system 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 10 11 | serviceName: polaris-controller 12 | selector: 13 | matchLabels: 14 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 6 }} 15 | updateStrategy: 16 | rollingUpdate: 17 | partition: 0 18 | template: 19 | metadata: 20 | labels: 21 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 8 }} 22 | spec: 23 | containers: 24 | - name: polaris-controller 25 | image: {{ template "polaris-controller.controller.image" . }} 26 | command: ["./polaris-controller"] 27 | args: ["--min-resync-period=60s", 28 | "--leader-elect-namespace=polaris-system", 29 | "--concurrency-polaris-size=100", 30 | "--leader-elect=true" 31 | ] 32 | env: 33 | - name: POD_NAMESPACE 34 | valueFrom: 35 | fieldRef: 36 | fieldPath: metadata.namespace 37 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} 38 | resources: 39 | limits: 40 | cpu: {{ .Values.controller.limit.cpu }} 41 | memory: {{ .Values.controller.limit.memory }} 42 | volumeMounts: 43 | - mountPath: /polaris-controller/log 44 | name: logs 45 | - name: certs 46 | mountPath: /etc/polaris-inject/certs 47 | readOnly: true 48 | - name: inject-config 49 | mountPath: /etc/polaris-inject/inject 50 | readOnly: true 51 | - name: config-volume 52 | mountPath: /etc/polaris-inject/config 53 | readOnly: true 54 | dnsPolicy: ClusterFirst 55 | restartPolicy: Always 56 | schedulerName: default-scheduler 57 | terminationGracePeriodSeconds: 30 58 | serviceAccountName: {{ include "polaris-controller.controller.fullname" . }} 59 | volumes: 60 | - name: certs 61 | secret: 62 | secretName: {{ include "polaris-controller.controller.fullname" . }} 63 | - name: inject-config 64 | configMap: 65 | name: {{ include "polaris-controller.controller.fullname" . }}-sidecar 66 | items: 67 | - key: mesh-config 68 | path: mesh-config 69 | - key: dns-config 70 | path: dns-config 71 | - key: java-agent-config 72 | path: java-agent-config 73 | - key: values 74 | path: values 75 | - name: config-volume 76 | configMap: 77 | name: {{ include "polaris-controller.controller.fullname" . }}-mesh 78 | - hostPath: 79 | path: /data/polaris-controller/log 80 | type: "DirectoryOrCreate" 81 | name: logs -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/helm/values.yaml: -------------------------------------------------------------------------------- 1 | ## polaris controller 2 | ## Ref:https://github.com/polarismesh/polaris-controller/blob/main/README.md 3 | 4 | ## Overrides for generated resource names 5 | # See templates/_helpers.tpl 6 | # nameOverride: 7 | # fullnameOverride: 8 | 9 | ## cluster name register in polaris server 10 | cluster: 11 | name: default 12 | 13 | ## sidecar config for controller injector 14 | sidecar: 15 | port: 443 16 | mode: mesh 17 | image: 18 | repo: polarismesh/polaris-sidecar 19 | tag: #SIDECAR_VERSION# 20 | pullPolicy: Always 21 | init: 22 | image: 23 | repo: polarismesh/polaris-sidecar-init 24 | tag: #CONTROLLER_VERSION# 25 | pullPolicy: Always 26 | envoy: 27 | image: 28 | repo: envoyproxy/envoy 29 | tag: #ENVOY_VERSION# 30 | envoy_builder: 31 | image: 32 | repo: polarismesh/polaris-envoy-bootstrap-generator 33 | tag: #CONTROLLER_VERSION# 34 | javaagent: 35 | image: 36 | repo: polarismesh/polaris-javaagent-init 37 | tag: #JAVA_AGENT_INIT# 38 | pullPolicy: Always 39 | 40 | ## polaris server config 41 | polaris: 42 | server: 43 | address: #POLARIS_HOST# 44 | token: #POLARIS_TOKEN# 45 | operator: #POLARIS_OPERATOR# 46 | sync: 47 | service: 48 | mode: all 49 | config: 50 | enable: true 51 | direction: both 52 | groupName: default 53 | allowDelete: false 54 | 55 | 56 | ## polaris controller config 57 | controller: 58 | name: polaris-controller 59 | webhook: 60 | host: polaris.tencent.com 61 | service: polaris-sidecar-injector 62 | image: 63 | repo: polarismesh/polaris-controller 64 | tag: #CONTROLLER_VERSION# 65 | pullPolicy: IfNotPresent 66 | limit: 67 | cpu: 2 68 | memory: 2Gi 69 | metrics: 70 | port: 80 71 | type: ClusterIP 72 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: polaris-controller-config 5 | namespace: polaris-system 6 | data: 7 | mesh: |- 8 | logger: 9 | default: 10 | rotateOutputPath: logs/polaris-default.log 11 | errorRotateOutputPath: logs/polaris-default-error.log 12 | rotationMaxSize: 100 13 | rotationMaxBackups: 10 14 | rotationMaxAge: 7 15 | outputLevel: info 16 | outputPaths: 17 | - stdout 18 | errorOutputPaths: 19 | - stderr 20 | synccm: 21 | rotateOutputPath: logs/polaris-synccm.log 22 | errorRotateOutputPath: logs/polaris-synccm-error.log 23 | rotationMaxSize: 100 24 | rotationMaxBackups: 10 25 | rotationMaxAge: 7 26 | outputLevel: info 27 | outputPaths: 28 | - stdout 29 | errorOutputPaths: 30 | - stderr 31 | syncnaming: 32 | rotateOutputPath: logs/polaris-syncnaming.log 33 | errorRotateOutputPath: logs/polaris-syncnaming-error.log 34 | rotationMaxSize: 100 35 | rotationMaxBackups: 10 36 | rotationMaxAge: 7 37 | outputLevel: info 38 | outputPaths: 39 | - stdout 40 | errorOutputPaths: 41 | - stderr 42 | syncconfig: 43 | rotateOutputPath: logs/polaris-syncconfig.log 44 | errorRotateOutputPath: logs/polaris-syncconfig-error.log 45 | rotationMaxSize: 100 46 | rotationMaxBackups: 10 47 | rotationMaxAge: 7 48 | outputLevel: info 49 | outputPaths: 50 | - stdout 51 | errorOutputPaths: 52 | - stderr 53 | inject: 54 | rotateOutputPath: logs/polaris-inject.log 55 | errorRotateOutputPath: logs/polaris-inject-error.log 56 | rotationMaxSize: 100 57 | rotationMaxBackups: 10 58 | rotationMaxAge: 7 59 | outputLevel: info 60 | outputPaths: 61 | - stdout 62 | errorOutputPaths: 63 | - stderr 64 | # 北极星服务端地址 65 | serverAddress: #POLARIS_HOST# 66 | # 北极星服务端token(北极星开启鉴权时需要配置) 67 | accessToken: "#POLARIS_TOKEN#" 68 | # 北极星主账户ID 69 | operator: #POLARIS_OPERATOR# 70 | # k8s cluster name 71 | clusterName: "#CLUSTER_NAME#" 72 | # polaris-sidecar 注入的默认启动模式, 可以配置 java-agent, mesh 或者 dns 73 | sidecarInject: 74 | mode: "" 75 | # service sync 76 | serviceSync: 77 | mode: #SYNC_MODE# 78 | configSync: 79 | enable: false 80 | allowDelete: false 81 | syncDirection: both 82 | defaultGroup: "#CLUSTER_NAME#" 83 | defaultConfig: 84 | proxyMetadata: 85 | serverAddress: #POLARIS_HOST# 86 | clusterName: #CLUSTER_NAME# 87 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # preprocess the variables 6 | 7 | function replaceVar() { 8 | for file in $(ls *.yaml); do 9 | key="#$1#" 10 | echo "process replace file $file, key $key, value $2" 11 | if [ "$(uname)" == "Darwin" ]; then 12 | sed -i "" "s?$key?$2?g" $file 13 | else 14 | sed -i "s?$key?$2?g" $file 15 | fi 16 | done 17 | } 18 | 19 | varFile="variables.txt" 20 | if [ ! -f "$varFile" ]; then 21 | echo "variables.txt not exists" 22 | exit 1 23 | fi 24 | 25 | export -f replaceVar 26 | 27 | cat $varFile | awk -F ':' '{print "replaceVar", $1, $2}' | "/bin/bash" 28 | 29 | kubectl apply -f namespace.yaml 30 | kubectl create secret generic polaris-sidecar-injector -n polaris-system \ 31 | --from-file=secrets/key.pem \ 32 | --from-file=secrets/cert.pem \ 33 | --from-file=secrets/ca-cert.pem 34 | 35 | kubectl apply -f rbac.yaml 36 | kubectl apply -f polaris-client-config-tpl.yaml 37 | kubectl apply -f configmap.yaml 38 | kubectl apply -f injector.yaml 39 | kubectl apply -f javaagent-configmap.yaml 40 | kubectl apply -f polaris-metrics-svc.yaml 41 | kubectl apply -f polaris-controller.yaml 42 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/polaris-client-config-tpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: polaris-client-config-tpl 5 | namespace: polaris-system 6 | data: 7 | polaris.yaml: |- 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | namespace: {{ .Namespace }} 12 | name: {{ .Name }} 13 | data: 14 | polaris.yaml: |- 15 | global: 16 | serverConnector: 17 | addresses: 18 | - {{ .PolarisServer }} 19 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/polaris-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | labels: 5 | qcloud-app: polaris-controller 6 | name: polaris-controller 7 | namespace: polaris-system 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 10 11 | serviceName: polaris-controller 12 | selector: 13 | matchLabels: 14 | k8s-app: polaris-controller 15 | updateStrategy: 16 | rollingUpdate: 17 | partition: 0 18 | type: RollingUpdate 19 | template: 20 | metadata: 21 | labels: 22 | k8s-app: polaris-controller 23 | app: sidecar-injector 24 | spec: 25 | containers: 26 | - name: polaris-controller 27 | image: polarismesh/polaris-controller:#CONTROLLER_VERSION# 28 | command: ["./polaris-controller"] 29 | args: ["--min-resync-period=60s", 30 | "--leader-elect-namespace=polaris-system", 31 | "--concurrency-polaris-size=100", 32 | "--leader-elect=true" 33 | ] 34 | env: 35 | - name: POD_NAMESPACE 36 | valueFrom: 37 | fieldRef: 38 | fieldPath: metadata.namespace 39 | imagePullPolicy: Always 40 | volumeMounts: 41 | - mountPath: /polaris-controller/logs 42 | name: logs 43 | - name: certs 44 | mountPath: /etc/polaris-inject/certs 45 | readOnly: true 46 | - name: inject-config 47 | mountPath: /etc/polaris-inject/inject 48 | readOnly: true 49 | - name: config-volume 50 | mountPath: /etc/polaris-inject/config 51 | readOnly: true 52 | dnsPolicy: ClusterFirst 53 | restartPolicy: Always 54 | schedulerName: default-scheduler 55 | terminationGracePeriodSeconds: 30 56 | serviceAccountName: polaris-controller 57 | volumes: 58 | - name: certs 59 | secret: 60 | secretName: polaris-sidecar-injector 61 | - name: inject-config 62 | configMap: 63 | name: polaris-sidecar-injector 64 | items: 65 | - key: mesh-config 66 | path: mesh-config 67 | - key: dns-config 68 | path: dns-config 69 | - key: java-agent-config 70 | path: java-agent-config 71 | - key: values 72 | path: values 73 | - name: config-volume 74 | configMap: 75 | name: polaris-controller-config 76 | - hostPath: 77 | path: /data/polaris-controller/logs 78 | type: "DirectoryOrCreate" 79 | name: logs -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/polaris-metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "80" 6 | prometheus.io/scrape: "true" 7 | labels: 8 | k8s-app: polaris-controller 9 | name: polaris-controller-metrics 10 | namespace: polaris-system 11 | spec: 12 | ports: 13 | - port: 80 14 | protocol: TCP 15 | targetPort: 80 16 | selector: 17 | k8s-app: polaris-controller 18 | sessionAffinity: None 19 | type: ClusterIP 20 | status: 21 | loadBalancer: {} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: polaris-controller 5 | namespace: polaris-system 6 | --- 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1beta1 9 | kind: ClusterRole 10 | metadata: 11 | name: polaris-controller 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - services 17 | - namespaces 18 | - pods 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - events 27 | - configmaps 28 | - endpoints 29 | verbs: 30 | - create 31 | - update 32 | - get 33 | - list 34 | - watch 35 | - apiGroups: 36 | - "coordination.k8s.io" 37 | resources: 38 | - leases 39 | verbs: 40 | - create 41 | - get 42 | - list 43 | - update 44 | --- 45 | 46 | apiVersion: rbac.authorization.k8s.io/v1beta1 47 | kind: ClusterRoleBinding 48 | metadata: 49 | name: polaris-controller 50 | roleRef: 51 | apiGroup: rbac.authorization.k8s.io 52 | kind: ClusterRole 53 | name: polaris-controller 54 | subjects: 55 | - kind: ServiceAccount 56 | name: polaris-controller 57 | namespace: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/secrets/ca-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/secrets/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.21/kubernetes/secrets/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy2WvO+nQbXwUb 3 | q2SuovhNxCvEGxGfnoZnuXGosZYw6TUR7aq6G+uGtW1kkHdUgf9nqplm3FVnJ/00 4 | zzfV1Bu25eC0YnVQSl/Ne8xglxfpKY5tzcwJcRg/spssSMoVylPfqe04vSMzRLDu 5 | DiV2QZ2/VrF3usWyOxnkBfWLgb/rcwi+UbX3W0ZC03esmsOlVy1g6dZEBPAmQ7B/ 6 | XUn5QMhwUfmf+Y6NJtrd0sW+eTozl6fFOnsJk38OrVKuYMH3qXF3DUIlDK6MWLbs 7 | tS4F3gO7P9Fgce/lUDmMhR4mQAeFlnRyOSgR8WIhz+3HMomv9x9Aol1Pmm8LeMvS 8 | +L3kdLfX3P5r1kDOYT3Dl6cOSHjZT6NHTqIAjLTI4vdCwBCnSwEms5Qjh7LkI+ht 9 | 4sejfsOPnP1C2qhkwz4OvhuD/ckBGObguOGGIyB5XAV6xhdE0CSxS96sb7uVfomq 10 | rrP4n6xvXnLa3MirOVdxgx4grTsHKC49uS5oXNcdBqDk32fu0z+euK92O6lGqgcF 11 | 19XQ4zdAwJkmOVJpi4WoJvZjqqmfDqFnAuq0A1AaZpmjOdUxHckNJbAbB+TgaI2b 12 | kXchZzMtV8EReTM7ZDKIBbyWoYO11ENgO0gIh6oiAXD9nuieO09Uo5CvOSadTFRJ 13 | zumh1ahqKQaJkfwO9EkUysY70J7z/wIDAQABAoICAQCeEAl3o2F5z0B0c8VHkkBg 14 | ej8z0biBmViv0vTgYhKap4B/l8yLLqG5LB7CAet0hG907xEkFxZjVLQzN+/gytSz 15 | j/ZHdby4eQKyV/cIZoB7UH7QDFGHBqynnvIE8U+ocmguA7/jpUS2yr6TpWz2VodT 16 | 0wqFBkwyeIkpPRsFcGZtb/0KNqzbL4+o/7uEkELYnXM9c2wqMTMMnkYeShRWdSqw 17 | GcLD34pctTo5UU3ySLFnZ2CerlCO5gwkrImmE11ZxCbDULRkihC5eK4yBO3nwY8K 18 | rhwdYJTj1UMHLZ63r172cUH4sQr40Jwpxdofckq9eWnldZmCALqjKN76VVt9zKms 19 | YSlY4Xo9AR3spgq/HepRyeu2FQE5XxXoRoxA0xa+SapR0FoirgzvscmmngTYmqy3 20 | tFw+wLc9KMYw6gCyjiSzuAWPZ0lEQ2NSgoKmwLMoLlKWxvAjywwimP+IjfTaRcEt 21 | ELaONDhNsXWk0s+WBUZ8ul7UaH7DT9v7fWndSftYE6Rt0Q39CCesXZflnay7g7+M 22 | mTEgbG4ZDdiyy5C6dPi6lJNYfnLmM7X/1l1TWaeH/n1E/n1h+T4vJgTQfitn3upV 23 | BWuC5X3HSmHXJI07XirT4EI0RslFkbyE55BgRnp46drPg/rhbzAwiuC1SmdZ5i78 24 | ryzsb5fQNS1VTiYRb/0yAQKCAQEA7TIj5GMTA05mePgHiBRqXGrHtEmXAISkiEHC 25 | P8T83uvzb0RXMPObrw6WHvR5fHcUU87Feyf70s1NUUZLVdXJNvbIQsK/P8ZBN3YI 26 | sxrX9xbrGZDBo4MFEeJGHOE9jRyeGSulTTKCNROjLjhPx83igFlXMwkaokMSVl31 27 | f2pMrcfTpq0/yI75HIJEqR34u1wWBOyq9OoS9RWpJKhsyKfRemu8fzQSNGgP+DIj 28 | PYkYf577WQBUrDgjGgM59NreGwT6loDDwtNaRMei6MvOJKgT4DkBt3eiVize/Gzn 29 | IL+XPBxuI7pqXPWz0nsmSshdt6vS22j7+J+a/glZ5l0DqPMzpQKCAQEAwQclGoPt 30 | LFAv17h61SRLE8MbLgsf25uZ51j4TP3Mga8+mvWeei3BP7NDpaXyJMkltkhJwx36 31 | wpmomif6E1bIBVOiTiBIGudGr1t/WrijS1uKriwRAcFF3V6L1E9MxqFp8WPs9NOJ 32 | AkUfMifT6mRdgl7gjSH/l10dPvJ7KvwRiDS+9ArrY/LAYD102ldF+p5G6TnyOeCI 33 | 9PriR09aJWMvHH4qS18P9UCij+/xdRtLFYNxJX+K/wh+ocImMfxFg9NzCfJ6DF1r 34 | IO7ZNEIcBrsp91ZfCnjv1UN0pU+UjZmdCrWd8qMvvdiD8kacHME2MlBzPrjeqFWq 35 | N1ISCXzhf5Rn0wKCAQAmOC4QXuZxYfChDVYpVyDMQ2hqZHEwZC8exXnHTLZyNRLE 36 | mv5xpM8xJeiKlFn+9DEST/8CGS86iFos/malLg1+DcW2/CpU3F0l0p8UPP8PkWHQ 37 | fMK21iW6+/rQLHr+gd33sFCyX7EbXE6u4+P3DfWxOLQURSNFggkyYXFtVnOEjO5N 38 | rRzZ9C+vqE3n8ixiBDSIFpp1XEIxu4vFnF3q9x+J2lJFLN7CEwJ/u5RyFeUcq0FU 39 | 1fjOxzzgtCRij+G5+NNn7NeeTO/+pSxa1nwg6/RH7OeZ6Gz/9br4cZPMcxKrXOli 40 | WGdLE0wmXjGNWzu+nLEdKY1wQkd3J4qU0+gDES0BAoIBAGNsJrRNl2/nrXzTTJFU 41 | LEd1ix5gJHyc3NzIerxNTXTOqtRuBr6vqoYA86rympJP+Ni2yydw3aQ2OR2N0cT8 42 | QfJcbZEIF5uj3EiePC6iQ5mhAQFNOUVKI44uEJ++aLE2mrb23SoNethsefD/iquE 43 | HpX0AH0xMdDo6RNvGfm989nQMTrKFQxaELSBcxqzMRwxQh0G97jP6jskrkBEow32 44 | 1GE8qtQ/lpygOhshX6EN+dKO7Ux/MTzDR1ZSBhJg+f04gFxzRGHyDCfeXooIMx9U 45 | b/0xw6pFOGMEZ6RuJPn6UWUevsgnPYPvbabwr6Av9JZd0b5Qwn66AP6ViyzP4eYw 46 | rnkCggEAQo7nkZnFqzF2qk7vZ7mfDXLdsCHxNuKBRPvOe0/jHTgREPgI2yecTPBn 47 | XMJvKufyzoa0zALKNaA1Ljm/8/HhjX2abTYRVO9BS9aJN0F+u3t4Sf6+8ZICgmmo 48 | rkRt3vRmFFGr935veMk7yx18/ezstkK3LLuFZFII55XhO+LBaezsVCtPCESU7Vqs 49 | K2V0Ab+9qNC4xNGCFZXRmmyzFSwsuJ3zCKygb3J8HG4sp1R4q+EqN3C++y9CGbgm 50 | YSog19R5+7P8qOopC8cod8jWuMsAsLwoSGc0L0+G2dIqgR0wSGE8P3VLqq3UN9hx 51 | QYNToXs8PwtyNIbvckrJQvbqO8WoBA== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | See full changelog: https://github.com/polarismesh/polaris-controller/releases -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v1.3.0 3 | description: Polaris controller for Kubernetes is used to synchronize endpoints to polaris and inject sidecars into business pods 4 | home: https://github.com/polarismesh/polaris-controller 5 | icon: https://avatars.githubusercontent.com/u/85474408?s=200&v=4 6 | keywords: 7 | - controller 8 | - polaris 9 | maintainers: 10 | - name: jlongzhou@tencent.com 11 | name: polaris-controller 12 | sources: 13 | - https://github.com/polarismesh/polaris-controller 14 | version: 1.3.0 15 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/secrets/ca-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/secrets/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/secrets/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy2WvO+nQbXwUb 3 | q2SuovhNxCvEGxGfnoZnuXGosZYw6TUR7aq6G+uGtW1kkHdUgf9nqplm3FVnJ/00 4 | zzfV1Bu25eC0YnVQSl/Ne8xglxfpKY5tzcwJcRg/spssSMoVylPfqe04vSMzRLDu 5 | DiV2QZ2/VrF3usWyOxnkBfWLgb/rcwi+UbX3W0ZC03esmsOlVy1g6dZEBPAmQ7B/ 6 | XUn5QMhwUfmf+Y6NJtrd0sW+eTozl6fFOnsJk38OrVKuYMH3qXF3DUIlDK6MWLbs 7 | tS4F3gO7P9Fgce/lUDmMhR4mQAeFlnRyOSgR8WIhz+3HMomv9x9Aol1Pmm8LeMvS 8 | +L3kdLfX3P5r1kDOYT3Dl6cOSHjZT6NHTqIAjLTI4vdCwBCnSwEms5Qjh7LkI+ht 9 | 4sejfsOPnP1C2qhkwz4OvhuD/ckBGObguOGGIyB5XAV6xhdE0CSxS96sb7uVfomq 10 | rrP4n6xvXnLa3MirOVdxgx4grTsHKC49uS5oXNcdBqDk32fu0z+euK92O6lGqgcF 11 | 19XQ4zdAwJkmOVJpi4WoJvZjqqmfDqFnAuq0A1AaZpmjOdUxHckNJbAbB+TgaI2b 12 | kXchZzMtV8EReTM7ZDKIBbyWoYO11ENgO0gIh6oiAXD9nuieO09Uo5CvOSadTFRJ 13 | zumh1ahqKQaJkfwO9EkUysY70J7z/wIDAQABAoICAQCeEAl3o2F5z0B0c8VHkkBg 14 | ej8z0biBmViv0vTgYhKap4B/l8yLLqG5LB7CAet0hG907xEkFxZjVLQzN+/gytSz 15 | j/ZHdby4eQKyV/cIZoB7UH7QDFGHBqynnvIE8U+ocmguA7/jpUS2yr6TpWz2VodT 16 | 0wqFBkwyeIkpPRsFcGZtb/0KNqzbL4+o/7uEkELYnXM9c2wqMTMMnkYeShRWdSqw 17 | GcLD34pctTo5UU3ySLFnZ2CerlCO5gwkrImmE11ZxCbDULRkihC5eK4yBO3nwY8K 18 | rhwdYJTj1UMHLZ63r172cUH4sQr40Jwpxdofckq9eWnldZmCALqjKN76VVt9zKms 19 | YSlY4Xo9AR3spgq/HepRyeu2FQE5XxXoRoxA0xa+SapR0FoirgzvscmmngTYmqy3 20 | tFw+wLc9KMYw6gCyjiSzuAWPZ0lEQ2NSgoKmwLMoLlKWxvAjywwimP+IjfTaRcEt 21 | ELaONDhNsXWk0s+WBUZ8ul7UaH7DT9v7fWndSftYE6Rt0Q39CCesXZflnay7g7+M 22 | mTEgbG4ZDdiyy5C6dPi6lJNYfnLmM7X/1l1TWaeH/n1E/n1h+T4vJgTQfitn3upV 23 | BWuC5X3HSmHXJI07XirT4EI0RslFkbyE55BgRnp46drPg/rhbzAwiuC1SmdZ5i78 24 | ryzsb5fQNS1VTiYRb/0yAQKCAQEA7TIj5GMTA05mePgHiBRqXGrHtEmXAISkiEHC 25 | P8T83uvzb0RXMPObrw6WHvR5fHcUU87Feyf70s1NUUZLVdXJNvbIQsK/P8ZBN3YI 26 | sxrX9xbrGZDBo4MFEeJGHOE9jRyeGSulTTKCNROjLjhPx83igFlXMwkaokMSVl31 27 | f2pMrcfTpq0/yI75HIJEqR34u1wWBOyq9OoS9RWpJKhsyKfRemu8fzQSNGgP+DIj 28 | PYkYf577WQBUrDgjGgM59NreGwT6loDDwtNaRMei6MvOJKgT4DkBt3eiVize/Gzn 29 | IL+XPBxuI7pqXPWz0nsmSshdt6vS22j7+J+a/glZ5l0DqPMzpQKCAQEAwQclGoPt 30 | LFAv17h61SRLE8MbLgsf25uZ51j4TP3Mga8+mvWeei3BP7NDpaXyJMkltkhJwx36 31 | wpmomif6E1bIBVOiTiBIGudGr1t/WrijS1uKriwRAcFF3V6L1E9MxqFp8WPs9NOJ 32 | AkUfMifT6mRdgl7gjSH/l10dPvJ7KvwRiDS+9ArrY/LAYD102ldF+p5G6TnyOeCI 33 | 9PriR09aJWMvHH4qS18P9UCij+/xdRtLFYNxJX+K/wh+ocImMfxFg9NzCfJ6DF1r 34 | IO7ZNEIcBrsp91ZfCnjv1UN0pU+UjZmdCrWd8qMvvdiD8kacHME2MlBzPrjeqFWq 35 | N1ISCXzhf5Rn0wKCAQAmOC4QXuZxYfChDVYpVyDMQ2hqZHEwZC8exXnHTLZyNRLE 36 | mv5xpM8xJeiKlFn+9DEST/8CGS86iFos/malLg1+DcW2/CpU3F0l0p8UPP8PkWHQ 37 | fMK21iW6+/rQLHr+gd33sFCyX7EbXE6u4+P3DfWxOLQURSNFggkyYXFtVnOEjO5N 38 | rRzZ9C+vqE3n8ixiBDSIFpp1XEIxu4vFnF3q9x+J2lJFLN7CEwJ/u5RyFeUcq0FU 39 | 1fjOxzzgtCRij+G5+NNn7NeeTO/+pSxa1nwg6/RH7OeZ6Gz/9br4cZPMcxKrXOli 40 | WGdLE0wmXjGNWzu+nLEdKY1wQkd3J4qU0+gDES0BAoIBAGNsJrRNl2/nrXzTTJFU 41 | LEd1ix5gJHyc3NzIerxNTXTOqtRuBr6vqoYA86rympJP+Ni2yydw3aQ2OR2N0cT8 42 | QfJcbZEIF5uj3EiePC6iQ5mhAQFNOUVKI44uEJ++aLE2mrb23SoNethsefD/iquE 43 | HpX0AH0xMdDo6RNvGfm989nQMTrKFQxaELSBcxqzMRwxQh0G97jP6jskrkBEow32 44 | 1GE8qtQ/lpygOhshX6EN+dKO7Ux/MTzDR1ZSBhJg+f04gFxzRGHyDCfeXooIMx9U 45 | b/0xw6pFOGMEZ6RuJPn6UWUevsgnPYPvbabwr6Av9JZd0b5Qwn66AP6ViyzP4eYw 46 | rnkCggEAQo7nkZnFqzF2qk7vZ7mfDXLdsCHxNuKBRPvOe0/jHTgREPgI2yecTPBn 47 | XMJvKufyzoa0zALKNaA1Ljm/8/HhjX2abTYRVO9BS9aJN0F+u3t4Sf6+8ZICgmmo 48 | rkRt3vRmFFGr935veMk7yx18/ezstkK3LLuFZFII55XhO+LBaezsVCtPCESU7Vqs 49 | K2V0Ab+9qNC4xNGCFZXRmmyzFSwsuJ3zCKygb3J8HG4sp1R4q+EqN3C++y9CGbgm 50 | YSog19R5+7P8qOopC8cod8jWuMsAsLwoSGc0L0+G2dIqgR0wSGE8P3VLqq3UN9hx 51 | QYNToXs8PwtyNIbvckrJQvbqO8WoBA== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The polaris controller has been installed. 2 | Visit http://{{ .Values.polaris.server.address }}:8080 to access polaris console via HTTP. -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "polaris-controller.name" -}} 6 | {{- default .Chart.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | 10 | {{/* 11 | Polaris controller deployment labels 12 | */}} 13 | {{- define "polaris-controller.controller.labels" -}} 14 | qcloud-app: polaris-controller 15 | {{- if .Chart.AppVersion }} 16 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 17 | {{- end }} 18 | app.kubernetes.io/managed-by: {{ .Release.Service }} 19 | {{- end -}} 20 | 21 | 22 | {{/* 23 | Get specific image for controller 24 | */}} 25 | {{- define "polaris-controller.controller.image" -}} 26 | {{- printf "%s:%s" .Values.controller.image.repo .Values.controller.image.tag -}} 27 | {{- end -}} 28 | 29 | {{/* 30 | Get specific image for sidecar 31 | */}} 32 | {{- define "polaris-controller.sidecar.image" -}} 33 | {{- printf "%s:%s" .Values.sidecar.image.repo .Values.sidecar.image.tag -}} 34 | {{- end -}} 35 | 36 | 37 | {{/* 38 | Get specific image for sidecar init container 39 | */}} 40 | {{- define "polaris-controller.sidecar.init.image" -}} 41 | {{- printf "%s:%s" .Values.sidecar.init.image.repo .Values.sidecar.init.image.tag -}} 42 | {{- end -}} 43 | 44 | {{/* 45 | Get specific image for sidecar init container 46 | */}} 47 | {{- define "polaris-controller.sidecar.envoy.image" -}} 48 | {{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}} 49 | {{- end -}} 50 | 51 | {{/* 52 | Get specific image for javaagent init container 53 | */}} 54 | {{- define "polaris-controller.sidecar.javaagent.image" -}} 55 | {{- printf "%s:%s" .Values.sidecar.javaagent.image.repo .Values.sidecar.javaagent.image.tag -}} 56 | {{- end -}} 57 | 58 | {{/* 59 | Get specific image for sidecar init container 60 | */}} 61 | {{- define "polaris-controller.sidecar.envoy_init.image" -}} 62 | {{- printf "%s:%s" .Values.sidecar.envoy_builder.image.repo .Values.sidecar.envoy_builder.image.tag -}} 63 | {{- end -}} 64 | 65 | {{/* 66 | Get specific image for sidecar init container 67 | */}} 68 | {{- define "polaris-controller.sidecar.istio.image" -}} 69 | {{- printf "%s:%s" .Values.sidecar.istio.image.repo .Values.sidecar.istio.image.tag -}} 70 | {{- end -}} 71 | 72 | 73 | {{/* 74 | Create a default fully qualified controller name. 75 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 76 | */}} 77 | {{- define "polaris-controller.controller.fullname" -}} 78 | {{- printf "%s-%s" .Release.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}} 79 | {{- end -}} 80 | 81 | 82 | {{/* 83 | Selector labels 84 | */}} 85 | {{- define "polaris-controller.controller.selectorLabels" -}} 86 | app.kubernetes.io/name: {{ include "polaris-controller.name" . }} 87 | app.kubernetes.io/instance: {{ .Release.Name }} 88 | app: sidecar-injector 89 | {{- end -}} 90 | 91 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - services 10 | - namespaces 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - events 20 | - configmaps 21 | - endpoints 22 | verbs: 23 | - create 24 | - update 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - "coordination.k8s.io" 30 | resources: 31 | - leases 32 | verbs: 33 | - create 34 | - get 35 | - list 36 | - update -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ include "polaris-controller.controller.fullname" . }} 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ include "polaris-controller.controller.fullname" . }} 12 | namespace: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-configmap-client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }}-tpl 5 | namespace: polaris-system 6 | data: 7 | polaris.yaml: |- 8 | {{ include "configmap-client.config_tpl" . | nindent 4 }} 9 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-configmap-mesh.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }}-mesh 5 | namespace: polaris-system 6 | data: 7 | mesh: |- 8 | logger: 9 | default: 10 | rotateOutputPath: logs/polaris-default.log 11 | errorRotateOutputPath: logs/polaris-default-error.log 12 | rotationMaxSize: 100 13 | rotationMaxBackups: 10 14 | rotationMaxAge: 7 15 | outputLevel: info 16 | outputPaths: 17 | - stdout 18 | errorOutputPaths: 19 | - stderr 20 | synccm: 21 | rotateOutputPath: logs/polaris-synccm.log 22 | errorRotateOutputPath: logs/polaris-synccm-error.log 23 | rotationMaxSize: 100 24 | rotationMaxBackups: 10 25 | rotationMaxAge: 7 26 | outputLevel: info 27 | outputPaths: 28 | - stdout 29 | errorOutputPaths: 30 | - stderr 31 | syncnaming: 32 | rotateOutputPath: logs/polaris-syncnaming.log 33 | errorRotateOutputPath: logs/polaris-syncnaming-error.log 34 | rotationMaxSize: 100 35 | rotationMaxBackups: 10 36 | rotationMaxAge: 7 37 | outputLevel: info 38 | outputPaths: 39 | - stdout 40 | errorOutputPaths: 41 | - stderr 42 | syncconfig: 43 | rotateOutputPath: logs/polaris-syncconfig.log 44 | errorRotateOutputPath: logs/polaris-syncconfig-error.log 45 | rotationMaxSize: 100 46 | rotationMaxBackups: 10 47 | rotationMaxAge: 7 48 | outputLevel: info 49 | outputPaths: 50 | - stdout 51 | errorOutputPaths: 52 | - stderr 53 | inject: 54 | rotateOutputPath: logs/polaris-inject.log 55 | errorRotateOutputPath: logs/polaris-inject-error.log 56 | rotationMaxSize: 100 57 | rotationMaxBackups: 10 58 | rotationMaxAge: 7 59 | outputLevel: info 60 | outputPaths: 61 | - stdout 62 | errorOutputPaths: 63 | - stderr 64 | # 北极星服务端地址 65 | serverAddress: {{ .Values.polaris.server.address }} 66 | # 北极星服务端token(北极星开启鉴权时需要配置) 67 | accessToken: {{ .Values.polaris.server.token }} 68 | # 北极星主账户ID 69 | operator: {{ .Values.polaris.server.operator }} 70 | # k8s cluster name 71 | clusterName: "{{ .Values.cluster.name }}" 72 | # polaris-sidecar 注入的默认启动模式, 可以配置 java-agent, mesh 或者 dns 73 | sidecarInject: 74 | mode: "{{ .Values.sidecar.mode }}" 75 | # service sync 76 | serviceSync: 77 | mode: {{ .Values.polaris.sync.service.mode }} 78 | configSync: 79 | enable: {{ .Values.polaris.sync.config.enable }} 80 | allowDelete: {{ .Values.polaris.sync.config.allowDelete }} 81 | # 配置同步方向: kubernetesToPolaris|polarisToKubernetes|both 82 | syncDirection: {{ .Values.polaris.sync.config.direction }} 83 | defaultGroup: {{ .Values.polaris.sync.config.groupName }} 84 | defaultConfig: 85 | proxyMetadata: 86 | serverAddress: {{ .Values.polaris.server.address }} 87 | clusterName: "{{ .Values.cluster.name }}" 88 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | namespace: polaris-system 6 | labels: 7 | app: sidecar-injector 8 | spec: 9 | minAvailable: 1 10 | selector: 11 | matchLabels: 12 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 6 }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-secret-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | {{- $root := . -}} 4 | {{- range $path, $bytes := .Files.Glob "secrets/**.pem" }} 5 | {{ base $path }}: {{ $root.Files.Get $path | b64enc }} 6 | {{- end }} 7 | kind: Secret 8 | metadata: 9 | name: {{ include "polaris-controller.controller.fullname" . }} 10 | namespace: polaris-system 11 | type: Opaque -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-service-injector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.controller.webhook.service }} 5 | namespace: polaris-system 6 | labels: 7 | app: sidecar-injector 8 | spec: 9 | ports: 10 | - port: {{ .Values.sidecar.port }} 11 | targetPort: 9443 12 | selector: 13 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 4 }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-service-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "{{ default 80 .Values.controller.metrics.port }}" 6 | prometheus.io/scrape: "true" 7 | labels: 8 | k8s-app: polaris-controller 9 | name: {{ include "polaris-controller.controller.fullname" . }}-metrics 10 | namespace: polaris-system 11 | spec: 12 | ports: 13 | - port: {{ default 80 .Values.controller.metrics.port }} 14 | protocol: TCP 15 | targetPort: {{ default 80 .Values.controller.metrics.port }} 16 | selector: 17 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 4 }} 18 | sessionAffinity: None 19 | type: {{ .Values.controller.metrics.type }} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "polaris-controller.controller.fullname" . }} 5 | namespace: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/templates/controller-statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | labels: 5 | {{- include "polaris-controller.controller.labels" . | nindent 4 }} 6 | name: {{ include "polaris-controller.controller.fullname" . }} 7 | namespace: polaris-system 8 | spec: 9 | replicas: 1 10 | revisionHistoryLimit: 10 11 | serviceName: polaris-controller 12 | selector: 13 | matchLabels: 14 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 6 }} 15 | updateStrategy: 16 | rollingUpdate: 17 | partition: 0 18 | template: 19 | metadata: 20 | labels: 21 | {{- include "polaris-controller.controller.selectorLabels" . | nindent 8 }} 22 | spec: 23 | containers: 24 | - name: polaris-controller 25 | image: {{ template "polaris-controller.controller.image" . }} 26 | command: ["./polaris-controller"] 27 | args: ["--min-resync-period=60s", 28 | "--leader-elect-namespace=polaris-system", 29 | "--concurrency-polaris-size=100", 30 | "--leader-elect=true" 31 | ] 32 | env: 33 | - name: POD_NAMESPACE 34 | valueFrom: 35 | fieldRef: 36 | fieldPath: metadata.namespace 37 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} 38 | resources: 39 | limits: 40 | cpu: {{ .Values.controller.limit.cpu }} 41 | memory: {{ .Values.controller.limit.memory }} 42 | volumeMounts: 43 | - mountPath: /polaris-controller/log 44 | name: logs 45 | - name: certs 46 | mountPath: /etc/polaris-inject/certs 47 | readOnly: true 48 | - name: inject-config 49 | mountPath: /etc/polaris-inject/inject 50 | readOnly: true 51 | - name: config-volume 52 | mountPath: /etc/polaris-inject/config 53 | readOnly: true 54 | dnsPolicy: ClusterFirst 55 | restartPolicy: Always 56 | schedulerName: default-scheduler 57 | terminationGracePeriodSeconds: 30 58 | serviceAccountName: {{ include "polaris-controller.controller.fullname" . }} 59 | volumes: 60 | - name: certs 61 | secret: 62 | secretName: {{ include "polaris-controller.controller.fullname" . }} 63 | - name: inject-config 64 | configMap: 65 | name: {{ include "polaris-controller.controller.fullname" . }}-sidecar 66 | items: 67 | - key: mesh-config 68 | path: mesh-config 69 | - key: dns-config 70 | path: dns-config 71 | - key: java-agent-config 72 | path: java-agent-config 73 | - key: values 74 | path: values 75 | - name: config-volume 76 | configMap: 77 | name: {{ include "polaris-controller.controller.fullname" . }}-mesh 78 | - hostPath: 79 | path: /data/polaris-controller/log 80 | type: "DirectoryOrCreate" 81 | name: logs -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/helm/values.yaml: -------------------------------------------------------------------------------- 1 | ## polaris controller 2 | ## Ref:https://github.com/polarismesh/polaris-controller/blob/main/README.md 3 | 4 | ## Overrides for generated resource names 5 | # See templates/_helpers.tpl 6 | # nameOverride: 7 | # fullnameOverride: 8 | 9 | ## cluster name register in polaris server 10 | cluster: 11 | name: default 12 | 13 | ## sidecar config for controller injector 14 | sidecar: 15 | port: 443 16 | mode: mesh 17 | image: 18 | repo: polarismesh/polaris-sidecar 19 | tag: #SIDECAR_VERSION# 20 | pullPolicy: Always 21 | init: 22 | image: 23 | repo: polarismesh/polaris-sidecar-init 24 | tag: #CONTROLLER_VERSION# 25 | pullPolicy: Always 26 | envoy: 27 | image: 28 | repo: envoyproxy/envoy 29 | tag: #ENVOY_VERSION# 30 | envoy_builder: 31 | image: 32 | repo: polarismesh/polaris-envoy-bootstrap-generator 33 | tag: #CONTROLLER_VERSION# 34 | javaagent: 35 | image: 36 | repo: polarismesh/polaris-javaagent-init 37 | tag: #JAVA_AGENT_INIT# 38 | pullPolicy: Always 39 | 40 | ## polaris server config 41 | polaris: 42 | server: 43 | address: #POLARIS_HOST# 44 | token: #POLARIS_TOKEN# 45 | operator: #POLARIS_OPERATOR# 46 | sync: 47 | service: 48 | mode: all 49 | config: 50 | enable: true 51 | direction: both 52 | groupName: default 53 | allowDelete: false 54 | 55 | 56 | ## polaris controller config 57 | controller: 58 | name: polaris-controller 59 | webhook: 60 | host: polaris.tencent.com 61 | service: polaris-sidecar-injector 62 | image: 63 | repo: polarismesh/polaris-controller 64 | tag: #CONTROLLER_VERSION# 65 | pullPolicy: IfNotPresent 66 | limit: 67 | cpu: 2 68 | memory: 2Gi 69 | metrics: 70 | port: 80 71 | type: ClusterIP 72 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: polaris-controller-config 5 | namespace: polaris-system 6 | data: 7 | mesh: |- 8 | logger: 9 | default: 10 | rotateOutputPath: logs/polaris-default.log 11 | errorRotateOutputPath: logs/polaris-default-error.log 12 | rotationMaxSize: 100 13 | rotationMaxBackups: 10 14 | rotationMaxAge: 7 15 | outputLevel: info 16 | outputPaths: 17 | - stdout 18 | errorOutputPaths: 19 | - stderr 20 | synccm: 21 | rotateOutputPath: logs/polaris-synccm.log 22 | errorRotateOutputPath: logs/polaris-synccm-error.log 23 | rotationMaxSize: 100 24 | rotationMaxBackups: 10 25 | rotationMaxAge: 7 26 | outputLevel: info 27 | outputPaths: 28 | - stdout 29 | errorOutputPaths: 30 | - stderr 31 | syncnaming: 32 | rotateOutputPath: logs/polaris-syncnaming.log 33 | errorRotateOutputPath: logs/polaris-syncnaming-error.log 34 | rotationMaxSize: 100 35 | rotationMaxBackups: 10 36 | rotationMaxAge: 7 37 | outputLevel: info 38 | outputPaths: 39 | - stdout 40 | errorOutputPaths: 41 | - stderr 42 | syncconfig: 43 | rotateOutputPath: logs/polaris-syncconfig.log 44 | errorRotateOutputPath: logs/polaris-syncconfig-error.log 45 | rotationMaxSize: 100 46 | rotationMaxBackups: 10 47 | rotationMaxAge: 7 48 | outputLevel: info 49 | outputPaths: 50 | - stdout 51 | errorOutputPaths: 52 | - stderr 53 | inject: 54 | rotateOutputPath: logs/polaris-inject.log 55 | errorRotateOutputPath: logs/polaris-inject-error.log 56 | rotationMaxSize: 100 57 | rotationMaxBackups: 10 58 | rotationMaxAge: 7 59 | outputLevel: info 60 | outputPaths: 61 | - stdout 62 | errorOutputPaths: 63 | - stderr 64 | # 北极星服务端地址 65 | serverAddress: #POLARIS_HOST# 66 | # 北极星服务端token(北极星开启鉴权时需要配置) 67 | accessToken: "#POLARIS_TOKEN#" 68 | # 北极星主账户ID 69 | operator: #POLARIS_OPERATOR# 70 | # k8s cluster name 71 | clusterName: "#CLUSTER_NAME#" 72 | # polaris-sidecar 注入的默认启动模式, 可以配置 java-agent, mesh 或者 dns 73 | sidecarInject: 74 | mode: "" 75 | # service sync 76 | serviceSync: 77 | mode: #SYNC_MODE# 78 | configSync: 79 | enable: false 80 | allowDelete: false 81 | syncDirection: both 82 | defaultGroup: "#CLUSTER_NAME#" 83 | defaultConfig: 84 | proxyMetadata: 85 | serverAddress: #POLARIS_HOST# 86 | clusterName: #CLUSTER_NAME# 87 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # preprocess the variables 6 | 7 | function replaceVar() { 8 | for file in $(ls *.yaml); do 9 | key="#$1#" 10 | echo "process replace file $file, key $key, value $2" 11 | if [ "$(uname)" == "Darwin" ]; then 12 | sed -i "" "s?$key?$2?g" $file 13 | else 14 | sed -i "s?$key?$2?g" $file 15 | fi 16 | done 17 | } 18 | 19 | varFile="variables.txt" 20 | if [ ! -f "$varFile" ]; then 21 | echo "variables.txt not exists" 22 | exit 1 23 | fi 24 | 25 | export -f replaceVar 26 | 27 | cat $varFile | awk -F ':' '{print "replaceVar", $1, $2}' | "/bin/bash" 28 | 29 | kubectl apply -f namespace.yaml 30 | kubectl create secret generic polaris-sidecar-injector -n polaris-system \ 31 | --from-file=secrets/key.pem \ 32 | --from-file=secrets/cert.pem \ 33 | --from-file=secrets/ca-cert.pem 34 | 35 | kubectl apply -f rbac.yaml 36 | kubectl apply -f polaris-client-config-tpl.yaml 37 | kubectl apply -f configmap.yaml 38 | kubectl apply -f injector.yaml 39 | kubectl apply -f javaagent-configmap.yaml 40 | kubectl apply -f polaris-metrics-svc.yaml 41 | kubectl apply -f polaris-controller.yaml 42 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: polaris-system -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/polaris-client-config-tpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: polaris-client-config-tpl 5 | namespace: polaris-system 6 | data: 7 | polaris.yaml: |- 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | namespace: {{ .Namespace }} 12 | name: {{ .Name }} 13 | data: 14 | polaris.yaml: |- 15 | global: 16 | serverConnector: 17 | addresses: 18 | - {{ .PolarisServer }} 19 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/polaris-metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "80" 6 | prometheus.io/scrape: "true" 7 | labels: 8 | k8s-app: polaris-controller 9 | name: polaris-controller-metrics 10 | namespace: polaris-system 11 | spec: 12 | ports: 13 | - port: 80 14 | protocol: TCP 15 | targetPort: 80 16 | selector: 17 | k8s-app: polaris-controller 18 | sessionAffinity: None 19 | type: ClusterIP 20 | status: 21 | loadBalancer: {} -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: polaris-controller 5 | namespace: polaris-system 6 | 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRole 10 | metadata: 11 | name: polaris-controller 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - services 17 | - namespaces 18 | - pods 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - events 27 | - configmaps 28 | - endpoints 29 | verbs: 30 | - create 31 | - update 32 | - get 33 | - list 34 | - watch 35 | - apiGroups: 36 | - "coordination.k8s.io" 37 | resources: 38 | - leases 39 | verbs: 40 | - create 41 | - get 42 | - list 43 | - update 44 | --- 45 | apiVersion: rbac.authorization.k8s.io/v1 46 | kind: ClusterRoleBinding 47 | metadata: 48 | name: polaris-controller 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: polaris-controller 53 | subjects: 54 | - kind: ServiceAccount 55 | name: polaris-controller 56 | namespace: polaris-system 57 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/secrets/ca-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/secrets/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL 3 | BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt 4 | c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 5 | MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt 6 | LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur 7 | ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP 8 | N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O 9 | JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d 10 | SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 11 | LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 12 | veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i 13 | x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu 14 | s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX 15 | 1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR 16 | dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO 17 | 6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u 18 | wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 19 | MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu 20 | amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit 21 | V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr 22 | 1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 23 | YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp 24 | 3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV 25 | 9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm 26 | PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR 27 | Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di 28 | IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz 29 | QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz 30 | 4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 31 | XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /deploy/kubernetes_v1.22/kubernetes/secrets/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy2WvO+nQbXwUb 3 | q2SuovhNxCvEGxGfnoZnuXGosZYw6TUR7aq6G+uGtW1kkHdUgf9nqplm3FVnJ/00 4 | zzfV1Bu25eC0YnVQSl/Ne8xglxfpKY5tzcwJcRg/spssSMoVylPfqe04vSMzRLDu 5 | DiV2QZ2/VrF3usWyOxnkBfWLgb/rcwi+UbX3W0ZC03esmsOlVy1g6dZEBPAmQ7B/ 6 | XUn5QMhwUfmf+Y6NJtrd0sW+eTozl6fFOnsJk38OrVKuYMH3qXF3DUIlDK6MWLbs 7 | tS4F3gO7P9Fgce/lUDmMhR4mQAeFlnRyOSgR8WIhz+3HMomv9x9Aol1Pmm8LeMvS 8 | +L3kdLfX3P5r1kDOYT3Dl6cOSHjZT6NHTqIAjLTI4vdCwBCnSwEms5Qjh7LkI+ht 9 | 4sejfsOPnP1C2qhkwz4OvhuD/ckBGObguOGGIyB5XAV6xhdE0CSxS96sb7uVfomq 10 | rrP4n6xvXnLa3MirOVdxgx4grTsHKC49uS5oXNcdBqDk32fu0z+euK92O6lGqgcF 11 | 19XQ4zdAwJkmOVJpi4WoJvZjqqmfDqFnAuq0A1AaZpmjOdUxHckNJbAbB+TgaI2b 12 | kXchZzMtV8EReTM7ZDKIBbyWoYO11ENgO0gIh6oiAXD9nuieO09Uo5CvOSadTFRJ 13 | zumh1ahqKQaJkfwO9EkUysY70J7z/wIDAQABAoICAQCeEAl3o2F5z0B0c8VHkkBg 14 | ej8z0biBmViv0vTgYhKap4B/l8yLLqG5LB7CAet0hG907xEkFxZjVLQzN+/gytSz 15 | j/ZHdby4eQKyV/cIZoB7UH7QDFGHBqynnvIE8U+ocmguA7/jpUS2yr6TpWz2VodT 16 | 0wqFBkwyeIkpPRsFcGZtb/0KNqzbL4+o/7uEkELYnXM9c2wqMTMMnkYeShRWdSqw 17 | GcLD34pctTo5UU3ySLFnZ2CerlCO5gwkrImmE11ZxCbDULRkihC5eK4yBO3nwY8K 18 | rhwdYJTj1UMHLZ63r172cUH4sQr40Jwpxdofckq9eWnldZmCALqjKN76VVt9zKms 19 | YSlY4Xo9AR3spgq/HepRyeu2FQE5XxXoRoxA0xa+SapR0FoirgzvscmmngTYmqy3 20 | tFw+wLc9KMYw6gCyjiSzuAWPZ0lEQ2NSgoKmwLMoLlKWxvAjywwimP+IjfTaRcEt 21 | ELaONDhNsXWk0s+WBUZ8ul7UaH7DT9v7fWndSftYE6Rt0Q39CCesXZflnay7g7+M 22 | mTEgbG4ZDdiyy5C6dPi6lJNYfnLmM7X/1l1TWaeH/n1E/n1h+T4vJgTQfitn3upV 23 | BWuC5X3HSmHXJI07XirT4EI0RslFkbyE55BgRnp46drPg/rhbzAwiuC1SmdZ5i78 24 | ryzsb5fQNS1VTiYRb/0yAQKCAQEA7TIj5GMTA05mePgHiBRqXGrHtEmXAISkiEHC 25 | P8T83uvzb0RXMPObrw6WHvR5fHcUU87Feyf70s1NUUZLVdXJNvbIQsK/P8ZBN3YI 26 | sxrX9xbrGZDBo4MFEeJGHOE9jRyeGSulTTKCNROjLjhPx83igFlXMwkaokMSVl31 27 | f2pMrcfTpq0/yI75HIJEqR34u1wWBOyq9OoS9RWpJKhsyKfRemu8fzQSNGgP+DIj 28 | PYkYf577WQBUrDgjGgM59NreGwT6loDDwtNaRMei6MvOJKgT4DkBt3eiVize/Gzn 29 | IL+XPBxuI7pqXPWz0nsmSshdt6vS22j7+J+a/glZ5l0DqPMzpQKCAQEAwQclGoPt 30 | LFAv17h61SRLE8MbLgsf25uZ51j4TP3Mga8+mvWeei3BP7NDpaXyJMkltkhJwx36 31 | wpmomif6E1bIBVOiTiBIGudGr1t/WrijS1uKriwRAcFF3V6L1E9MxqFp8WPs9NOJ 32 | AkUfMifT6mRdgl7gjSH/l10dPvJ7KvwRiDS+9ArrY/LAYD102ldF+p5G6TnyOeCI 33 | 9PriR09aJWMvHH4qS18P9UCij+/xdRtLFYNxJX+K/wh+ocImMfxFg9NzCfJ6DF1r 34 | IO7ZNEIcBrsp91ZfCnjv1UN0pU+UjZmdCrWd8qMvvdiD8kacHME2MlBzPrjeqFWq 35 | N1ISCXzhf5Rn0wKCAQAmOC4QXuZxYfChDVYpVyDMQ2hqZHEwZC8exXnHTLZyNRLE 36 | mv5xpM8xJeiKlFn+9DEST/8CGS86iFos/malLg1+DcW2/CpU3F0l0p8UPP8PkWHQ 37 | fMK21iW6+/rQLHr+gd33sFCyX7EbXE6u4+P3DfWxOLQURSNFggkyYXFtVnOEjO5N 38 | rRzZ9C+vqE3n8ixiBDSIFpp1XEIxu4vFnF3q9x+J2lJFLN7CEwJ/u5RyFeUcq0FU 39 | 1fjOxzzgtCRij+G5+NNn7NeeTO/+pSxa1nwg6/RH7OeZ6Gz/9br4cZPMcxKrXOli 40 | WGdLE0wmXjGNWzu+nLEdKY1wQkd3J4qU0+gDES0BAoIBAGNsJrRNl2/nrXzTTJFU 41 | LEd1ix5gJHyc3NzIerxNTXTOqtRuBr6vqoYA86rympJP+Ni2yydw3aQ2OR2N0cT8 42 | QfJcbZEIF5uj3EiePC6iQ5mhAQFNOUVKI44uEJ++aLE2mrb23SoNethsefD/iquE 43 | HpX0AH0xMdDo6RNvGfm989nQMTrKFQxaELSBcxqzMRwxQh0G97jP6jskrkBEow32 44 | 1GE8qtQ/lpygOhshX6EN+dKO7Ux/MTzDR1ZSBhJg+f04gFxzRGHyDCfeXooIMx9U 45 | b/0xw6pFOGMEZ6RuJPn6UWUevsgnPYPvbabwr6Av9JZd0b5Qwn66AP6ViyzP4eYw 46 | rnkCggEAQo7nkZnFqzF2qk7vZ7mfDXLdsCHxNuKBRPvOe0/jHTgREPgI2yecTPBn 47 | XMJvKufyzoa0zALKNaA1Ljm/8/HhjX2abTYRVO9BS9aJN0F+u3t4Sf6+8ZICgmmo 48 | rkRt3vRmFFGr935veMk7yx18/ezstkK3LLuFZFII55XhO+LBaezsVCtPCESU7Vqs 49 | K2V0Ab+9qNC4xNGCFZXRmmyzFSwsuJ3zCKygb3J8HG4sp1R4q+EqN3C++y9CGbgm 50 | YSog19R5+7P8qOopC8cod8jWuMsAsLwoSGc0L0+G2dIqgR0wSGE8P3VLqq3UN9hx 51 | QYNToXs8PwtyNIbvckrJQvbqO8WoBA== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /deploy/variables.txt: -------------------------------------------------------------------------------- 1 | POLARIS_HOST:polaris.polaris-system 2 | CONTROLLER_VERSION:##VERSION## 3 | SIDECAR_VERSION:v1.5.1 4 | POLARIS_TOKEN:nu/0WRA4EqSR1FagrjRj0fZwPXuGlMpX+zCuWu4uMqy8xr1vRjisSbA25aAC3mtU8MeeRsKhQiDAynUR09I= 5 | POLARIS_OPERATOR:65e4789a6d5b49669adf1e9e8387549c 6 | ENVOY_VERSION:v1.26.2 7 | CLUSTER_NAME:default 8 | JAVA_AGENT_INIT:latest -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | FROM alpine:latest 17 | 18 | ARG TARGETARCH 19 | 20 | RUN sed -i 's!http://dl-cdn.alpinelinux.org/!https://mirrors.tencent.com/!g' /etc/apk/repositories 21 | 22 | RUN apk update \ 23 | && apk add tzdata \ 24 | && apk add --no-cache bash \ 25 | && apk add curl \ 26 | && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ 27 | && echo "Asia/Shanghai" > /etc/timezone 28 | 29 | RUN mkdir -p /polaris-controller/logs && \ 30 | chmod -R 755 /polaris-controller 31 | 32 | WORKDIR /polaris-controller 33 | COPY ./bin/$TARGETARCH/polaris-controller /polaris-controller/polaris-controller -------------------------------------------------------------------------------- /import-formater.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Tencent is pleased to support the open source community by making Polaris available. 3 | # 4 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 | # 6 | # Licensed under the BSD 3-Clause License (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://opensource.org/licenses/BSD-3-Clause 11 | # 12 | # Unless required by applicable law or agreed to in writing, software distributed 13 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations under the License. 16 | 17 | # 格式化 go.mod 18 | go mod tidy -compat=1.17 19 | 20 | # 处理 go imports 的格式化 21 | rm -rf style_tool 22 | rm -rf goimports-reviser 23 | 24 | mkdir -p style_tool 25 | 26 | cd style_tool 27 | 28 | is_arm=$(/usr/bin/uname -m | grep "arm|aarch64" | wc -l) 29 | goimports_target_file="goimports-reviser_3.3.1_linux_amd64.tar.gz" 30 | 31 | if [ "$(uname)" == "Darwin" ]; then 32 | if [ "${is_arm}" == "1" ]; then 33 | goimports_target_file="goimports-reviser_3.3.1_darwin_arm64.tar.gz" 34 | else 35 | goimports_target_file="goimports-reviser_3.3.1_darwin_amd64.tar.gz" 36 | fi 37 | fi 38 | 39 | wget "https://github.com/incu6us/goimports-reviser/releases/download/v3.3.1/${goimports_target_file}" 40 | tar -zxvf ${goimports_target_file} 41 | mv goimports-reviser ../ 42 | 43 | cd ../ 44 | 45 | # 处理 go 代码格式化 46 | 47 | find . -name "*.go" -type f | grep -v .pb.go | grep -v .gen.go | grep -v test/tools/tools.go | 48 | xargs -I {} ./goimports-reviser -rm-unused -format {} -project-name github.com/polarismesh/polaris-controller 49 | -------------------------------------------------------------------------------- /pkg/cache/config_cache.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package cache 17 | 18 | import ( 19 | "sync" 20 | 21 | v1 "k8s.io/api/core/v1" 22 | ) 23 | 24 | // CachedConfigFileMap 25 | func NewCachedConfigFileMap() *CachedConfigFileMap { 26 | return &CachedConfigFileMap{} 27 | } 28 | 29 | // CachedConfigFileMap key:string, value: *v1.ConfigFile 30 | type CachedConfigFileMap struct { 31 | sm sync.Map 32 | } 33 | 34 | // Delete 35 | func (csm *CachedConfigFileMap) Delete(key string) { 36 | csm.sm.Delete(key) 37 | } 38 | 39 | // Load 40 | func (csm *CachedConfigFileMap) Load(key string) (value *v1.ConfigMap, ok bool) { 41 | v, ok := csm.sm.Load(key) 42 | if v != nil { 43 | result, ok2 := v.(*v1.ConfigMap) 44 | if !ok2 { 45 | ok = false 46 | } 47 | return result, ok 48 | } 49 | return value, ok 50 | } 51 | 52 | // Store 53 | func (csm *CachedConfigFileMap) Store(key string, value *v1.ConfigMap) { 54 | csm.sm.Store(key, value) 55 | } 56 | 57 | // Clear remove all elements in cache 58 | func (csm *CachedConfigFileMap) Clear() { 59 | csm.sm.Range(func(key interface{}, value interface{}) bool { 60 | csm.sm.Delete(key) 61 | return true 62 | }) 63 | } 64 | 65 | // Range execute f for each element of cache 66 | func (csm *CachedConfigFileMap) Range(f func(key string, value *v1.ConfigMap) bool) { 67 | csm.sm.Range(func(key, value interface{}) bool { 68 | return f(key.(string), value.(*v1.ConfigMap)) 69 | }) 70 | } 71 | -------------------------------------------------------------------------------- /pkg/cache/service_cache.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package cache 17 | 18 | import ( 19 | "sync" 20 | 21 | v1 "k8s.io/api/core/v1" 22 | ) 23 | 24 | // CachedServiceMap 25 | func NewCachedServiceMap() *CachedServiceMap { 26 | return &CachedServiceMap{} 27 | } 28 | 29 | // CachedServiceMap key:string, value: *v1.service 30 | type CachedServiceMap struct { 31 | sm sync.Map 32 | } 33 | 34 | // Delete 35 | func (csm *CachedServiceMap) Delete(key string) { 36 | csm.sm.Delete(key) 37 | } 38 | 39 | // Load 40 | func (csm *CachedServiceMap) Load(key string) (value *v1.Service, ok bool) { 41 | v, ok := csm.sm.Load(key) 42 | if v != nil { 43 | result, ok2 := v.(*v1.Service) 44 | if !ok2 { 45 | ok = false 46 | } 47 | return result, ok 48 | } 49 | return value, ok 50 | } 51 | 52 | // Store 53 | func (csm *CachedServiceMap) Store(key string, value *v1.Service) { 54 | csm.sm.Store(key, value) 55 | } 56 | 57 | // Clear remove all elements in cache 58 | func (csm *CachedServiceMap) Clear() { 59 | csm.sm.Range(func(key interface{}, value interface{}) bool { 60 | csm.sm.Delete(key) 61 | return true 62 | }) 63 | } 64 | 65 | // Range execute f for each element of cache 66 | func (csm *CachedServiceMap) Range(f func(key string, value *v1.Service) bool) { 67 | csm.sm.Range(func(key, value interface{}) bool { 68 | return f(key.(string), value.(*v1.Service)) 69 | }) 70 | } 71 | -------------------------------------------------------------------------------- /pkg/controller/rsync.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package controller 17 | 18 | import ( 19 | v1 "k8s.io/api/core/v1" 20 | 21 | "github.com/polarismesh/polaris-controller/common/log" 22 | "github.com/polarismesh/polaris-controller/pkg/polarisapi" 23 | "github.com/polarismesh/polaris-controller/pkg/util" 24 | ) 25 | 26 | // resyncWorker 定时对账 27 | func (p *PolarisController) resyncWorker() { 28 | log.Info("start do Resync job") 29 | if !p.isPolarisServerHealthy.Load() { 30 | log.Info("Resync: Polaris server failed, not sync") 31 | return 32 | } 33 | 34 | p.resyncServiceCache.Range(func(key string, value *v1.Service) bool { 35 | v, ok := p.serviceCache.Load(util.GetOriginKeyWithResyncQueueKey(key)) 36 | if !ok { 37 | task := &Task{ 38 | Namespace: value.GetNamespace(), 39 | Name: value.GetName(), 40 | ObjectType: KubernetesService, 41 | Rsync: true, 42 | } 43 | p.enqueueService(task, value, "Add") 44 | return true 45 | } 46 | 47 | // 强制更新 48 | p.onServiceUpdate(v, value) 49 | return true 50 | }) 51 | 52 | // 只有开启了 SyncConfigMap 才会触发相关任务 53 | if p.AllowSyncFromConfigMap() { 54 | p.resyncConfigFileCache.Range(func(key string, value *v1.ConfigMap) bool { 55 | v, ok := p.configFileCache.Load(util.GetOriginKeyWithResyncQueueKey(key)) 56 | if !ok { 57 | task := &Task{ 58 | Namespace: value.GetNamespace(), 59 | Name: value.GetName(), 60 | ObjectType: KubernetesService, 61 | Rsync: true, 62 | } 63 | p.enqueueConfigMap(task, value, "Add") 64 | return true 65 | } 66 | 67 | // 强制更新 68 | p.onConfigMapUpdate(v, value) 69 | return true 70 | }) 71 | } 72 | } 73 | 74 | // checkHealth 健康检查 75 | func (p *PolarisController) checkHealth() { 76 | if polarisapi.CheckHealth() { 77 | // failed -> healthy, clear service cache and start full resync 78 | if !p.isPolarisServerHealthy.Load() { 79 | p.isPolarisServerHealthy.Store(true) 80 | p.serviceCache.Clear() 81 | log.Info("Polaris server health check: clear local cache and resync") 82 | } 83 | 84 | // 清除网络波动导致的健康检测失败记录 85 | p.polarisServerFailedTimes = 0 86 | return 87 | } 88 | 89 | // 失败三次以上认为server down 90 | if p.isPolarisServerHealthy.Load() { 91 | p.polarisServerFailedTimes++ 92 | if p.polarisServerFailedTimes >= 3 { 93 | p.isPolarisServerHealthy.Store(false) 94 | p.polarisServerFailedTimes = 0 95 | } 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /pkg/controller/types.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package controller 17 | 18 | import "fmt" 19 | 20 | type ObjectType int32 21 | 22 | const ( 23 | _ ObjectType = iota 24 | KubernetesNamespace 25 | KubernetesService 26 | KubernetesConfigMap 27 | KubernetesEndpoints 28 | ) 29 | 30 | type Operation string 31 | 32 | const ( 33 | OperationEmpty Operation = "" 34 | OperationAdd Operation = "Add" 35 | OperationUpdate Operation = "Update" 36 | OperationDelete Operation = "Delete" 37 | ) 38 | 39 | type Task struct { 40 | Namespace string 41 | Name string 42 | Rsync bool 43 | ObjectType ObjectType 44 | Operation Operation 45 | } 46 | 47 | func (t *Task) String() string { 48 | return fmt.Sprintf("%s|%s|%v|%v|%v", t.Namespace, t.Name, t.Rsync, t.ObjectType, t.Operation) 49 | } 50 | 51 | func (t *Task) Key() string { 52 | return fmt.Sprintf("%s|%s|%v", t.Namespace, t.Name, t.ObjectType) 53 | } 54 | -------------------------------------------------------------------------------- /pkg/inject/pkg/config/constants/constants.go: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package constants 16 | 17 | const ( 18 | // ConfigPathDir config directory for storing envoy json config files. 19 | ConfigPathDir = "/etc/polaris/proxy" 20 | 21 | // BinaryPathFilename envoy binary location 22 | BinaryPathFilename = "/usr/local/bin/envoy" 23 | 24 | // ServiceClusterName service cluster name used in xDS calls 25 | ServiceClusterName = "polaris-proxy" 26 | 27 | // DiscoveryPlainAddress discovery IP address:port with plain text 28 | DiscoveryPlainAddress = "polaris.default:15010" 29 | 30 | // IstioSystemNamespace is the namespace where Istio's components are deployed 31 | IstioSystemNamespace = "polaris-system" 32 | ) 33 | -------------------------------------------------------------------------------- /pkg/inject/pkg/config/inject_config.go: -------------------------------------------------------------------------------- 1 | package config 2 | 3 | import ( 4 | "crypto/sha256" 5 | "crypto/tls" 6 | "encoding/hex" 7 | 8 | "github.com/polarismesh/polaris-controller/pkg/inject/pkg/config/mesh" 9 | ) 10 | 11 | // InjectConfigInfo is a struct that contains all the configuration 12 | type InjectConfigInfo struct { 13 | MeshInjectConf *TemplateConfig 14 | DnsInjectConf *TemplateConfig 15 | JavaAgentInjectConf *TemplateConfig 16 | MeshEnvoyConf *mesh.MeshEnvoyConfig 17 | ValuesConf string 18 | CertPair *tls.Certificate 19 | } 20 | 21 | // helper function to generate a template version identifier from a 22 | // hash of the un-executed template contents. 23 | func sidecarTemplateVersionHash(in string) string { 24 | hash := sha256.Sum256([]byte(in)) 25 | return hex.EncodeToString(hash[:]) 26 | } 27 | -------------------------------------------------------------------------------- /pkg/inject/pkg/config/mesh/mesh.go: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package mesh 16 | 17 | import ( 18 | "fmt" 19 | "os" 20 | 21 | "github.com/hashicorp/go-multierror" 22 | "gopkg.in/yaml.v2" 23 | ) 24 | 25 | // MeshEnvoyConfig mesh 注入配置, envoy sidecar当前有用到 26 | type MeshEnvoyConfig struct { 27 | DefaultConfig *DefaultConfig `yaml:"defaultConfig"` 28 | } 29 | 30 | // DefaultConfig 存储北极星proxy默认配置和用户自定义配置 31 | type DefaultConfig struct { 32 | ProxyMetadata map[string]string `yaml:"proxyMetadata"` 33 | } 34 | 35 | // ReadMeshEnvoyConfig 读取mesh envoy sidecar注入配置 36 | func ReadMeshEnvoyConfig(filename string) (*MeshEnvoyConfig, error) { 37 | yamlBytes, err := os.ReadFile(filename) 38 | if err != nil { 39 | return nil, multierror.Prefix(err, "cannot read mesh config file") 40 | } 41 | defaultConfig := &MeshEnvoyConfig{ 42 | DefaultConfig: &DefaultConfig{ 43 | ProxyMetadata: map[string]string{}, 44 | }, 45 | } 46 | if err = yaml.Unmarshal(yamlBytes, defaultConfig); err != nil { 47 | return nil, err 48 | } 49 | return defaultConfig, nil 50 | } 51 | 52 | // GetDefaultConfig 获取默认配置 53 | func (ic *MeshEnvoyConfig) GetDefaultConfig() *DefaultConfig { 54 | if ic == nil { 55 | return nil 56 | } 57 | return ic.DefaultConfig 58 | } 59 | 60 | // SetDefaultConfig 设置默认配置 61 | func (ic *MeshEnvoyConfig) SetDefaultConfig(config *DefaultConfig) { 62 | if ic == nil { 63 | return 64 | } 65 | ic.DefaultConfig = config 66 | } 67 | 68 | // GetProxyMetadata 获取 proxy 元数据 69 | func (dc *DefaultConfig) GetProxyMetadata() map[string]string { 70 | if dc == nil { 71 | return nil 72 | } 73 | return dc.ProxyMetadata 74 | } 75 | 76 | // SetProxyMetadataWithKV 设置 proxy 元数据 77 | func (dc *MeshEnvoyConfig) SetProxyMetadataWithKV(k, v string) { 78 | if dc == nil { 79 | return 80 | } 81 | dc.DefaultConfig.ProxyMetadata[k] = v 82 | } 83 | 84 | // String 返回 MeshEnvoyConfig 的字符串表示 85 | func (ic *MeshEnvoyConfig) String() string { 86 | if ic == nil { 87 | return "MeshEnvoyConfig{nil}" 88 | } 89 | 90 | var defaultConfig string 91 | if ic.DefaultConfig == nil { 92 | defaultConfig = "nil" 93 | } else { 94 | defaultConfig = ic.DefaultConfig.String() 95 | } 96 | 97 | return fmt.Sprintf("MeshEnvoyConfig{DefaultConfig: %s}", defaultConfig) 98 | } 99 | 100 | // String 返回 DefaultConfig 的字符串表示 101 | func (dc *DefaultConfig) String() string { 102 | if dc == nil { 103 | return "DefaultConfig{nil}" 104 | } 105 | 106 | metadata := "nil" 107 | if dc.ProxyMetadata != nil { 108 | metadata = fmt.Sprintf("%v", dc.ProxyMetadata) 109 | } 110 | 111 | return fmt.Sprintf("DefaultConfig{ProxyMetadata: %s}", metadata) 112 | } 113 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/apply/mesh/sidecar_env.go: -------------------------------------------------------------------------------- 1 | /** 2 | * Tencent is pleased to support the open source community by making Polaris available. 3 | * 4 | * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 | * 6 | * Licensed under the BSD 3-Clause License (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * https://opensource.org/licenses/BSD-3-Clause 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package mesh 19 | 20 | const ( 21 | EnvSidecarBind = "SIDECAR_BIND" 22 | EnvSidecarPort = "SIDECAR_PORT" 23 | EnvSidecarNamespace = "SIDECAR_NAMESPACE" 24 | EnvSidecarRecurseEnable = "SIDECAR_RECURSE_ENABLE" 25 | EnvSidecarRecurseTimeout = "SIDECAR_RECURSE_TIMEOUT" 26 | EnvSidecarLogRotateOutputPath = "SIDECAR_LOG_ROTATE_OUTPUT_PATH" 27 | EnvSidecarLogErrorRotateOutputPath = "SIDECAR_LOG_ERROR_ROTATE_OUTPUT_PATH" 28 | EnvSidecarLogRotationMaxSize = "SIDECAR_LOG_ROTATION_MAX_SIZE" 29 | EnvSidecarLogRotationMaxBackups = "SIDECAR_LOG_ROTATION_MAX_BACKUPS" 30 | EnvSidecarLogRotationMaxAge = "SIDECAR_LOG_ROTATION_MAX_AGE" 31 | EnvSidecarLogLevel = "SIDECAR_LOG_LEVEL" 32 | EnvSidecarDnsTtl = "SIDECAR_DNS_TTL" 33 | EnvSidecarDnsEnable = "SIDECAR_DNS_ENABLE" 34 | EnvSidecarDnsSuffix = "SIDECAR_DNS_SUFFIX" 35 | EnvSidecarDnsRouteLabels = "SIDECAR_DNS_ROUTE_LABELS" 36 | EnvSidecarMeshTtl = "SIDECAR_MESH_TTL" 37 | EnvSidecarMeshEnable = "SIDECAR_MESH_ENABLE" 38 | EnvSidecarMeshReloadInterval = "SIDECAR_MESH_RELOAD_INTERVAL" 39 | EnvSidecarMeshAnswerIp = "SIDECAR_MESH_ANSWER_IP" 40 | EnvSidecarMtlsEnable = "SIDECAR_MTLS_ENABLE" 41 | EnvSidecarMtlsCAServer = "SIDECAR_MTLS_CA_SERVER" 42 | EnvPolarisAddress = "POLARIS_ADDRESS" 43 | EnvSidecarMetricEnable = "SIDECAR_METRIC_ENABLE" 44 | EnvSidecarMetricListenPort = "SIDECAR_METRIC_LISTEN_PORT" 45 | EnvSidecarRLSEnable = "SIDECAR_RLS_ENABLE" 46 | 47 | ValueListenPort = 15053 48 | ValueMetricListenPort = 15985 49 | ) 50 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/base.go: -------------------------------------------------------------------------------- 1 | package inject 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | "text/template" 7 | 8 | "github.com/ghodss/yaml" 9 | "github.com/hashicorp/go-multierror" 10 | 11 | "github.com/polarismesh/polaris-controller/common/log" 12 | ) 13 | 14 | // getPodPatch 处理 admission webhook 请求 15 | // 返回值: 16 | // 17 | // patchBytes: []byte - 包含需要应用到资源上的 JSON patch 数据。如果不需要修改,则为 nil 18 | // err: error - 处理过程中遇到的错误 19 | // - nil: 表示处理成功 20 | // - non-nil: 表示处理过程中出现错误,错误信息包含在 error 中 21 | func (wh *Webhook) getPodPatch(p *podDataInfo) ([]byte, error) { 22 | // 检查Pod元数据是否合法 23 | passed, err := p.checkPodData() 24 | if err != nil || !passed { 25 | log.InjectScope().Errorf("[Webhook] skip due to checkPodData result:%v, error: %v", passed, err) 26 | return nil, err 27 | } 28 | 29 | // 检查Pod是否需要注入,过滤掉某些不需要注入的pod 30 | if !wh.requireInject(p) { 31 | skipReason := fmt.Sprintf("policy check failed for namespace=%s, podName=%s, injectConfig=%v", 32 | p.podObject.Namespace, p.podName, p.injectTemplateConfig) 33 | log.InjectScope().Infof("Skipping due to: %s", skipReason) 34 | return nil, nil 35 | } 36 | 37 | // 获取注入后的annotations 38 | sidecarTemplate := p.injectTemplateConfig.Template 39 | values := map[string]interface{}{} 40 | valuesConfig := wh.templateConfig.GetValuesConfig() 41 | if err := yaml.Unmarshal([]byte(wh.templateConfig.GetValuesConfig()), &values); err != nil { 42 | log.InjectScope().Errorf("[Webhook] failed to parse values config: %v [%v]\n", err, valuesConfig) 43 | return nil, multierror.Prefix(err, "could not parse configuration values:") 44 | } 45 | metadataCopy := p.podObject.ObjectMeta.DeepCopy() 46 | metadataCopy.Annotations = p.injectedAnnotations 47 | templateData := SidecarTemplateData{ 48 | TypeMeta: p.workloadType, 49 | DeploymentMeta: p.workloadMeta, 50 | ObjectMeta: metadataCopy, 51 | Spec: &p.podObject.Spec, 52 | ProxyConfig: wh.templateConfig.GetMeshEnvoyConfig().GetDefaultConfig(), 53 | Values: values, 54 | } 55 | 56 | funcMap := template.FuncMap{ 57 | "formatDuration": formatDuration, 58 | "isset": isset, 59 | "excludeInboundPort": excludeInboundPort, 60 | "includeInboundPorts": includeInboundPorts, 61 | "kubevirtInterfaces": kubevirtInterfaces, 62 | "applicationPorts": applicationPorts, 63 | "annotation": getAnnotation, 64 | "valueOrDefault": valueOrDefault, 65 | "toJSON": toJSON, 66 | "toJson": toJSON, // Used by, e.g. Istio 1.0.5 template sidecar-injector-configmap.yaml 67 | "fromJSON": fromJSON, 68 | "structToJSON": structToJSON, 69 | "protoToJSON": protoToJSON, 70 | "toYaml": toYaml, 71 | "indent": indent, 72 | "directory": directory, 73 | "contains": flippedContains, 74 | "toLower": strings.ToLower, 75 | "openTlsMode": openTlsMode, 76 | "env": env, 77 | "render": render, 78 | } 79 | 80 | bbuf, err := parseTemplate(sidecarTemplate, funcMap, templateData) 81 | if err != nil { 82 | return nil, err 83 | } 84 | 85 | var injectData SidecarInjectionSpec 86 | if err := yaml.Unmarshal(bbuf.Bytes(), &injectData); err != nil { 87 | // This usually means an invalid injector template; we can't check 88 | // the template itself because it is merely a string. 89 | log.InjectScope().Warnf("Failed to unmarshal template %v \n%s", err, bbuf.String()) 90 | return nil, multierror.Prefix(err, "failed parsing injected YAML (check sidecar injector configuration):") 91 | } 92 | 93 | // set sidecar --concurrency 94 | applyConcurrency(injectData.Containers) 95 | injectStatus := p.addInjectStatusAnnotation(injectData) 96 | // 生成POD修改的patch 97 | opt := &PatchOptions{ 98 | Pod: p.podObject, 99 | KubeClient: wh.k8sClient, 100 | PrevStatus: injectionStatus(p.podObject), 101 | SidecarMode: p.injectMode, 102 | WorkloadName: p.workloadMeta.Name, 103 | Sic: &injectData, 104 | Annotations: p.injectedAnnotations, 105 | ExternalInfo: map[string]string{}, 106 | } 107 | patchBytes, err := createPatch(opt) 108 | if err != nil { 109 | log.InjectScope().Errorf(fmt.Sprintf("AdmissionResponse: err=%v injectStatus:%s injectData=%v\n", err, 110 | injectStatus, injectData)) 111 | return nil, err 112 | } 113 | return patchBytes, err 114 | } 115 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/concurrency.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package inject 16 | 17 | import ( 18 | "fmt" 19 | "math" 20 | "regexp" 21 | "strconv" 22 | "strings" 23 | 24 | corev1 "k8s.io/api/core/v1" 25 | 26 | "github.com/polarismesh/polaris-controller/common/log" 27 | ) 28 | 29 | const ( 30 | // concurrencyCmdFlagName 31 | concurrencyCmdFlagName = "concurrency" 32 | ) 33 | 34 | var ( 35 | // regex pattern for to extract the pilot agent concurrency. 36 | // Supported format, --concurrency, -concurrency, --concurrency=2. 37 | concurrencyPattern = regexp.MustCompile(fmt.Sprintf(`^-{1,2}%s(=(?P\d+))?$`, concurrencyCmdFlagName)) 38 | ) 39 | 40 | // extractConcurrency accepts the sidecar container spec and returns its concurrency. 41 | func extractConcurrency(sidecar *corev1.Container) int { 42 | for i, arg := range sidecar.Args { 43 | // Skip for unrelated args. 44 | match := concurrencyPattern.FindAllStringSubmatch(strings.TrimSpace(arg), -1) 45 | if len(match) != 1 { 46 | continue 47 | } 48 | groups := concurrencyPattern.SubexpNames() 49 | concurrency := "" 50 | for ind, s := range match[0] { 51 | if groups[ind] == "threads" { 52 | concurrency = s 53 | break 54 | } 55 | } 56 | // concurrency not found from current arg, extract from next arg. 57 | if concurrency == "" { 58 | // Matches the regex pattern, but without actual values provided. 59 | if len(sidecar.Args) <= i+1 { 60 | return 0 61 | } 62 | concurrency = sidecar.Args[i+1] 63 | } 64 | c, err := strconv.Atoi(concurrency) 65 | if err != nil { 66 | log.Errorf("Failed to convert concurrency to int %v, err %v", concurrency, err) 67 | return 0 68 | } 69 | return c 70 | } 71 | return 0 72 | } 73 | 74 | // applyConcurrency changes sidecar containers' concurrency to equals the cpu cores of the container 75 | // if not set. It is inferred from the container's resource limit or request. 76 | func applyConcurrency(containers []corev1.Container) { 77 | for i, c := range containers { 78 | if c.Name == ProxyContainerName { 79 | concurrency := extractConcurrency(&c) 80 | // do not change it when it is already set 81 | if concurrency > 0 { 82 | return 83 | } 84 | 85 | // firstly use cpu limits 86 | if !updateConcurrency(&containers[i], c.Resources.Limits.Cpu().MilliValue()) { 87 | // secondly use cpu requests 88 | updateConcurrency(&containers[i], c.Resources.Requests.Cpu().MilliValue()) 89 | } 90 | return 91 | } 92 | } 93 | } 94 | 95 | func updateConcurrency(container *corev1.Container, cpumillis int64) bool { 96 | cpu := float64(cpumillis) / 1000 97 | concurrency := int(math.Ceil(cpu)) 98 | if concurrency > 0 { 99 | container.Args = append(container.Args, []string{fmt.Sprintf("--%s", concurrencyCmdFlagName), strconv.Itoa(concurrency)}...) 100 | return true 101 | } 102 | 103 | return false 104 | } 105 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/initializer.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package inject 16 | 17 | import ( 18 | openshiftv1 "github.com/openshift/api/apps/v1" 19 | appsv1 "k8s.io/api/apps/v1" 20 | batchv1 "k8s.io/api/batch/v1" 21 | v1 "k8s.io/api/core/v1" 22 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | "k8s.io/apimachinery/pkg/runtime" 24 | "k8s.io/apimachinery/pkg/runtime/schema" 25 | ) 26 | 27 | var ignoredNamespaces = []string{ 28 | metav1.NamespaceSystem, 29 | metav1.NamespacePublic, 30 | } 31 | 32 | var ( 33 | kinds = []struct { 34 | groupVersion schema.GroupVersion 35 | obj runtime.Object 36 | resource string 37 | apiPath string 38 | }{ 39 | {v1.SchemeGroupVersion, &v1.ReplicationController{}, "replicationcontrollers", "/api"}, 40 | {v1.SchemeGroupVersion, &v1.Pod{}, "pods", "/api"}, 41 | 42 | {appsv1.SchemeGroupVersion, &appsv1.Deployment{}, "deployments", "/apis"}, 43 | {appsv1.SchemeGroupVersion, &appsv1.DaemonSet{}, "daemonsets", "/apis"}, 44 | {appsv1.SchemeGroupVersion, &appsv1.ReplicaSet{}, "replicasets", "/apis"}, 45 | 46 | {batchv1.SchemeGroupVersion, &batchv1.Job{}, "jobs", "/apis"}, 47 | 48 | {appsv1.SchemeGroupVersion, &appsv1.StatefulSet{}, "statefulsets", "/apis"}, 49 | 50 | {v1.SchemeGroupVersion, &v1.List{}, "lists", "/apis"}, 51 | 52 | {openshiftv1.GroupVersion, &openshiftv1.DeploymentConfig{}, "deploymentconfigs", "/apis"}, 53 | } 54 | injectScheme = runtime.NewScheme() 55 | ) 56 | 57 | func init() { 58 | for _, kind := range kinds { 59 | injectScheme.AddKnownTypes(kind.groupVersion, kind.obj) 60 | injectScheme.AddUnversionedTypes(kind.groupVersion, kind.obj) 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/pod_patch.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package inject 16 | 17 | import ( 18 | corev1 "k8s.io/api/core/v1" 19 | "k8s.io/client-go/kubernetes" 20 | 21 | utils "github.com/polarismesh/polaris-controller/pkg/util" 22 | ) 23 | 24 | var ( 25 | // 定义一个变量,用于记录当前正在使用的 patch builder 26 | _PatchBuilders = map[string]PodPatchBuilder{} 27 | ) 28 | 29 | func RegisterPatchBuilder(name string, pb PodPatchBuilder) { 30 | _PatchBuilders[name] = pb 31 | } 32 | 33 | type PatchType int32 34 | 35 | const ( 36 | _ PatchType = iota 37 | // PatchType_Remove 删除操作 38 | PatchType_Remove 39 | // PatchType_Add 增加操作 40 | PatchType_Add 41 | // PatchType_Update 更新操作 42 | PatchType_Update 43 | ) 44 | 45 | type PatchOptions struct { 46 | KubeClient kubernetes.Interface 47 | // Sidecar 的运行模式 48 | SidecarMode utils.SidecarMode 49 | // 目标操作的 POD 50 | Pod *corev1.Pod 51 | // 如果 POD 之前已经注入过 Sidecar,那么这里会记录之前的状态信息 52 | PrevStatus *SidecarInjectionStatus 53 | // 需要增加的注解信息 54 | Annotations map[string]string 55 | // 准备注入 POD 的 Sidecar 的新信息 56 | Sic *SidecarInjectionSpec 57 | // Workload 的名称 58 | WorkloadName string 59 | // ExternalInfo . 60 | ExternalInfo map[string]string 61 | } 62 | 63 | type OperateContainerRequest struct { 64 | // 操作类型 65 | Type PatchType 66 | Option *PatchOptions 67 | Source []corev1.Container 68 | External []corev1.Container 69 | BasePath string 70 | } 71 | 72 | type OperateVolumesRequest struct { 73 | // 操作类型 74 | Type PatchType 75 | Option *PatchOptions 76 | Source []corev1.Volume 77 | External []corev1.Volume 78 | BasePath string 79 | } 80 | 81 | type OperateImagePullSecretsRequest struct { 82 | // 操作类型 83 | Type PatchType 84 | Option *PatchOptions 85 | Source []corev1.LocalObjectReference 86 | External []corev1.LocalObjectReference 87 | BasePath string 88 | } 89 | 90 | // PodPatchBuilder 91 | type PodPatchBuilder interface { 92 | PatchContainer(*OperateContainerRequest) ([]Rfc6902PatchOperation, error) 93 | PatchVolumes(*OperateVolumesRequest) ([]Rfc6902PatchOperation, error) 94 | PatchImagePullSecrets(*OperateImagePullSecretsRequest) ([]Rfc6902PatchOperation, error) 95 | PatchSecurityContext() ([]Rfc6902PatchOperation, error) 96 | PatchDnsConfig() ([]Rfc6902PatchOperation, error) 97 | } 98 | -------------------------------------------------------------------------------- /pkg/inject/pkg/kube/inject/validate_funcs.go: -------------------------------------------------------------------------------- 1 | package inject 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "strconv" 7 | "strings" 8 | ) 9 | 10 | func validateCIDRList(cidrs string) error { 11 | if len(cidrs) > 0 { 12 | for _, cidr := range strings.Split(cidrs, ",") { 13 | if _, _, err := net.ParseCIDR(cidr); err != nil { 14 | return fmt.Errorf("failed parsing cidr '%s': %v", cidr, err) 15 | } 16 | } 17 | } 18 | return nil 19 | } 20 | 21 | func splitPorts(portsString string) []string { 22 | return strings.Split(portsString, ",") 23 | } 24 | 25 | func parsePort(portStr string) (int, error) { 26 | port, err := strconv.ParseUint(strings.TrimSpace(portStr), 10, 16) 27 | if err != nil { 28 | return 0, fmt.Errorf("failed parsing port '%d': %v", port, err) 29 | } 30 | return int(port), nil 31 | } 32 | 33 | func parsePorts(portsString string) ([]int, error) { 34 | portsString = strings.TrimSpace(portsString) 35 | ports := make([]int, 0) 36 | if len(portsString) > 0 { 37 | for _, portStr := range splitPorts(portsString) { 38 | port, err := parsePort(portStr) 39 | if err != nil { 40 | return nil, fmt.Errorf("failed parsing port '%d': %v", port, err) 41 | } 42 | ports = append(ports, port) 43 | } 44 | } 45 | return ports, nil 46 | } 47 | 48 | func validatePortList(parameterName, ports string) error { 49 | if _, err := parsePorts(ports); err != nil { 50 | return fmt.Errorf("%s invalid: %v", parameterName, err) 51 | } 52 | return nil 53 | } 54 | 55 | // ValidateIncludeIPRanges validates the includeIPRanges parameter 56 | func ValidateIncludeIPRanges(ipRanges string) error { 57 | if ipRanges != "*" { 58 | if e := validateCIDRList(ipRanges); e != nil { 59 | return fmt.Errorf("includeIPRanges invalid: %v", e) 60 | } 61 | } 62 | return nil 63 | } 64 | 65 | // ValidateExcludeIPRanges validates the excludeIPRanges parameter 66 | func ValidateExcludeIPRanges(ipRanges string) error { 67 | if e := validateCIDRList(ipRanges); e != nil { 68 | return fmt.Errorf("excludeIPRanges invalid: %v", e) 69 | } 70 | return nil 71 | } 72 | 73 | // ValidateIncludeInboundPorts validates the includeInboundPorts parameter 74 | func ValidateIncludeInboundPorts(ports string) error { 75 | if ports != "*" { 76 | return validatePortList("includeInboundPorts", ports) 77 | } 78 | return nil 79 | } 80 | 81 | // ValidateExcludeInboundPorts validates the excludeInboundPorts parameter 82 | func ValidateExcludeInboundPorts(ports string) error { 83 | return validatePortList("excludeInboundPorts", ports) 84 | } 85 | 86 | // ValidateExcludeOutboundPorts validates the excludeOutboundPorts parameter 87 | func ValidateExcludeOutboundPorts(ports string) error { 88 | return validatePortList("excludeOutboundPorts", ports) 89 | } 90 | 91 | // validateStatusPort validates the statusPort parameter 92 | func validateStatusPort(port string) error { 93 | if _, e := parsePort(port); e != nil { 94 | return fmt.Errorf("excludeInboundPorts invalid: %v", e) 95 | } 96 | return nil 97 | } 98 | 99 | // nolint 100 | // validateUInt32 validates that the given annotation value is a positive integer. 101 | func validateUInt32(value string) error { 102 | _, err := strconv.ParseUint(value, 10, 32) 103 | return err 104 | } 105 | 106 | // validateBool validates that the given annotation value is a boolean. 107 | func validateBool(value string) error { 108 | _, err := strconv.ParseBool(value) 109 | return err 110 | } 111 | -------------------------------------------------------------------------------- /pkg/inject/pkg/util/protomarshal.go: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package util 16 | 17 | import ( 18 | "encoding/json" 19 | "errors" 20 | "strings" 21 | 22 | "github.com/ghodss/yaml" 23 | "github.com/gogo/protobuf/jsonpb" 24 | "github.com/gogo/protobuf/proto" 25 | ) 26 | 27 | // ToJSON marshals a proto to canonical JSON 28 | func ToJSON(msg proto.Message) (string, error) { 29 | return ToJSONWithIndent(msg, "") 30 | } 31 | 32 | // ToJSONWithIndent marshals a proto to canonical JSON with pretty printed string 33 | func ToJSONWithIndent(msg proto.Message, indent string) (string, error) { 34 | if msg == nil { 35 | return "", errors.New("unexpected nil message") 36 | } 37 | 38 | // Marshal from proto to json bytes 39 | m := jsonpb.Marshaler{Indent: indent} 40 | return m.MarshalToString(msg) 41 | } 42 | 43 | // ToYAML marshals a proto to canonical YAML 44 | func ToYAML(msg proto.Message) (string, error) { 45 | js, err := ToJSON(msg) 46 | if err != nil { 47 | return "", err 48 | } 49 | yml, err := yaml.JSONToYAML([]byte(js)) 50 | return string(yml), err 51 | } 52 | 53 | // ToJSONMap converts a proto message to a generic map using canonical JSON encoding 54 | // JSON encoding is specified here: https://developers.google.com/protocol-buffers/docs/proto3#json 55 | func ToJSONMap(msg proto.Message) (map[string]interface{}, error) { 56 | js, err := ToJSON(msg) 57 | if err != nil { 58 | return nil, err 59 | } 60 | 61 | // Unmarshal from json bytes to go map 62 | var data map[string]interface{} 63 | err = json.Unmarshal([]byte(js), &data) 64 | if err != nil { 65 | return nil, err 66 | } 67 | 68 | return data, nil 69 | } 70 | 71 | // ApplyJSON unmarshals a JSON string into a proto message. 72 | func ApplyJSON(js string, pb proto.Message) error { 73 | reader := strings.NewReader(js) 74 | m := jsonpb.Unmarshaler{} 75 | if err := m.Unmarshal(reader, pb); err != nil { 76 | m.AllowUnknownFields = true 77 | reader.Reset(js) 78 | return m.Unmarshal(reader, pb) 79 | } 80 | return nil 81 | } 82 | 83 | // ApplyJSONStrict unmarshals a JSON string into a proto message. 84 | func ApplyJSONStrict(js string, pb proto.Message) error { 85 | reader := strings.NewReader(js) 86 | m := jsonpb.Unmarshaler{} 87 | return m.Unmarshal(reader, pb) 88 | } 89 | 90 | // ApplyYAML unmarshals a YAML string into a proto message. 91 | // Unknown fields are allowed. 92 | func ApplyYAML(yml string, pb proto.Message) error { 93 | js, err := yaml.YAMLToJSON([]byte(yml)) 94 | if err != nil { 95 | return err 96 | } 97 | return ApplyJSON(string(js), pb) 98 | } 99 | 100 | // ApplyYAMLStrict unmarshals a YAML string into a proto message. 101 | // Unknown fields are not allowed. 102 | func ApplyYAMLStrict(yml string, pb proto.Message) error { 103 | js, err := yaml.YAMLToJSON([]byte(yml)) 104 | if err != nil { 105 | return err 106 | } 107 | return ApplyJSONStrict(string(js), pb) 108 | } 109 | -------------------------------------------------------------------------------- /pkg/metrics/metrics.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package metrics 17 | 18 | import ( 19 | "sync" 20 | 21 | "k8s.io/component-base/metrics" 22 | "k8s.io/component-base/metrics/legacyregistry" 23 | ) 24 | 25 | const endpointSliceSubsystem = "polaris_controller" 26 | 27 | var ( 28 | // InstanceRequestSync 单次接口操作请求时间 29 | InstanceRequestSync = metrics.NewHistogramVec( 30 | &metrics.HistogramOpts{ 31 | Subsystem: endpointSliceSubsystem, 32 | Name: "sync_instance_pre_request_time", 33 | Help: "单次接口操作实例请求时间", 34 | StabilityLevel: metrics.STABLE, 35 | Buckets: metrics.ExponentialBuckets(0.001, 2, 16), 36 | }, 37 | []string{"operator", "type", "status", "code"}, 38 | ) 39 | 40 | // SyncTimes controller接收请求数 41 | SyncTimes = metrics.NewCounterVec( 42 | &metrics.CounterOpts{ 43 | Subsystem: endpointSliceSubsystem, 44 | Name: "sync_received_count", 45 | Help: "平台接口对实例处理状态", 46 | StabilityLevel: metrics.STABLE, 47 | }, 48 | []string{"operator", "resource"}, 49 | ) 50 | 51 | // PolarisCount 统计集群中北极星数量 52 | PolarisCount = metrics.NewGaugeVec( 53 | &metrics.GaugeOpts{ 54 | Subsystem: endpointSliceSubsystem, 55 | Name: "polaris_count", 56 | Help: "北极星数量", 57 | StabilityLevel: metrics.STABLE, 58 | }, 59 | []string{"service_namespace", "service_name", "polaris_namespace", "polaris_service"}, 60 | ) 61 | ) 62 | 63 | var registerMetrics sync.Once 64 | 65 | // RegisterMetrics registers EndpointSlice metrics. 66 | func RegisterMetrics() { 67 | registerMetrics.Do(func() { 68 | legacyregistry.MustRegister(InstanceRequestSync) 69 | legacyregistry.MustRegister(SyncTimes) 70 | legacyregistry.MustRegister(PolarisCount) 71 | }) 72 | } 73 | -------------------------------------------------------------------------------- /pkg/polarisapi/constant.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package polarisapi 17 | 18 | const ( 19 | ExistedResource = 400201 20 | Source = "polaris-controller" 21 | AccessTokenHeader = "x-polaris-token" 22 | ) 23 | -------------------------------------------------------------------------------- /pkg/polarisapi/error.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package polarisapi 17 | 18 | import ( 19 | "encoding/json" 20 | "fmt" 21 | "sync" 22 | ) 23 | 24 | // NewPErrors 实例化新的errors 25 | func NewPErrors() *PErrors { 26 | return &PErrors{} 27 | } 28 | 29 | // PErrors API 批量接口错误数据 30 | type PErrors struct { 31 | m sync.Mutex 32 | e []PError 33 | } 34 | 35 | // PError API 错误数据 36 | type PError struct { 37 | ID string `json:"id,omitempty"` 38 | PodName string `json:"podName,omitempty"` 39 | Port int `json:"port,omitempty"` 40 | IP string `json:"ip,omitempty"` 41 | Code *uint32 `json:"code,omitempty"` 42 | Info string `json:"info,omitempty"` 43 | } 44 | 45 | // Append 增加errors方法 46 | func (pe *PErrors) Append(pError PError) { 47 | pe.m.Lock() 48 | defer pe.m.Unlock() 49 | pe.e = append(pe.e, pError) 50 | } 51 | 52 | // GetError 获取error错误 53 | func (pe *PErrors) GetError() error { 54 | pe.m.Lock() 55 | defer pe.m.Unlock() 56 | 57 | if len(pe.e) != 0 { 58 | data, err := json.Marshal(pe.e) 59 | if err != nil { 60 | return fmt.Errorf("%#v", pe.e) 61 | } 62 | return fmt.Errorf("%s", string(data)) 63 | } 64 | return nil 65 | } 66 | -------------------------------------------------------------------------------- /pkg/util/common.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package util 17 | 18 | // IntPtr 类型转换 19 | func IntPtr(v int) *int { 20 | return &v 21 | } 22 | 23 | // Uint32Ptr 类型转换 24 | func Uint32Ptr(v uint32) *uint32 { 25 | return &v 26 | } 27 | 28 | // Int64Ptr 类型转换 29 | func Int64Ptr(v int64) *int64 { 30 | return &v 31 | } 32 | 33 | // UintPtr 类型转换 34 | func UintPtr(v uint) *uint { 35 | return &v 36 | } 37 | 38 | // Uint64Ptr 类型转换 39 | func Uint64Ptr(v uint64) *uint64 { 40 | return &v 41 | } 42 | 43 | // Float64Ptr 类型转换 44 | func Float64Ptr(v float64) *float64 { 45 | return &v 46 | } 47 | 48 | // StringPtr 类型转换 49 | func StringPtr(v string) *string { 50 | return &v 51 | } 52 | 53 | // StringValues 类型转换 54 | func StringValues(ptrs []*string) []string { 55 | values := make([]string, len(ptrs)) 56 | for i := 0; i < len(ptrs); i++ { 57 | if ptrs[i] != nil { 58 | values[i] = *ptrs[i] 59 | } 60 | } 61 | return values 62 | } 63 | 64 | // StringPtrs 类型转换 65 | func StringPtrs(vals []string) []*string { 66 | ptrs := make([]*string, len(vals)) 67 | for i := 0; i < len(vals); i++ { 68 | ptrs[i] = &vals[i] 69 | } 70 | return ptrs 71 | } 72 | 73 | // BoolPtr 类型转换 74 | func BoolPtr(v bool) *bool { 75 | return &v 76 | } 77 | 78 | // Bool is a helper routine that allocates a new bool value 79 | // to store v and returns a pointer to it. 80 | func Bool(v bool) *bool { 81 | return &v 82 | } 83 | 84 | // Int32 is a helper routine that allocates a new int32 value 85 | // to store v and returns a pointer to it. 86 | func Int32(v int32) *int32 { 87 | return &v 88 | } 89 | 90 | // Int is a helper routine that allocates a new int32 value 91 | // to store v and returns a pointer to it, but unlike Int32 92 | // its argument value is an int. 93 | func Int(v int) *int32 { 94 | p := new(int32) 95 | *p = int32(v) 96 | return p 97 | } 98 | 99 | // Int64 is a helper routine that allocates a new int64 value 100 | // to store v and returns a pointer to it. 101 | func Int64(v int64) *int64 { 102 | return &v 103 | } 104 | 105 | // Float32 is a helper routine that allocates a new float32 value 106 | // to store v and returns a pointer to it. 107 | func Float32(v float32) *float32 { 108 | return &v 109 | } 110 | 111 | // Float64 is a helper routine that allocates a new float64 value 112 | // to store v and returns a pointer to it. 113 | func Float64(v float64) *float64 { 114 | return &v 115 | } 116 | 117 | // Uint32 is a helper routine that allocates a new uint32 value 118 | // to store v and returns a pointer to it. 119 | func Uint32(v uint32) *uint32 { 120 | return &v 121 | } 122 | 123 | // Uint64 is a helper routine that allocates a new uint64 value 124 | // to store v and returns a pointer to it. 125 | func Uint64(v uint64) *uint64 { 126 | return &v 127 | } 128 | 129 | // String is a helper routine that allocates a new string value 130 | // to store v and returns a pointer to it. 131 | func String(v string) *string { 132 | return &v 133 | } 134 | -------------------------------------------------------------------------------- /pkg/util/configz/configz.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package configz 18 | 19 | import ( 20 | "encoding/json" 21 | "fmt" 22 | "net/http" 23 | "sync" 24 | ) 25 | 26 | var ( 27 | configsGuard sync.RWMutex 28 | configs = map[string]*Config{} 29 | ) 30 | 31 | // Config is a handle to a ComponentConfig object. Don't create these directly; 32 | // use New() instead. 33 | type Config struct { 34 | val interface{} 35 | } 36 | 37 | // InstallHandler adds an HTTP handler on the given mux for the "/configz" 38 | // endpoint which serves all registered ComponentConfigs in JSON format. 39 | func InstallHandler(m mux) { 40 | m.Handle("/configz", http.HandlerFunc(handle)) 41 | } 42 | 43 | // mux 44 | type mux interface { 45 | Handle(string, http.Handler) 46 | } 47 | 48 | // New creates a Config object with the given name. Each Config is registered 49 | // with this package's "/configz" handler. 50 | func New(name string) (*Config, error) { 51 | configsGuard.Lock() 52 | defer configsGuard.Unlock() 53 | if _, found := configs[name]; found { 54 | return nil, fmt.Errorf("register config %q twice", name) 55 | } 56 | newConfig := Config{} 57 | configs[name] = &newConfig 58 | return &newConfig, nil 59 | } 60 | 61 | // Delete removes the named ComponentConfig from this package's "/configz" 62 | // handler. 63 | func Delete(name string) { 64 | configsGuard.Lock() 65 | defer configsGuard.Unlock() 66 | delete(configs, name) 67 | } 68 | 69 | // Set sets the ComponentConfig for this Config. 70 | func (v *Config) Set(val interface{}) { 71 | configsGuard.Lock() 72 | defer configsGuard.Unlock() 73 | v.val = val 74 | } 75 | 76 | // MarshalJSON marshals the ComponentConfig as JSON data. 77 | func (v *Config) MarshalJSON() ([]byte, error) { 78 | return json.Marshal(v.val) 79 | } 80 | 81 | func handle(w http.ResponseWriter, r *http.Request) { 82 | if err := write(w); err != nil { 83 | http.Error(w, err.Error(), http.StatusInternalServerError) 84 | } 85 | } 86 | 87 | func write(w http.ResponseWriter) error { 88 | var b []byte 89 | var err error 90 | func() { 91 | configsGuard.RLock() 92 | defer configsGuard.RUnlock() 93 | b, err = json.Marshal(configs) 94 | }() 95 | if err != nil { 96 | return fmt.Errorf("error marshaling json: %v", err) 97 | } 98 | w.Header().Set("Content-Type", "application/json") 99 | w.Header().Set("X-Content-Type-Options", "nosniff") 100 | _, err = w.Write(b) 101 | return err 102 | } 103 | -------------------------------------------------------------------------------- /pkg/util/controller_utils.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package util 17 | 18 | import ( 19 | "errors" 20 | "strings" 21 | 22 | v1 "k8s.io/api/core/v1" 23 | "k8s.io/client-go/tools/cache" 24 | ) 25 | 26 | var ( 27 | keyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc 28 | NamespacePrefix = "Namespace~" 29 | ServicePrefix = "Service~" 30 | ConfigMapPrefix = "ConfigMap~" 31 | ) 32 | 33 | func GenObjectQueueKey(obj interface{}) (string, error) { 34 | key, err := keyFunc(obj) 35 | if err != nil { 36 | return "", err 37 | } 38 | return key, err 39 | } 40 | 41 | // GetOriginKeyWithResyncQueueKey 通过同步任务key生成原始key 42 | func GetOriginKeyWithResyncQueueKey(key string) string { 43 | return key[:len(key)-len("~resync")] 44 | } 45 | 46 | // GenResourceResyncQueueKey 通过原始key生成用于同步任务的key便于区分不同的任务 47 | func GenResourceResyncQueueKey(key string) string { 48 | return key + "~" + "resync" 49 | } 50 | 51 | // GenQueueKeyWithFlag 在 namespace 的事件流程中使用。 52 | // 产生 service queue 中的 key,flag 表示添加时是否是北极星的服务 53 | func GenQueueKeyWithFlag(svc interface{}, flag string) (string, error) { 54 | key, err := keyFunc(svc) 55 | if err != nil { 56 | return "", err 57 | } 58 | key += "~" + flag 59 | 60 | return key, nil 61 | } 62 | 63 | // GetResourceRealKeyWithFlag 从 service queue 中的 key ,解析出 namespace、service、flag 64 | func GetResourceRealKeyWithFlag(queueKey string) (string, string, string, string, error) { 65 | if queueKey == "" { 66 | return "", "", "", "", nil 67 | } 68 | op := "" 69 | ss := strings.Split(queueKey, "~") 70 | namespace, service, err := cache.SplitMetaNamespaceKey(ss[0]) 71 | if err != nil { 72 | return "", "", "", "", err 73 | } 74 | if len(ss) != 1 { 75 | op = ss[1] 76 | } 77 | return ss[0], namespace, service, op, nil 78 | } 79 | 80 | // GenConfigMapQueueKeyWithFlag 在 namespace 的事件流程中使用。 81 | // 产生 service queue 中的 key,flag 表示添加时是否是北极星的服务 82 | func GenConfigMapQueueKeyWithFlag(svc *v1.ConfigMap, flag string) (string, error) { 83 | key, err := keyFunc(svc) 84 | if err != nil { 85 | return "", err 86 | } 87 | key += "~" + flag 88 | 89 | return key, nil 90 | } 91 | 92 | // GenResourceMapQueueKey 产生 service 中 queue 中用的 key 93 | func GenResourceMapQueueKey(val interface{}) (string, error) { 94 | key, err := keyFunc(val) 95 | if err != nil { 96 | return "", err 97 | } 98 | 99 | switch val.(type) { 100 | case *v1.Namespace: 101 | return NamespacePrefix + key, nil 102 | case *v1.ConfigMap: 103 | return ConfigMapPrefix + key, nil 104 | case *v1.Service: 105 | return ServicePrefix + key, nil 106 | } 107 | return "", errors.New("not invalid kubernetes resource type") 108 | } 109 | 110 | func IsServiceKey(key string) (string, bool) { 111 | if strings.HasPrefix(key, ServicePrefix) { 112 | return strings.TrimPrefix(key, ServicePrefix), true 113 | } 114 | return key, false 115 | } 116 | 117 | func IsConfigMapKey(key string) (string, bool) { 118 | if strings.HasPrefix(key, ConfigMapPrefix) { 119 | return strings.TrimPrefix(key, ConfigMapPrefix), true 120 | } 121 | return key, false 122 | } 123 | 124 | func GetNamespace(svr *v1.Service) string { 125 | if v, ok := svr.GetAnnotations()[PolarisOverideNamespace]; ok && v != "" { 126 | return v 127 | } 128 | 129 | return svr.GetNamespace() 130 | } 131 | 132 | func GetServiceName(svr *v1.Service) string { 133 | if v, ok := svr.GetAnnotations()[PolarisOverideService]; ok && v != "" { 134 | return v 135 | } 136 | return svr.GetName() 137 | } 138 | -------------------------------------------------------------------------------- /pkg/util/feature/feature_gate.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2016 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package feature 18 | 19 | import ( 20 | "k8s.io/component-base/featuregate" 21 | ) 22 | 23 | var ( 24 | // DefaultMutableFeatureGate is a mutable version of DefaultFeatureGate. 25 | // Only top-level commands/options setup and the k8s.io/component-base/featuregate/testing package 26 | //should make use of this. 27 | // Tests that need to modify feature gates for the duration of their test should use: 28 | // defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, 29 | // features., )() 30 | DefaultMutableFeatureGate featuregate.MutableFeatureGate = featuregate.NewFeatureGate() 31 | 32 | // DefaultFeatureGate is a shared global FeatureGate. 33 | // Top-level commands/options setup that needs to modify this feature gate should use DefaultMutableFeatureGate. 34 | DefaultFeatureGate featuregate.FeatureGate = DefaultMutableFeatureGate 35 | ) 36 | -------------------------------------------------------------------------------- /pkg/version/base.go: -------------------------------------------------------------------------------- 1 | // Tencent is pleased to support the open source community by making Polaris available. 2 | // 3 | // Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | // 5 | // Licensed under the BSD 3-Clause License (the "License"); 6 | // you may not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // https://opensource.org/licenses/BSD-3-Clause 10 | // 11 | // Unless required by applicable law or agreed to in writing, software distributed 12 | // under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | // CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | // specific language governing permissions and limitations under the License. 15 | 16 | package version 17 | 18 | // Base version information. 19 | // 20 | // This is the fallback data used when version information from git is not 21 | // provided via go ldflags. It provides an approximation of the Kubernetes 22 | // version for ad-hoc builds (e.g. `go build`) that cannot get the version 23 | // information from git. 24 | // 25 | // If you are looking at these fields in the git tree, they look 26 | // strange. They are modified on the fly by the build process. The 27 | // in-tree values are dummy values used for "git archive", which also 28 | // works for GitHub tar downloads. 29 | // 30 | // When releasing a new Kubernetes version, this file is updated by 31 | // build/mark_new_version.sh to reflect the new version, and then a 32 | // git annotated tag (using format vX.Y where X == Major version and Y 33 | // == Minor version) is created to point to the commit that updates 34 | // pkg/version/base.go 35 | var ( 36 | // TODO: Deprecate gitMajor and gitMinor, use only gitVersion 37 | // instead. First step in deprecation, keep the fields but make 38 | // them irrelevant. (Next we'll take it out, which may muck with 39 | // scripts consuming the kubectl version output - but most of 40 | // these should be looking at gitVersion already anyways.) 41 | gitMajor string // major version, always numeric 42 | gitMinor string // minor version, numeric possibly followed by "+" 43 | 44 | // semantic version, derived by build scripts (see 45 | // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/release/versioning.md 46 | // for a detailed discussion of this field) 47 | // 48 | // TODO: This field is still called "gitVersion" for legacy 49 | // reasons. For prerelease versions, the build metadata on the 50 | // semantic version is a git hash, but the version itself is no 51 | // longer the direct output of "git describe", but a slight 52 | // translation to be semver compliant. 53 | 54 | // NOTE: The $Format strings are replaced during 'git archive' thanks to the 55 | // companion .gitattributes file containing 'export-subst' in this same 56 | // directory. See also https://git-scm.com/docs/gitattributes 57 | gitVersion = "v0.0.0-master+$Format:%h$" 58 | gitCommit = "$Format:%H$" // sha1 from git, output of $(git rev-parse HEAD) 59 | gitTreeState = "" // state of git tree, either "clean" or "dirty" 60 | 61 | buildDate = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ') 62 | ) 63 | -------------------------------------------------------------------------------- /pkg/version/version.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package version 18 | 19 | import ( 20 | "fmt" 21 | "runtime" 22 | 23 | apimachineryversion "k8s.io/apimachinery/pkg/version" 24 | ) 25 | 26 | // Get returns the overall codebase version. It's for detecting 27 | // what code a binary was built from. 28 | func Get() apimachineryversion.Info { 29 | // These variables typically come from -ldflags settings and in 30 | // their absence fallback to the settings in pkg/version/base.go 31 | return apimachineryversion.Info{ 32 | Major: gitMajor, 33 | Minor: gitMinor, 34 | GitVersion: gitVersion, 35 | GitCommit: gitCommit, 36 | GitTreeState: gitTreeState, 37 | BuildDate: buildDate, 38 | GoVersion: runtime.Version(), 39 | Compiler: runtime.Compiler, 40 | Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH), 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/Dockerfile: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | FROM alpine:3.8 17 | 18 | RUN apk update upgrade && \ 19 | apk add --no-cache bash util-linux 20 | 21 | COPY bootstrap_template.yaml /bootstrap_template.yaml 22 | COPY bootstrap_template_tls.yaml /bootstrap_template_tls.yaml 23 | COPY start.sh /start.sh 24 | RUN mkdir -p /logs && chmod 777 /logs 25 | 26 | RUN ["chmod", "+x", "/start.sh"] 27 | ENTRYPOINT ["/bin/bash", "-c", "/start.sh"] 28 | -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/bootstrap_template.yaml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | node: 17 | id: "ENVOY_NODE_ID" 18 | cluster: "CLUSTER_NAME" 19 | metadata: METADATA 20 | static_resources: 21 | clusters: 22 | - name: polaris_xds_server 23 | connect_timeout: 5s 24 | typed_extension_protocol_options: 25 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 26 | "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 27 | explicit_http_config: 28 | http2_protocol_options: {} 29 | type: STRICT_DNS 30 | load_assignment: 31 | cluster_name: polaris_xds_server 32 | endpoints: 33 | - lb_endpoints: 34 | - endpoint: 35 | address: 36 | socket_address: 37 | address: POLARIS_SERVER_HOST 38 | port_value: POLARIS_SERVER_PORT 39 | - name: polaris_ratelimit 40 | type: STATIC 41 | connect_timeout: 1s 42 | lb_policy: ROUND_ROBIN 43 | protocol_selection: USE_CONFIGURED_PROTOCOL 44 | http2_protocol_options: {} 45 | load_assignment: 46 | cluster_name: polaris_ratelimit 47 | endpoints: 48 | - lbEndpoints: 49 | - endpoint: 50 | address: 51 | pipe: 52 | path: /tmp/polaris-sidecar/ratelimit/rls.sock 53 | dynamic_resources: 54 | lds_config: 55 | api_config_source: 56 | api_type: DELTA_GRPC 57 | transport_api_version: V3 58 | grpc_services: 59 | envoy_grpc: 60 | cluster_name: polaris_xds_server 61 | cds_config: 62 | ads: {} 63 | resource_api_version: V3 64 | ads_config: 65 | api_type: DELTA_GRPC 66 | transport_api_version: V3 67 | grpc_services: 68 | envoy_grpc: 69 | cluster_name: polaris_xds_server 70 | admin: 71 | access_log_path: /dev/stdout 72 | address: 73 | socket_address: 74 | address: 127.0.0.1 75 | port_value: 15000 -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/bootstrap_template_odcds.yaml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | node: 17 | id: "ENVOY_NODE_ID" 18 | cluster: "CLUSTER_NAME" 19 | metadata: METADATA 20 | static_resources: 21 | clusters: 22 | - name: polaris_xds_server 23 | connect_timeout: 5s 24 | typed_extension_protocol_options: 25 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 26 | "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 27 | explicit_http_config: 28 | http2_protocol_options: {} 29 | type: STRICT_DNS 30 | load_assignment: 31 | cluster_name: polaris_xds_server 32 | endpoints: 33 | - lb_endpoints: 34 | - endpoint: 35 | address: 36 | socket_address: 37 | address: POLARIS_SERVER_HOST 38 | port_value: POLARIS_SERVER_PORT 39 | - name: polaris_ratelimit 40 | type: STATIC 41 | connect_timeout: 1s 42 | lb_policy: ROUND_ROBIN 43 | protocol_selection: USE_CONFIGURED_PROTOCOL 44 | http2_protocol_options: {} 45 | load_assignment: 46 | cluster_name: polaris_ratelimit 47 | endpoints: 48 | - lbEndpoints: 49 | - endpoint: 50 | address: 51 | pipe: 52 | path: /tmp/polaris-sidecar/ratelimit/rls.sock 53 | dynamic_resources: 54 | lds_config: 55 | api_config_source: 56 | api_type: DELTA_GRPC 57 | transport_api_version: V3 58 | grpc_services: 59 | envoy_grpc: 60 | cluster_name: polaris_xds_server 61 | ads_config: 62 | api_type: DELTA_GRPC 63 | transport_api_version: V3 64 | grpc_services: 65 | envoy_grpc: 66 | cluster_name: polaris_xds_server 67 | admin: 68 | access_log_path: /dev/stdout 69 | address: 70 | socket_address: 71 | address: 127.0.0.1 72 | port_value: 15000 -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls.yaml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | node: 17 | id: "ENVOY_NODE_ID" 18 | cluster: "CLUSTER_NAME" 19 | metadata: METADATA 20 | static_resources: 21 | clusters: 22 | - name: sds-grpc 23 | connectTimeout: 0.250s 24 | type: STATIC 25 | typed_extension_protocol_options: 26 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 27 | "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" 28 | explicit_http_config: 29 | http2_protocol_options: {} 30 | loadAssignment: 31 | clusterName: sds-grpc 32 | endpoints: 33 | - lbEndpoints: 34 | - endpoint: 35 | address: 36 | pipe: 37 | path: /tmp/polaris-sidecar/mtls/sds.sock 38 | - name: polaris_xds_server 39 | connect_timeout: 5s 40 | typed_extension_protocol_options: 41 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 42 | "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 43 | explicit_http_config: 44 | http2_protocol_options: {} 45 | type: STRICT_DNS 46 | load_assignment: 47 | cluster_name: polaris_xds_server 48 | endpoints: 49 | - lb_endpoints: 50 | - endpoint: 51 | address: 52 | socket_address: 53 | address: POLARIS_SERVER_HOST 54 | port_value: POLARIS_SERVER_PORT 55 | - name: polaris_ratelimit 56 | type: STATIC 57 | connect_timeout: 1s 58 | lb_policy: ROUND_ROBIN 59 | protocol_selection: USE_CONFIGURED_PROTOCOL 60 | http2_protocol_options: {} 61 | load_assignment: 62 | cluster_name: polaris_ratelimit 63 | endpoints: 64 | - lbEndpoints: 65 | - endpoint: 66 | address: 67 | pipe: 68 | path: /tmp/polaris-sidecar/ratelimit/rls.sock 69 | dynamic_resources: 70 | lds_config: 71 | api_config_source: 72 | api_type: DELTA_GRPC 73 | transport_api_version: V3 74 | grpc_services: 75 | envoy_grpc: 76 | cluster_name: polaris_xds_server 77 | cds_config: 78 | ads: {} 79 | resource_api_version: V3 80 | ads_config: 81 | api_type: DELTA_GRPC 82 | transport_api_version: V3 83 | grpc_services: 84 | envoy_grpc: 85 | cluster_name: polaris_xds_server 86 | admin: 87 | access_log_path: /dev/stdout 88 | address: 89 | socket_address: 90 | address: 127.0.0.1 91 | port_value: 15000 -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/bootstrap_template_tls_odcds.yaml: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | node: 17 | id: "ENVOY_NODE_ID" 18 | cluster: "CLUSTER_NAME" 19 | metadata: METADATA 20 | static_resources: 21 | clusters: 22 | - name: sds-grpc 23 | connectTimeout: 0.250s 24 | type: STATIC 25 | typed_extension_protocol_options: 26 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 27 | "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" 28 | explicit_http_config: 29 | http2_protocol_options: {} 30 | loadAssignment: 31 | clusterName: sds-grpc 32 | endpoints: 33 | - lbEndpoints: 34 | - endpoint: 35 | address: 36 | pipe: 37 | path: /tmp/polaris-sidecar/mtls/sds.sock 38 | - name: polaris_xds_server 39 | connect_timeout: 5s 40 | typed_extension_protocol_options: 41 | envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 42 | "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 43 | explicit_http_config: 44 | http2_protocol_options: {} 45 | type: STRICT_DNS 46 | load_assignment: 47 | cluster_name: polaris_xds_server 48 | endpoints: 49 | - lb_endpoints: 50 | - endpoint: 51 | address: 52 | socket_address: 53 | address: POLARIS_SERVER_HOST 54 | port_value: POLARIS_SERVER_PORT 55 | - name: polaris_ratelimit 56 | type: STATIC 57 | connect_timeout: 1s 58 | lb_policy: ROUND_ROBIN 59 | protocol_selection: USE_CONFIGURED_PROTOCOL 60 | http2_protocol_options: {} 61 | load_assignment: 62 | cluster_name: polaris_ratelimit 63 | endpoints: 64 | - lbEndpoints: 65 | - endpoint: 66 | address: 67 | pipe: 68 | path: /tmp/polaris-sidecar/ratelimit/rls.sock 69 | dynamic_resources: 70 | lds_config: 71 | api_config_source: 72 | api_type: DELTA_GRPC 73 | transport_api_version: V3 74 | grpc_services: 75 | envoy_grpc: 76 | cluster_name: polaris_xds_server 77 | ads_config: 78 | api_type: DELTA_GRPC 79 | transport_api_version: V3 80 | grpc_services: 81 | envoy_grpc: 82 | cluster_name: polaris_xds_server 83 | admin: 84 | access_log_path: /dev/stdout 85 | address: 86 | socket_address: 87 | address: 127.0.0.1 88 | port_value: 15000 -------------------------------------------------------------------------------- /sidecar/envoy-bootstrap-config-generator/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Tencent is pleased to support the open source community by making Polaris available. 3 | # 4 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 | # 6 | # Licensed under the BSD 3-Clause License (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://opensource.org/licenses/BSD-3-Clause 11 | # 12 | # Unless required by applicable law or agreed to in writing, software distributed 13 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations under the License. 16 | 17 | set -ex 18 | readonly PACKAGE_DIRECTORY=$(dirname "$0") 19 | BOOTSTRAP_TEMPLATE="${PACKAGE_DIRECTORY}/bootstrap_template.yaml" 20 | readonly BOOTSTRAP_INSTANCE="${PACKAGE_DIRECTORY}/bootstrap_instance.yaml" 21 | OPEN_DEMAND=${OPEN_DEMAND} 22 | if [[ "${OPEN_DEMAND}" == "true" ]]; then 23 | BOOTSTRAP_TEMPLATE="${PACKAGE_DIRECTORY}/bootstrap_template_odcds.yaml" 24 | fi 25 | 26 | function prepare_envoy() { 27 | # Generate Envoy bootstrap. 28 | # namespace/$uuidgen~$tlsmode~$hostname 29 | envoy_node_id="sidecar~${NAMESPACE}/${POD_NAME}~${INSTANCE_IP}" 30 | if [[ -v TLS_MODE ]]; then 31 | BOOTSTRAP_TEMPLATE="${PACKAGE_DIRECTORY}/bootstrap_template_tls.yaml" 32 | if [[ "${OPEN_DEMAND}" == "true" ]]; then 33 | BOOTSTRAP_TEMPLATE="${PACKAGE_DIRECTORY}/bootstrap_template_tls_odcds.yaml" 34 | fi 35 | fi 36 | cat "${BOOTSTRAP_TEMPLATE}" | 37 | sed -e "s|ENVOY_NODE_ID|${envoy_node_id}|g" | 38 | sed -e "s|CLUSTER_NAME|${CLUSTER_NAME}|g" | 39 | sed -e "s|POLARIS_SERVER_URL|${POLARIS_SERVER_URL}|g" | 40 | sed -e "s|POLARIS_SERVER_HOST|${POLARIS_SERVER_HOST}|g" | 41 | sed -e "s|POLARIS_SERVER_PORT|${POLARIS_SERVER_PORT}|g" | 42 | sed -e "s|METADATA|${METADATA}|g" \ 43 | >"${BOOTSTRAP_INSTANCE}" 44 | } 45 | 46 | printenv polaris-client-config >/data/polaris-client-config/polaris.yaml 47 | 48 | prepare_envoy 49 | 50 | if [[ -v DEBUG_MODE ]]; then 51 | cat "${BOOTSTRAP_INSTANCE}" 52 | fi 53 | 54 | mv "${BOOTSTRAP_INSTANCE}" /var/lib/data/envoy.yaml 55 | -------------------------------------------------------------------------------- /sidecar/polaris-sidecar-init/Dockerfile: -------------------------------------------------------------------------------- 1 | # Tencent is pleased to support the open source community by making Polaris available. 2 | # 3 | # Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 4 | # 5 | # Licensed under the BSD 3-Clause License (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://opensource.org/licenses/BSD-3-Clause 10 | # 11 | # Unless required by applicable law or agreed to in writing, software distributed 12 | # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | # CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | # specific language governing permissions and limitations under the License. 15 | 16 | FROM alpine:3.18.6 17 | 18 | # Copy Startup Script 19 | COPY start.sh /start.sh 20 | 21 | # Install IP Tables & fix permissions 22 | RUN apk update \ 23 | && apk add tzdata \ 24 | && apk add --no-cache bash \ 25 | && apk add curl \ 26 | && apk add iptables --no-cache > /dev/null && \ 27 | chmod +x /start.sh 28 | 29 | WORKDIR / 30 | 31 | # Run script 32 | CMD [ "/start.sh" ] -------------------------------------------------------------------------------- /version: -------------------------------------------------------------------------------- 1 | v1.7.3 --------------------------------------------------------------------------------