├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── feature_request.md │ ├── proposal.md │ └── suggestions.md ├── .gitignore ├── .golangci-format.yaml ├── .golangci.yaml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING_GUILDLINES.md ├── LICENSE ├── LICENSE_ANNOUCEMENT.md ├── Makefile ├── README.md ├── README_EN.md ├── ROADMAP.md ├── bin ├── gen_bundle.sh ├── gen_deepcopy.sh ├── gen_module.sh ├── gen_proto.sh ├── get_module_image.sh ├── multiarch.sh ├── publish.sh ├── publish_bundle.sh └── reset_to_remote.sh ├── boilerplate.go.txt ├── boot ├── Dockerfile ├── helm-charts │ └── slimeboot │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── NOTES.txt.bak │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ │ └── values.yaml ├── publish.sh └── watches.yaml ├── build ├── Dockerfile └── bin │ ├── entrypoint │ └── user_setup ├── doc ├── en │ ├── slime-boot.md │ └── slime_e2e_test.md ├── index.html └── zh │ ├── feature-introduce │ ├── framework │ │ └── TODO.md │ ├── lazyload │ │ ├── TODO.md │ │ ├── autoport特性.md │ │ ├── grpc懒加载.md │ │ ├── http懒加载.md │ │ └── 特征流量分派.md │ ├── limiter │ │ ├── TODO.md │ │ └── 单机限流特性文档.md │ ├── meshregistry │ │ └── TODO.md │ └── plugin │ │ └── TODO.md │ ├── slime-boot.md │ ├── slime-build.md │ ├── slime-developers-guide.md │ └── slime_e2e_test_zh.md ├── docker └── Dockerfile.build-tools ├── framework ├── .gitignore ├── Dockerfile ├── apis │ └── config │ │ └── v1alpha1 │ │ ├── config.pb.go │ │ ├── config.proto │ │ ├── config_json.gen.go │ │ ├── doc.go │ │ ├── groupversion_info.go │ │ ├── slime_boot.pb.go │ │ ├── slime_boot.proto │ │ ├── slime_boot_json.gen.go │ │ └── slimeboot_types.go ├── bootstrap │ ├── adsc │ │ └── adsc.go │ ├── collections │ │ └── collections.go │ ├── config.go │ ├── configcontroller.go │ ├── configstore.go │ ├── http.go │ ├── k8s.go │ ├── monitor.go │ ├── monitorcontroller.go │ ├── resource │ │ ├── context.go │ │ ├── gvk.go │ │ └── schema.go │ ├── serviceregistry │ │ ├── kube │ │ │ ├── conversion.go │ │ │ └── endpoints.go │ │ ├── model │ │ │ └── service.go │ │ └── serviceentry │ │ │ └── conversion.go │ ├── viewerstore.go │ └── viewstore │ │ └── viewstore.go ├── charts │ └── crds │ │ └── config.netease.com_slimeboots.yaml ├── controllers │ ├── context.go │ ├── controller.go │ ├── destinationrule_controller.go │ ├── suite_test.go │ └── virtualservice_controller.go ├── go.mod ├── go.sum ├── model │ ├── config.go │ ├── endpoints.go │ ├── metric │ │ ├── accesslog_convertor.go │ │ ├── accesslog_source.go │ │ ├── config.go │ │ ├── mock_source.go │ │ ├── model.go │ │ ├── producer.go │ │ ├── prometheus_source.go │ │ ├── ticker_producer.go │ │ └── watcher_producer.go │ ├── model.go │ ├── module │ │ └── module.go │ ├── pkg │ │ └── leaderelection │ │ │ ├── kubeleaderelector.go │ │ │ └── leaderelector.go │ ├── source │ │ ├── aggregate │ │ │ └── source.go │ │ ├── k8s │ │ │ ├── metric.go │ │ │ ├── source.go │ │ │ └── test │ │ │ │ └── test.json │ │ └── source.go │ └── trigger │ │ ├── ticker_trigger.go │ │ └── watcher_trigger.go ├── monitoring │ └── monitoring.go ├── test │ ├── e2e │ │ ├── common │ │ │ └── util.go │ │ └── framework │ │ │ ├── exec_util.go │ │ │ ├── expect.go │ │ │ ├── framework.go │ │ │ ├── ginkgowrapper │ │ │ └── wrapper.go │ │ │ ├── kubectl │ │ │ └── kubectl_utils.go │ │ │ ├── log.go │ │ │ ├── log │ │ │ └── logger.go │ │ │ ├── pod │ │ │ ├── resource.go │ │ │ └── wait.go │ │ │ ├── testfiles │ │ │ └── testfiles.go │ │ │ ├── text_context.go │ │ │ └── util.go │ └── util │ │ └── util.go └── util │ ├── calcaulator_test.go │ ├── calculator.go │ ├── const.go │ ├── data.go │ ├── error.go │ ├── log.go │ ├── proto.go │ ├── set.go │ ├── stack.go │ ├── util.go │ └── util_test.go ├── go.work ├── go.work.sum ├── install ├── config │ ├── bookinfo.yaml │ ├── prometheus.yaml │ └── reviews-destination-rule.yaml └── init │ ├── crds-v1.yaml │ ├── crds.yaml │ ├── deployment_slime-boot.yaml │ └── slimeboots-v1.yaml ├── media ├── arch.png ├── policy.png ├── policy_zh.png ├── slime-arch-v2.png ├── slime-arch-v3.png ├── slime-qq.png └── slime_logo.png ├── modules └── example │ ├── Dockerfile │ ├── PROJECT │ ├── README.md │ ├── api │ ├── config │ │ ├── example_module.pb.go │ │ ├── example_module.proto │ │ ├── example_module_deepcopy.gen.go │ │ └── example_module_json.gen.go │ └── v1alpha1 │ │ ├── example.pb.go │ │ ├── example.proto │ │ ├── example_deepcopy.gen.go │ │ ├── example_json.gen.go │ │ ├── example_types.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go │ ├── charts │ ├── crds │ │ └── microservice.slime.io_examples.yaml │ └── values.yaml │ ├── controllers │ └── example_controller.go │ ├── go.mod │ ├── go.sum │ ├── install │ └── samples │ │ └── slimeboot_example.yaml │ ├── main.go │ ├── model │ └── model.go │ ├── module │ └── module.go │ └── publish.sh ├── staging └── src │ └── slime.io │ └── slime │ └── modules │ ├── bundle-all │ ├── Dockerfile │ ├── README.md │ ├── go.mod │ ├── go.sum │ ├── main.go │ └── publish.sh │ ├── bundle-hango │ ├── Dockerfile │ ├── README.md │ ├── go.mod │ ├── go.sum │ ├── install │ │ ├── crds-v1.yaml │ │ ├── crds-v1beta1.yaml │ │ └── slime-hango.yaml │ ├── main.go │ └── publish.sh │ ├── lazyload │ ├── Dockerfile │ ├── PROJECT │ ├── README.md │ ├── README_EN.md │ ├── api │ │ ├── config │ │ │ ├── fence_module.pb.go │ │ │ ├── fence_module.proto │ │ │ ├── fence_module_deepcopy.gen.go │ │ │ └── fence_module_json.gen.go │ │ └── v1alpha1 │ │ │ ├── groupversion_info.go │ │ │ ├── service_fence.pb.go │ │ │ ├── service_fence.proto │ │ │ ├── service_fence_deepcopy.gen.go │ │ │ ├── service_fence_json.gen.go │ │ │ ├── servicefence_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── charts │ │ ├── charts.go │ │ ├── crds │ │ │ └── microservice.slime.io_servicefences.yaml │ │ └── global-sidecar │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── cluster-global-sidecar.yaml │ │ │ └── namespace-global-sidecar.yaml │ │ │ └── values.yaml │ ├── cmd │ │ ├── envoyproxy │ │ │ ├── Dockerfile │ │ │ └── proxy.yaml │ │ └── proxy │ │ │ ├── Dockerfile │ │ │ ├── controller.go │ │ │ ├── main.go │ │ │ ├── publish.sh │ │ │ └── svcController.go │ ├── config │ │ ├── certmanager │ │ │ ├── certificate.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── crd │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── patches │ │ │ │ ├── cainjection_in_servicefences.yaml │ │ │ │ └── webhook_in_servicefences.yaml │ │ ├── default │ │ │ ├── kustomization.yaml │ │ │ ├── manager_auth_proxy_patch.yaml │ │ │ ├── manager_webhook_patch.yaml │ │ │ └── webhookcainjection_patch.yaml │ │ ├── manager │ │ │ ├── kustomization.yaml │ │ │ └── manager.yaml │ │ ├── prometheus │ │ │ ├── kustomization.yaml │ │ │ └── monitor.yaml │ │ ├── rbac │ │ │ ├── auth_proxy_client_clusterrole.yaml │ │ │ ├── auth_proxy_role.yaml │ │ │ ├── auth_proxy_role_binding.yaml │ │ │ ├── auth_proxy_service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── leader_election_role.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── servicefence_editor_role.yaml │ │ │ └── servicefence_viewer_role.yaml │ │ ├── samples │ │ │ └── microservice.slime.io_v1alpha1_servicefence.yaml │ │ └── webhook │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── service.yaml │ ├── controllers │ │ ├── domain.go │ │ ├── model.go │ │ ├── monitoring.go │ │ ├── process.go │ │ ├── producer.go │ │ ├── service_cache.go │ │ ├── serviceentry_cache.go │ │ ├── servicefence_controller.go │ │ ├── servicefence_controller_test.go │ │ ├── suite_test.go │ │ ├── testdata │ │ │ ├── autofence.base.expect.sidecar.yaml │ │ │ └── autofence.base.input.yaml │ │ └── update_resources.go │ ├── go.mod │ ├── go.sum │ ├── install │ │ └── samples │ │ │ └── lazyload │ │ │ ├── easy_install_lazyload.sh │ │ │ ├── easy_uninstall_lazyload.sh │ │ │ ├── pvc_lazyload.yaml │ │ │ ├── servicefence_productpage.yaml │ │ │ ├── slimeboot_cluster_accesslog.yaml │ │ │ ├── slimeboot_cluster_prometheus.yaml │ │ │ ├── slimeboot_logrotate.yaml │ │ │ ├── slimeboot_namespace_accesslog.yaml │ │ │ └── slimeboot_namespace_prometheus.yaml │ ├── lazyload_tutorials.md │ ├── lazyload_tutorials_zh.md │ ├── main.go │ ├── media │ │ ├── lazyload-architecture-2021-10-19-en.png │ │ ├── lazyload-architecture-2021-10-19.png │ │ ├── lazyload-architecture-20211222.png │ │ ├── lazyload-architecture-20211222_zh.png │ │ ├── lazyload-architecture-2023-12-06.png │ │ ├── lazyload-vs-update.png │ │ └── ll.png │ ├── model │ │ ├── const.go │ │ └── model.go │ ├── module │ │ └── module.go │ ├── pkg │ │ ├── helm │ │ │ └── chart.go │ │ ├── kube │ │ │ └── resources.go │ │ ├── proxy │ │ │ ├── cache.go │ │ │ └── http.go │ │ └── server │ │ │ └── http.go │ ├── publish.sh │ └── test │ │ └── e2e │ │ ├── e2e_test.go │ │ ├── lazyload_test.go │ │ ├── lazyload_test_clean.sh │ │ ├── reports │ │ └── service_01.xml │ │ ├── testdata │ │ └── install │ │ │ ├── config │ │ │ └── bookinfo.yaml │ │ │ ├── init │ │ │ ├── crds.yaml │ │ │ └── deployment_slime-boot.yaml │ │ │ └── samples │ │ │ └── lazyload │ │ │ ├── servicefence_productpage.yaml │ │ │ └── slimeboot_lazyload.yaml │ │ └── values.go │ ├── limiter │ ├── Dockerfile │ ├── README.md │ ├── README_EN.md │ ├── api │ │ ├── config │ │ │ ├── limiter_module.pb.go │ │ │ ├── limiter_module.proto │ │ │ ├── limiter_module_deepcopy.gen.go │ │ │ └── limiter_module_json.gen.go │ │ └── v1alpha2 │ │ │ ├── groupversion_info.go │ │ │ ├── smart_limiter.pb.go │ │ │ ├── smart_limiter.proto │ │ │ ├── smart_limiter_deepcopy.gen.go │ │ │ ├── smart_limiter_json.gen.go │ │ │ ├── smartlimiter_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── cfg.json │ ├── charts │ │ ├── crds │ │ │ └── microservice.slime.io_smartlimiters.yaml │ │ └── values.yaml │ ├── config │ │ ├── certmanager │ │ │ ├── certificate.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── crd │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── patches │ │ │ │ ├── cainjection_in_destinationrules.yaml │ │ │ │ ├── cainjection_in_smartlimiters.yaml │ │ │ │ ├── webhook_in_destinationrules.yaml │ │ │ │ └── webhook_in_smartlimiters.yaml │ │ ├── default │ │ │ ├── kustomization.yaml │ │ │ ├── manager_auth_proxy_patch.yaml │ │ │ ├── manager_webhook_patch.yaml │ │ │ └── webhookcainjection_patch.yaml │ │ ├── manager │ │ │ ├── kustomization.yaml │ │ │ └── manager.yaml │ │ ├── prometheus │ │ │ ├── kustomization.yaml │ │ │ └── monitor.yaml │ │ ├── rbac │ │ │ ├── auth_proxy_client_clusterrole.yaml │ │ │ ├── auth_proxy_role.yaml │ │ │ ├── auth_proxy_role_binding.yaml │ │ │ ├── auth_proxy_service.yaml │ │ │ ├── destinationrule_editor_role.yaml │ │ │ ├── destinationrule_viewer_role.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── leader_election_role.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── smartlimiter_editor_role.yaml │ │ │ └── smartlimiter_viewer_role.yaml │ │ ├── samples │ │ │ ├── microservice.slime.io_v1alpha1_smartlimiter.yaml │ │ │ └── networking.istio.io_v1alpha3_destinationrule.yaml │ │ └── webhook │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── service.yaml │ ├── controllers │ │ ├── controllers.go │ │ ├── envoy_filters.go │ │ ├── envoy_global_limit.go │ │ ├── envoy_local_limit.go │ │ ├── monitoring.go │ │ ├── multicluster │ │ │ └── controller.go │ │ ├── process.go │ │ ├── producer.go │ │ ├── smartlimiter_controller.go │ │ ├── smartlimiter_controller_test.go │ │ ├── suite_test.go │ │ └── testdata │ │ │ ├── base_objs.local.yaml │ │ │ ├── limit_by_method.local.ef.expect.yaml │ │ │ ├── limit_by_method.local.yaml │ │ │ ├── limit_by_query.local.ef.expect.yaml │ │ │ ├── limit_by_query.local.yaml │ │ │ ├── limit_by_sourceIP.local.ef.expect.yaml │ │ │ ├── limit_by_sourceIP.local.yaml │ │ │ ├── limit_outbound_with_mismatch_selector.local.ef.expect.yaml │ │ │ └── limit_outbound_with_mismatch_selector.local.yaml │ ├── document │ │ ├── smartlimiter.md │ │ └── smartlimiter_zh.md │ ├── go.mod │ ├── go.sum │ ├── install │ │ ├── easy_install_limiter.sh │ │ ├── easy_uninstall_limiter.sh │ │ ├── gw_limiter_envoyfilter.yaml │ │ ├── limiter-global.yaml │ │ ├── limiter.yaml │ │ ├── prometheus.yaml │ │ ├── rate-limit-config-gw.yaml │ │ ├── rate-limit-config.yaml │ │ └── rls.yaml │ ├── main.go │ ├── media │ │ ├── SmartLimiter.png │ │ └── smartlimiter.jpg │ ├── model │ │ ├── const.go │ │ └── model.go │ ├── module │ │ └── module.go │ ├── publish.sh │ └── test │ │ └── e2e │ │ ├── clean.sh │ │ ├── e2e_test.go │ │ ├── limiter_test.go │ │ ├── reports │ │ └── service_01.xml │ │ ├── testdata │ │ └── install │ │ │ ├── config │ │ │ └── bookinfo.yaml │ │ │ ├── init │ │ │ ├── crds.yaml │ │ │ └── deployment_slime-boot.yaml │ │ │ └── samples │ │ │ └── limiter │ │ │ ├── productpage_smartlimiter.yaml │ │ │ └── slimeboot_limiter.yaml │ │ └── values.go │ ├── meshregistry │ ├── Dockerfile │ ├── PROJECT │ ├── README.md │ ├── README_CH.md │ ├── README_EN.md │ ├── api │ │ ├── config │ │ │ ├── meshregistry_module.pb.go │ │ │ ├── meshregistry_module.proto │ │ │ ├── meshregistry_module_deepcopy.gen.go │ │ │ └── meshregistry_module_json.gen.go │ │ └── v1alpha1 │ │ │ ├── conversion.go │ │ │ ├── groupversion_info.go │ │ │ ├── source_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── charts │ │ ├── crds │ │ │ └── microservice.slime.io_registrysources.yaml │ │ └── values.yaml │ ├── controllers │ │ └── controllers.go │ ├── go.mod │ ├── go.sum │ ├── hack │ │ └── boilerplate.go.txt │ ├── install │ │ └── samples │ │ │ └── plugin │ │ │ └── slimeboot_meshregistry.yaml │ ├── main.go │ ├── model │ │ └── model.go │ ├── module │ │ ├── module.go │ │ ├── module_test.go │ │ ├── suit_test.go │ │ └── testdata │ │ │ ├── legacy-gw-mode.dynamic.cm.yaml │ │ │ ├── legacy-gw-mode.dynamic.cr.yaml │ │ │ ├── legacy-gw-mode.expect.cm.yaml │ │ │ ├── legacy-gw-mode.expect.cr.yaml │ │ │ └── legacy-gw-mode.static.yaml │ ├── pkg │ │ ├── bootstrap │ │ │ ├── args.go │ │ │ ├── patch.go │ │ │ └── patch_test.go │ │ ├── features │ │ │ ├── features.go │ │ │ └── serviceentrylabel.go │ │ ├── mcpoverxds │ │ │ ├── mcpcontroller.go │ │ │ └── mcpstore.go │ │ ├── monitoring │ │ │ ├── monitoring.go │ │ │ └── source.go │ │ ├── multicluster │ │ │ └── multicluster.go │ │ ├── server │ │ │ ├── httpServer.go │ │ │ ├── processing.go │ │ │ ├── server.go │ │ │ └── sources.go │ │ ├── source │ │ │ ├── eureka │ │ │ │ ├── client.go │ │ │ │ ├── conversion.go │ │ │ │ ├── mock_client.go │ │ │ │ ├── source.go │ │ │ │ ├── source_test.go │ │ │ │ └── testdata │ │ │ │ │ ├── legacy_gateway_mode.expected.yaml │ │ │ │ │ ├── legacy_gateway_mode.json │ │ │ │ │ ├── project_code.expected.yaml │ │ │ │ │ ├── project_code.json │ │ │ │ │ ├── simple.expected.yaml │ │ │ │ │ ├── simple.json │ │ │ │ │ ├── simple_scale_down_instance.expected.yaml │ │ │ │ │ └── simple_scale_down_instance.json │ │ │ ├── k8s │ │ │ │ ├── fs │ │ │ │ │ └── source.go │ │ │ │ └── source.go │ │ │ ├── nacos │ │ │ │ ├── conversion.go │ │ │ │ ├── httpclient.go │ │ │ │ ├── mock_client.go │ │ │ │ ├── polling.go │ │ │ │ ├── source.go │ │ │ │ ├── source_test.go │ │ │ │ └── testdata │ │ │ │ │ ├── legacy_gateway_mode.expected.yaml │ │ │ │ │ ├── legacy_gateway_mode.json │ │ │ │ │ ├── project_code.expected.yaml │ │ │ │ │ ├── project_code.json │ │ │ │ │ ├── simple.expected.yaml │ │ │ │ │ ├── simple.json │ │ │ │ │ ├── simple_scale_down_instance.expected.yaml │ │ │ │ │ └── simple_scale_down_instance.json │ │ │ ├── selector.go │ │ │ ├── selector_test.go │ │ │ ├── serviceentry.go │ │ │ ├── serviceentry_test.go │ │ │ ├── source.go │ │ │ ├── source_test.go │ │ │ ├── sourcetest │ │ │ │ ├── source.go │ │ │ │ └── source_test.go │ │ │ └── zookeeper │ │ │ │ ├── conversion.go │ │ │ │ ├── mock_zk.go │ │ │ │ ├── model.go │ │ │ │ ├── model_test.go │ │ │ │ ├── polling.go │ │ │ │ ├── sidecar.go │ │ │ │ ├── source.go │ │ │ │ ├── source_test.go │ │ │ │ ├── testdata │ │ │ │ ├── gateway_mode_generic_dubbo.expected.yaml │ │ │ │ ├── gateway_mode_generic_dubbo.yaml │ │ │ │ ├── legacy_gateway_mode.expected.yaml │ │ │ │ ├── legacy_gateway_mode.yaml │ │ │ │ ├── simple.expected.yaml │ │ │ │ ├── simple.yaml │ │ │ │ ├── simple_scale_down_instance.expected.yaml │ │ │ │ ├── simple_scale_down_instance.yaml │ │ │ │ ├── simple_se_merge_port_mocker.expected.yaml │ │ │ │ ├── simple_with_dubbo_call_model.expected.yaml │ │ │ │ └── simple_with_dubbo_call_model_and_self_consume.expected.yaml │ │ │ │ └── watching.go │ │ └── util │ │ │ ├── cache │ │ │ ├── cache.go │ │ │ ├── nodeCache.go │ │ │ └── podCache.go │ │ │ ├── locality.go │ │ │ ├── signal.go │ │ │ ├── util.go │ │ │ ├── util_test.go │ │ │ └── validation.go │ └── publish.sh │ └── plugin │ ├── Dockerfile │ ├── PROJECT │ ├── README.md │ ├── README_EN.md │ ├── api │ ├── config │ │ ├── plugin_module.pb.go │ │ ├── plugin_module.proto │ │ ├── plugin_module_deepcopy.gen.go │ │ └── plugin_module_json.gen.go │ └── v1alpha1 │ │ ├── envoy_plugin.pb.go │ │ ├── envoy_plugin.proto │ │ ├── envoy_plugin_deepcopy.gen.go │ │ ├── envoy_plugin_json.gen.go │ │ ├── groupversion_info.go │ │ ├── plugin_manager.pb.go │ │ ├── plugin_manager.proto │ │ ├── plugin_manager_deepcopy.gen.go │ │ ├── plugin_manager_json.gen.go │ │ ├── types.go │ │ └── zz_generated.deepcopy.go │ ├── charts │ ├── crds │ │ ├── microservice.slime.io_envoyplugins.yaml │ │ └── microservice.slime.io_pluginmanagers.yaml │ └── values.yaml │ ├── controllers │ ├── controllers.go │ ├── conversion.go │ ├── conversion_test.go │ ├── envoyplugin_controller.go │ ├── envoyplugin_controller_test.go │ ├── monitoring.go │ ├── pluginmanager_controller.go │ ├── pluginmanager_controller_test.go │ ├── proto.go │ ├── secrets.go │ ├── suite_test.go │ └── testdata │ │ ├── gateway_rc_patch.ep.expect.yaml │ │ ├── gateway_rc_patch.ep.yaml │ │ ├── gateway_sample.plm.expect.yaml │ │ └── gateway_sample.plm.yaml │ ├── go.mod │ ├── go.sum │ ├── hack │ └── boilerplate.go.txt │ ├── install │ └── samples │ │ └── plugin │ │ └── slimeboot_plugin.yaml │ ├── main.go │ ├── model │ └── model.go │ ├── module │ └── module.go │ └── publish.sh ├── supported-release.md └── testdata └── common └── crds └── istio1.19.1.customresourcedefinitions.gen.yaml /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 问题报告 3 | about: 向slime开发者报告任何存在的问题 4 | title: 问题报告 5 | labels: bug 6 | assignees: believening 7 | 8 | --- 9 | 10 | **问题描述** 11 | 12 | **影响的子模块(在下面列表中打'X')** 13 | 14 | - [ ] 配置懒加载 15 | - [ ] 插件管理 16 | - [ ] 智能限流 17 | - [ ] 注册仓库 18 | - [ ] 安装Boot 19 | 20 | **重现问题的步骤** 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 特性请求 3 | about: 需要slime支持新特性的请求 4 | title: '' 5 | labels: '' 6 | assignees: believening 7 | 8 | --- 9 | 10 | **问题背景** 11 | 12 | **您想要的解决方案** 13 | 14 | **您考虑过的替代方案** 15 | 16 | **额外的上下文** 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/proposal.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 用户提案 3 | about: 用户的提案 4 | title: '' 5 | labels: proposal 6 | assignees: believening 7 | 8 | --- 9 | 10 | **影响的子模块(在下面列表中打'X')** 11 | 12 | - [ ] 配置懒加载 13 | - [ ] 插件管理 14 | - [ ] 智能限流 15 | - [ ] 注册仓库 16 | - [ ] 安装Boot 17 | 18 | **问题背景** 19 | 20 | **您的提案内容** 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/suggestions.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 用户建议 3 | about: 关于slime的建议 4 | title: '' 5 | labels: advice 6 | assignees: believening 7 | 8 | --- 9 | 10 | **你想对slime开发者提的建议内容** 11 | -------------------------------------------------------------------------------- /.golangci-format.yaml: -------------------------------------------------------------------------------- 1 | run: 2 | concurrency: 4 3 | timeout: "5m" 4 | issues-exit-code: 1 5 | tests: false 6 | go: "1.20" 7 | 8 | issues: 9 | exclude-files: 10 | - ".*\\.pb\\.go" 11 | - ".*\\.gen\\.go" 12 | - "zz_generated.*\\.go" 13 | 14 | linters: 15 | disable-all: true 16 | enable: 17 | - gci 18 | - goimports 19 | - gofumpt 20 | 21 | linters-settings: 22 | gci: 23 | sections: 24 | - standard 25 | - default 26 | - prefix(slime.io/) 27 | goimports: 28 | local-prefixes: slime.io 29 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # CODE_OF_CONDUCT 2 | 3 | 4 | 5 | Slime observes the [CNCF Community Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). 6 | 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright The Slime Authors. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /bin/gen_deepcopy.sh: -------------------------------------------------------------------------------- 1 | 2 | # usage: 3 | # file hierarchy: 4 | # your_module/ 5 | # > cd to here, run: sh ../slime/bin/ 6 | # slime/bin/ 7 | make -f "$(dirname $0)/../Makefile" generate 8 | -------------------------------------------------------------------------------- /bin/gen_module.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # usage example: bash gen_module.sh my_module 4 | # get $MPATH/src/my_module 5 | 6 | BASEDIR=$(dirname $0) 7 | TEMPLATE_PATH=${BASEDIR}/../modules/example 8 | MPATH=$(realpath ${MPATH:-"${BASEDIR}/../staging/src/slime.io/slime/modules"}) 9 | echo "Module path is $MPATH" 10 | # get module name 11 | if [[ "$#" -eq 0 ]]; then 12 | echo "No specified module name. Please provide one and try again." 13 | exit 1 14 | else 15 | module_name=$1 16 | Module_name="${module_name^}" 17 | fi 18 | 19 | 20 | # check destination directory 21 | if [ -d "$MPATH/$module_name" ]; then 22 | read -p "$MPATH/$module_name already exists. Delete? (yes/no)" delete 23 | if [[ "$delete" != "yes" ]]; then 24 | echo "Exit without actions." 25 | exit 1 26 | else 27 | echo "Delete old $MPATH/$module_name directory." 28 | rm -rf "$MPATH/$module_name" 29 | fi 30 | fi 31 | 32 | # generate files from example 33 | cp -r "${TEMPLATE_PATH}" "$MPATH/$module_name" 34 | cd "$MPATH/$module_name" 35 | 36 | function replace_example() { 37 | sed -i "s/example/$module_name/g" $1 38 | sed -i "s/Example/$Module_name/g" $1 39 | } 40 | 41 | function rename_file(){ 42 | src=$1 43 | if echo "$src" | grep "example";then 44 | dst="${src/example/"${module_name}"}" 45 | mv $src $dst 46 | fi 47 | } 48 | 49 | for f in $(find . -type f);do 50 | replace_example $f 51 | rename_file $f 52 | done 53 | 54 | # modify go.mod 55 | sed -i "/need delete/d" go.mod 56 | sed -i "/need uncomment/s/\/\/ //" go.mod 57 | 58 | echo "module $module_name generates successfully" 59 | -------------------------------------------------------------------------------- /bin/gen_proto.sh: -------------------------------------------------------------------------------- 1 | 2 | # usage: sh 3 | # like: 4 | # cd to slime module dir, exec: sh bin/gen_proto.sh api/v1alpha1/*.proto 5 | # if in staging dir layout, exec: sh /bin/gen_proto.sh api/v1alpha1/*.proto 6 | 7 | # sudo apt install protobuf-compiler 8 | # GO111MODULE=off go get github.com/gogo/protobuf/proto 9 | 10 | GOPATH=${GOPATH:-$(go env GOPATH)} 11 | for f in "$@"; do 12 | d=$(dirname $f) 13 | protoc -I="$d" -I="$(dirname $0)/../framework" \ 14 | -I=$GOPATH/src -I=$GOPATH/src/github.com/gogo/protobuf/protobuf \ 15 | --gogo_opt=paths=source_relative \ 16 | --gogo_opt=Mgoogle/protobuf/duration.proto=github.com/gogo/protobuf/types \ 17 | --gogo_opt=Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types \ 18 | --gogo_opt=Mgoogle/protobuf/struct.proto=github.com/gogo/protobuf/types \ 19 | --gogo_out="$d" "$f" 20 | done 21 | -------------------------------------------------------------------------------- /bin/get_module_image.sh: -------------------------------------------------------------------------------- 1 | 2 | curl 'https://registry.hub.docker.com/v2/repositories/slimeio/slime-${MOD}/tags?page_size=${PAGE_SIZE:-1024}' | jq -r '."results"[]["name"]' 3 | -------------------------------------------------------------------------------- /bin/publish_bundle.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/bin/publish_bundle.sh -------------------------------------------------------------------------------- /bin/reset_to_remote.sh: -------------------------------------------------------------------------------- 1 | if [[ -z "$1" ]]; then 2 | exit 1 3 | fi 4 | 5 | git fetch "$1" && git reset --hard "$1/${2:-master}" 6 | -------------------------------------------------------------------------------- /boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Slime Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /boot/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/operator-framework/helm-operator:v1.10.0 2 | 3 | COPY watches.yaml ${HOME}/watches.yaml 4 | COPY helm-charts/ ${HOME}/helm-charts/ 5 | 6 | Entrypoint ["/usr/local/bin/helm-operator", "run", "--watches-file=./watches.yaml", "--reconcile-period=0"] 7 | 8 | -------------------------------------------------------------------------------- /boot/helm-charts/slimeboot/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /boot/helm-charts/slimeboot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: slimeboot 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 1.16.0 22 | -------------------------------------------------------------------------------- /boot/helm-charts/slimeboot/templates/NOTES.txt.bak: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "slimeboot.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "slimeboot.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "slimeboot.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "slimeboot.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /boot/helm-charts/slimeboot/templates/_helpers.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/boot/helm-charts/slimeboot/templates/_helpers.tpl -------------------------------------------------------------------------------- /boot/helm-charts/slimeboot/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for slime. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | #repository: docker.io/slimeio/slime 9 | pullPolicy: Always 10 | # Overrides the image tag whose default is the chart appVersion. 11 | #tag: preview-v0.0.1 12 | 13 | serviceAccount: 14 | # Specifies whether a service account should be created 15 | create: true 16 | 17 | podSecurityContext: {} 18 | 19 | containerSecurityContext: {} 20 | 21 | resources: 22 | limits: 23 | cpu: 1 24 | memory: 1Gi 25 | requests: 26 | cpu: 200m 27 | memory: 200Mi 28 | 29 | nodeSelector: {} 30 | 31 | tolerations: [] 32 | 33 | affinity: {} 34 | 35 | namespace: mesh-operator 36 | 37 | istioNamespace: istio-system 38 | 39 | service: 40 | type: ClusterIP 41 | port: 80 42 | auxiliaryPort: 8081 43 | logSourcePort: 8082 44 | mcpOverXdsPort: 16010 45 | 46 | volumeMounts: [] 47 | 48 | volumes: [] 49 | -------------------------------------------------------------------------------- /boot/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | mkdir -p ./helm-charts/slimeboot/templates/modules 4 | MODS=${MODS:-"lazyload limiter plugin"} 5 | for m in $MODS; do 6 | rm -rf "./helm-charts/slimeboot/templates/modules/$m" 7 | cp -r "../staging/src/slime.io/slime/modules/$m/charts/" "./helm-charts/slimeboot/templates/modules/$m" 8 | rm -rf "./helm-charts/slimeboot/templates/modules/$m/crds" 9 | done 10 | find ./helm-charts/slimeboot/templates/modules -type f | grep -v ".yaml" | xargs --no-run-if-empty rm -f 11 | for e in Chart.yaml values.yaml; do 12 | find ./helm-charts/slimeboot/templates/modules -type f -name "$e" -delete 13 | done 14 | 15 | export MOD=boot 16 | export ALL_ACTIONS="image image-push" 17 | 18 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 19 | ../bin/multiarch.sh "$@" 20 | else 21 | ../bin/publish.sh "$@" 22 | fi 23 | -------------------------------------------------------------------------------- /boot/watches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - version: v1alpha1 3 | group: config.netease.com 4 | kind: SlimeBoot 5 | chart: helm-charts/slimeboot 6 | -------------------------------------------------------------------------------- /build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal:latest 2 | 3 | ENV OPERATOR=/usr/local/bin/slime \ 4 | USER_UID=1001 \ 5 | USER_NAME=slime 6 | 7 | # install operator binary 8 | COPY build/_output/bin/slime ${OPERATOR} 9 | 10 | COPY build/bin /usr/local/bin 11 | RUN /usr/local/bin/user_setup 12 | 13 | ENTRYPOINT ["/usr/local/bin/entrypoint"] 14 | 15 | USER ${USER_UID} 16 | -------------------------------------------------------------------------------- /build/bin/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | exec ${OPERATOR} $@ 4 | -------------------------------------------------------------------------------- /build/bin/user_setup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -x 3 | 4 | # ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be) 5 | echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd 6 | mkdir -p ${HOME} 7 | chown ${USER_UID}:0 ${HOME} 8 | chmod ug+rwx ${HOME} 9 | 10 | # no need for this script to remain in the image after running 11 | rm $0 12 | -------------------------------------------------------------------------------- /doc/zh/feature-introduce/framework/TODO.md: -------------------------------------------------------------------------------- 1 | **该文档记录framework待完成的特性文档** 2 | 3 | - [ ] 模块设计特性文档 4 | - [ ] configStore特性文档 5 | - [ ] 模块生命周期特性文档 6 | - [ ] 日志特性文档 7 | - [ ] debug接口特性文档 -------------------------------------------------------------------------------- /doc/zh/feature-introduce/lazyload/TODO.md: -------------------------------------------------------------------------------- 1 | **该文档记录lazyload待完成的特性文档** 2 | 3 | - [ ] 自动懒加载特性文档 4 | - [X] autoport特性文档 5 | - [ ] 静态服务依赖特性文档 6 | - [X] http懒加载特性文档 7 | - [ ] 非k8s svc的workload特性 8 | - [X] [特征流量分派特性文档](./特征流量分派.md) 9 | - [X] [grcp服务懒加载特性文档](./grpc懒加载.md) 10 | - [ ] global-sidecar流量转发特性文档 -------------------------------------------------------------------------------- /doc/zh/feature-introduce/limiter/TODO.md: -------------------------------------------------------------------------------- 1 | **该文档记录limiter待完成的特性文档** 2 | 3 | - [x] 单机限流特性文档 4 | - [ ] 集群均分限流特性文档 5 | - [ ] 集群共享限流特性文档 6 | - [ ] 基于特征的限流特性文档 7 | - [ ] 自适应限流特性文档 8 | - [ ] outbound方向限流特性文档 9 | - [ ] 网格serviceEntry限流特性文档 10 | - [ ] 网关多维度限流特性文档 11 | - [ ] 网关host级别限流特性文档 12 | - [ ] 限流作用workload特性文档 -------------------------------------------------------------------------------- /doc/zh/feature-introduce/meshregistry/TODO.md: -------------------------------------------------------------------------------- 1 | **该文档记录meshregistry待完成的特性文档** 2 | 3 | - [ ] 对接nacos注册中心特性文档 4 | - [ ] 对接eureka注册中心特性文档 5 | - [ ] 对接zookeeper注册中心特性文档 6 | - [ ] 增量推送特性文档 7 | - [ ] debug接口特性文档 8 | - [ ] 动态配置更新特性文档 -------------------------------------------------------------------------------- /doc/zh/feature-introduce/plugin/TODO.md: -------------------------------------------------------------------------------- 1 | **该文档记录plugin待完成的特性文档** 2 | 3 | - [ ] envoyplugin特性文档 4 | - [ ] pluginmanager特性文档 5 | - [ ] wasmplugin特性文档 -------------------------------------------------------------------------------- /doc/zh/slime-build.md: -------------------------------------------------------------------------------- 1 | - [slime 镜像构建](#slime-镜像构建) 2 | - [子模块单独构建镜像](#子模块单独构建镜像) 3 | - [构建amd64镜像](#构建amd64镜像) 4 | - [构建多架构镜像](#构建多架构镜像) 5 | - [构建包含全部功能的slime镜像](#构建包含全部功能的slime镜像) 6 | - [构建amd64镜像](#构建amd64镜像-1) 7 | - [构建多架构镜像](#构建多架构镜像-1) 8 | 9 | # slime 镜像构建 10 | 11 | slime 支持子模块单独构建镜像,也支持构建一个包含全部功能的bundle镜像, 以下分两个部分介绍slime镜像构建 12 | 13 | **注意:为了支持多架构镜像,slime用buildx构建镜像, 所以需要所在机器支持`docker buildx`** 14 | 15 | ## 子模块单独构建镜像 16 | 17 | ### 构建amd64镜像 18 | 19 | 切换至子模块所在目录,如限流模块所在目录 `slime/staging/src/slime.io/slime/modules/limiter` 20 | 21 | note: 对于 global-sidecar, 需要切换至`slime/staging/src/slime.io/slime/modules/lazyload/cmd/proxy` 22 | 23 | 运行以下命令构建amd64镜像 24 | 25 | ```sh 26 | ./publish.sh build image 27 | ``` 28 | 29 | 运行以下命令构建arm64镜像 30 | 31 | ```sh 32 | TARGET_GOARCH=arm64 ./publish.sh build image 33 | ``` 34 | 35 | 以上命令中使用到了publish脚本,它提供了以下参数 `build`,`image`,`image-push`和`ALL` 36 | 37 | 1. build: 用于构建可执行文件 38 | 39 | 2. image: 用于在本地出镜像,可以修改`slime/bin/publish`中的默认的`hub`地址 40 | 41 | 3. image-push: 将镜像推送至镜像仓库 42 | 43 | 4. ALL: 以上三个个步骤的结合 44 | 45 | 如,构建镜像并推至默认厂库 46 | 47 | ```sh 48 | ./publish.sh build image image-push 49 | 50 | # 等同于 ./publish.sh ALL 51 | ``` 52 | 53 | ### 构建多架构镜像 54 | 55 | 切换至子模块所在目录,运行以下命令构建多架构镜像,默认hub地址在 `slime/bin/publish`中定义 56 | 57 | ```sh 58 | ./publish.sh publish amd64 arm64 59 | ``` 60 | 61 | ## 构建包含全部功能的slime镜像 62 | 63 | ### 构建amd64镜像 64 | 65 | 切换至 slime/staging/src/slime.io/slime/modules/bundle-all 目录, 运行以下命令构建bundle的amd64镜像 66 | 67 | ```sh 68 | ./publish.sh build image 69 | ``` 70 | 71 | ### 构建多架构镜像 72 | 73 | 切换至 slime/staging/src/slime.io/slime/modules/bundle-all 目录,运行以下命令构建多架构镜像 74 | 75 | ```sh 76 | ./publish.sh publish amd64 arm64 77 | ``` -------------------------------------------------------------------------------- /framework/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /framework/Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.13 as builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 19 | 20 | # Use distroless as minimal base image to package the manager binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/manager . 25 | USER nonroot:nonroot 26 | 27 | ENTRYPOINT ["/manager"] 28 | -------------------------------------------------------------------------------- /framework/apis/config/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group 2 | // +k8s:deepcopy-gen=package,register 3 | // +groupName=config.netease.com 4 | package v1alpha1 5 | -------------------------------------------------------------------------------- /framework/apis/config/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group 2 | // +k8s:deepcopy-gen=package,register 3 | // +groupName=config.netease.com 4 | package v1alpha1 5 | 6 | import ( 7 | "k8s.io/apimachinery/pkg/runtime/schema" 8 | "sigs.k8s.io/controller-runtime/pkg/scheme" 9 | ) 10 | 11 | var ( 12 | // SchemeGroupVersion is group version used to register these objects 13 | SchemeGroupVersion = schema.GroupVersion{Group: "config.netease.com", Version: "v1alpha1"} 14 | 15 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 16 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 17 | ) 18 | -------------------------------------------------------------------------------- /framework/apis/config/v1alpha1/slimeboot_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 4 | 5 | // +kubebuilder:resource:shortName=slb 6 | // +kubebuilder:subresource:status 7 | type SlimeBoot struct { 8 | metav1.TypeMeta `json:",inline,omitempty" yaml:",inline,omitempty"` 9 | metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` 10 | // +kubebuilder:pruning:PreserveUnknownFields 11 | Spec *SlimeBootSpec `json:"spec" yaml:"spec"` 12 | // +kubebuilder:pruning:PreserveUnknownFields 13 | Status *SlimeBootStatus `json:"status,omitempty" yaml:"status,omitempty"` 14 | } 15 | 16 | type SlimeBootList struct { 17 | metav1.TypeMeta `json:",inline"` 18 | metav1.ListMeta `json:"metadata,omitempty"` 19 | Items []SlimeBoot `json:"items"` 20 | } 21 | -------------------------------------------------------------------------------- /framework/bootstrap/adsc/adsc.go: -------------------------------------------------------------------------------- 1 | package adsc 2 | 3 | import ( 4 | discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" 5 | 6 | "slime.io/slime/framework/bootstrap/collections" 7 | ) 8 | 9 | func ConfigInitialRequests() []*discovery.DiscoveryRequest { 10 | out := make([]*discovery.DiscoveryRequest, 0, len(collections.Pilot.All())) 11 | for _, sch := range collections.Pilot.All() { 12 | out = append(out, &discovery.DiscoveryRequest{ 13 | TypeUrl: sch.String(), 14 | }) 15 | } 16 | return out 17 | } 18 | -------------------------------------------------------------------------------- /framework/bootstrap/collections/collections.go: -------------------------------------------------------------------------------- 1 | package collections 2 | 3 | import ( 4 | "reflect" 5 | 6 | "istio.io/libistio/pkg/config/schema/collection" 7 | "istio.io/libistio/pkg/config/schema/collections" 8 | "istio.io/libistio/pkg/config/schema/resource" 9 | "istio.io/libistio/pkg/config/validation" 10 | 11 | "slime.io/slime/framework/bootstrap/serviceregistry/model" 12 | ) 13 | 14 | var ( 15 | IstioServices = resource.Builder{ 16 | Identifier: "IstioService", 17 | Group: "networking.istio.io", 18 | Kind: "IstioService", 19 | Plural: "istioservices", 20 | Version: "v1alpha3", 21 | Proto: "", 22 | ReflectType: reflect.TypeOf(&model.Service{}).Elem(), 23 | ProtoPackage: "", 24 | ValidateProto: validation.EmptyValidate, 25 | }.MustBuild() 26 | 27 | IstioEndpoints = resource.Builder{ 28 | Group: "networking.istio.io", 29 | Kind: "IstioEndpoint", 30 | Plural: "istioendpoints", 31 | Version: "v1alpha3", 32 | Proto: "", 33 | ReflectType: reflect.TypeOf(&model.IstioEndpoint{}).Elem(), 34 | ProtoPackage: "", 35 | ValidateProto: validation.EmptyValidate, 36 | }.MustBuild() 37 | 38 | Istio = collection.NewSchemasBuilder(). 39 | MustAdd(IstioServices). 40 | MustAdd(IstioEndpoints). 41 | Build() 42 | 43 | Kube = collections.Kube 44 | Pilot = collections.Pilot 45 | ) 46 | -------------------------------------------------------------------------------- /framework/bootstrap/resource/context.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "encoding/json" 5 | 6 | "google.golang.org/protobuf/encoding/protojson" 7 | "google.golang.org/protobuf/types/known/structpb" 8 | ) 9 | 10 | // NodeMetadata defines the metadata associated with a proxy 11 | // Fields should not be assumed to exist on the proxy, especially newly added fields which will not exist 12 | // on older versions. 13 | // The JSON field names should never change, as they are needed for backward compatibility with older proxies 14 | type NodeMetadata struct { 15 | // IstioVersion specifies the Istio version associated with the proxy 16 | IstioVersion string `json:"ISTIO_VERSION,omitempty"` 17 | 18 | // IstioRevision specifies the Istio revision associated with the proxy. 19 | // Mostly used when istiod requests the upstream. 20 | IstioRevision string `json:"ISTIO_REVISION,omitempty"` 21 | 22 | // Labels specifies the set of workload instance (ex: k8s pod) labels associated with this node. 23 | Labels map[string]string `json:"LABELS,omitempty"` 24 | 25 | // Namespace is the namespace in which the workload instance is running. 26 | Namespace string `json:"NAMESPACE,omitempty"` 27 | 28 | // Generator indicates the client wants to use a custom Generator plugin. 29 | Generator string `json:"GENERATOR,omitempty"` 30 | } 31 | 32 | // ToStruct Converts this to a protobuf structure. This should be used only for debugging - performance is bad. 33 | func (m NodeMetadata) ToStruct() *structpb.Struct { 34 | j, err := json.Marshal(m) 35 | if err != nil { 36 | return nil 37 | } 38 | 39 | pbs := &structpb.Struct{} 40 | if err := protojson.Unmarshal(j, pbs); err != nil { 41 | return nil 42 | } 43 | 44 | return pbs 45 | } 46 | -------------------------------------------------------------------------------- /framework/bootstrap/resource/gvk.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "errors" 5 | "strings" 6 | 7 | "istio.io/libistio/pkg/config" 8 | "istio.io/libistio/pkg/config/schema/gvk" 9 | ) 10 | 11 | type ( 12 | GroupVersionKind = config.GroupVersionKind 13 | Config = config.Config 14 | Meta = config.Meta 15 | ) 16 | 17 | var ( 18 | ServiceEntry = gvk.ServiceEntry 19 | Service = gvk.Service 20 | Endpoints = gvk.Endpoints 21 | Pod = gvk.Pod 22 | ConfigMap = gvk.ConfigMap 23 | 24 | IstioService = GroupVersionKind{Group: "networking.istio.io", Version: "v1alpha3", Kind: "IstioService"} 25 | IstioEndpoint = GroupVersionKind{Group: "networking.istio.io", Version: "v1alpha3", Kind: "IstioEndpoint"} 26 | ) 27 | 28 | var ( 29 | EmptyGroupVersionKind = GroupVersionKind{} 30 | AllGroupVersionKind = EmptyGroupVersionKind 31 | ) 32 | 33 | func ParseGroupVersionKind(s string) (GroupVersionKind, error) { 34 | if s == "" { 35 | return EmptyGroupVersionKind, nil 36 | } 37 | 38 | parts := strings.SplitN(s, "/", 3) 39 | if len(parts) < 2 { 40 | return GroupVersionKind{}, errors.New("invalid value") 41 | } 42 | 43 | var ret GroupVersionKind 44 | 45 | switch len(parts) { 46 | case 3: 47 | ret.Group = parts[0] 48 | ret.Version = parts[1] 49 | ret.Kind = parts[2] 50 | case 2: 51 | ret.Group = "core" 52 | ret.Version = parts[0] 53 | ret.Kind = parts[1] 54 | default: 55 | return ret, errors.New("invalid value") 56 | } 57 | 58 | return ret, nil 59 | } 60 | -------------------------------------------------------------------------------- /framework/bootstrap/resource/schema.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "istio.io/libistio/pkg/config/schema/collection" 5 | ) 6 | 7 | type Schemas = collection.Schemas 8 | -------------------------------------------------------------------------------- /framework/bootstrap/serviceregistry/kube/endpoints.go: -------------------------------------------------------------------------------- 1 | package kube 2 | 3 | import ( 4 | corev1 "k8s.io/api/core/v1" 5 | 6 | "slime.io/slime/framework/bootstrap/serviceregistry/model" 7 | ) 8 | 9 | func buildIstioEndpoint(endpointAddress string, endpointPort int32, svcPortName, svcName, svcNamespace string, 10 | pod *corev1.Pod, hosts []model.Name, 11 | ) *model.IstioEndpoint { 12 | if pod == nil { 13 | return nil 14 | } 15 | 16 | return &model.IstioEndpoint{ 17 | Address: endpointAddress, 18 | EndpointPort: uint32(endpointPort), 19 | Hostnames: hosts, 20 | Labels: pod.Labels, 21 | ServicePortName: svcPortName, 22 | Namespace: svcNamespace, 23 | ServiceName: svcName, 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /framework/bootstrap/viewstore/viewstore.go: -------------------------------------------------------------------------------- 1 | package viewstore 2 | 3 | import "slime.io/slime/framework/bootstrap/resource" 4 | 5 | type ViewerStore interface { 6 | // Schemas exposes the configuration type schema known by the config store. 7 | Schemas() resource.Schemas 8 | // Get retrieves a configuration element by a type and a key 9 | Get(gvk resource.GroupVersionKind, name, namespace string) *resource.Config 10 | // List returns objects by type and namespace. 11 | // Use "" for the namespace to list across namespaces. 12 | List(gvk resource.GroupVersionKind, namespace string) ([]resource.Config, error) 13 | } 14 | -------------------------------------------------------------------------------- /framework/controllers/context.go: -------------------------------------------------------------------------------- 1 | /* 2 | * @Author: yangdihang 3 | * @Date: 2021/1/25 4 | */ 5 | 6 | package controllers 7 | 8 | import ( 9 | networkingapi "istio.io/api/networking/v1alpha3" 10 | 11 | "slime.io/slime/framework/util" 12 | ) 13 | 14 | // HostSubsetMapping You can query which subsets the Host contains, which is defined in the DestinationRule 15 | var HostSubsetMapping *util.SubcribeableMap[[]*networkingapi.Subset] 16 | 17 | // HostDestinationMapping You can query the back-end service of the host, which is defined in the VirtualService 18 | var HostDestinationMapping *util.SubcribeableMap[[]string] 19 | 20 | func init() { 21 | if HostSubsetMapping == nil { 22 | HostSubsetMapping = util.NewSubcribeableMap[[]*networkingapi.Subset]() 23 | } 24 | if HostDestinationMapping == nil { 25 | HostDestinationMapping = util.NewSubcribeableMap[[]string]() 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /framework/model/config.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "os" 5 | "regexp" 6 | 7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 8 | ) 9 | 10 | const IstioRevLabel = "istio.io/rev" 11 | 12 | var passthroughLabelPattern = regexp.MustCompile(os.Getenv("SLIME_PASS_LBL_REG")) 13 | 14 | func IstioRevFromLabel(l map[string]string) string { 15 | if l == nil { 16 | return "" 17 | } 18 | return l[IstioRevLabel] 19 | } 20 | 21 | func PatchIstioRevLabel(lbls *map[string]string, rev string) { 22 | if rev == "" { 23 | return 24 | } 25 | if *lbls == nil { 26 | *lbls = map[string]string{} 27 | } 28 | 29 | (*lbls)[IstioRevLabel] = rev 30 | } 31 | 32 | func PassthroughLabels(lbls *map[string]string, from map[string]string) { 33 | if passthroughLabelPattern.String() == "" { 34 | return 35 | } 36 | for k, v := range from { 37 | if !passthroughLabelPattern.MatchString(k) { 38 | continue 39 | } 40 | if *lbls == nil { 41 | *lbls = map[string]string{} 42 | } 43 | (*lbls)[k] = v 44 | } 45 | } 46 | 47 | func PatchObjectMeta(dst, src *metav1.ObjectMeta) { 48 | if src == nil { 49 | return 50 | } 51 | 52 | if dst == nil { 53 | *dst = metav1.ObjectMeta{} 54 | } 55 | 56 | PassthroughLabels(&dst.Labels, src.Labels) 57 | } 58 | -------------------------------------------------------------------------------- /framework/model/endpoints.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "sync" 5 | 6 | "k8s.io/apimachinery/pkg/types" 7 | ) 8 | 9 | type Endpoints struct { 10 | Location types.NamespacedName 11 | Info map[string]string 12 | Lock sync.RWMutex 13 | } 14 | -------------------------------------------------------------------------------- /framework/model/metric/config.go: -------------------------------------------------------------------------------- 1 | package metric 2 | 3 | import ( 4 | data_accesslog "github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v3" 5 | prometheus "github.com/prometheus/client_golang/api/prometheus/v1" 6 | prometheusModel "github.com/prometheus/common/model" 7 | 8 | "slime.io/slime/framework/model/trigger" 9 | ) 10 | 11 | type ProducerConfig struct { 12 | EnablePrometheusSource bool 13 | PrometheusSourceConfig PrometheusSourceConfig 14 | AccessLogSourceConfig AccessLogSourceConfig 15 | EnableMockSource bool 16 | EnableWatcherProducer bool 17 | WatcherProducerConfig WatcherProducerConfig 18 | EnableTickerProducer bool 19 | TickerProducerConfig TickerProducerConfig 20 | StopChan <-chan struct{} 21 | } 22 | 23 | type WatcherProducerConfig struct { 24 | Name string 25 | NeedUpdateMetricHandler func(event trigger.WatcherEvent) QueryMap 26 | MetricChan chan Metric 27 | WatcherTriggerConfig trigger.WatcherTriggerConfig 28 | } 29 | 30 | type TickerProducerConfig struct { 31 | Name string 32 | NeedUpdateMetricHandler func(event trigger.TickerEvent) QueryMap 33 | MetricChan chan Metric 34 | TickerTriggerConfig trigger.TickerTriggerConfig 35 | } 36 | 37 | type PrometheusSourceConfig struct { 38 | Api prometheus.API 39 | Convertor func(queryValue prometheusModel.Value) map[string]string 40 | } 41 | 42 | type AccessLogSourceConfig struct { 43 | ServePort string 44 | AccessLogConvertorConfigs []AccessLogConvertorConfig 45 | } 46 | 47 | type AccessLogConvertorConfig struct { 48 | Name string // handler name 49 | Handler func(logEntry []*data_accesslog.HTTPAccessLogEntry) (map[string]map[string]string, error) 50 | } 51 | -------------------------------------------------------------------------------- /framework/model/metric/mock_source.go: -------------------------------------------------------------------------------- 1 | package metric 2 | 3 | type MockSource struct{} 4 | 5 | func NewMockSource() *MockSource { 6 | return &MockSource{} 7 | } 8 | 9 | func (s *MockSource) Start() error { 10 | return nil 11 | } 12 | 13 | func (s *MockSource) QueryMetric(queryMap QueryMap) (Metric, error) { 14 | metric := make(map[string][]Result) 15 | for metaInfo := range queryMap { 16 | metric[metaInfo] = []Result{} 17 | } 18 | return metric, nil 19 | } 20 | 21 | func (s *MockSource) Reset(_ string) error { 22 | return nil 23 | } 24 | 25 | func (s *MockSource) Fullfill(_ map[string]map[string]string) error { 26 | return nil 27 | } 28 | -------------------------------------------------------------------------------- /framework/model/metric/model.go: -------------------------------------------------------------------------------- 1 | package metric 2 | 3 | type QueryMap map[string][]Handler 4 | 5 | type Handler struct { 6 | Name string 7 | Query string 8 | } 9 | 10 | type Metric map[string][]Result 11 | 12 | type Result struct { 13 | Name string 14 | Value map[string]string 15 | } 16 | 17 | type Source interface { 18 | QueryMetric(queryMap QueryMap) (Metric, error) 19 | Start() error 20 | Reset(info string) error 21 | Fullfill(map[string]map[string]string) error 22 | } 23 | -------------------------------------------------------------------------------- /framework/model/metric/producer.go: -------------------------------------------------------------------------------- 1 | package metric 2 | 3 | import log "github.com/sirupsen/logrus" 4 | 5 | func NewProducer(config *ProducerConfig, source Source) { 6 | var wp *WatcherProducer 7 | var tp *TickerProducer 8 | 9 | if config.EnableWatcherProducer { 10 | log.Debugf("lazyload: watch producer begin") 11 | wp = NewWatcherProducer(config.WatcherProducerConfig, source) 12 | wp.Start() 13 | go wp.HandleWatcherEvent() 14 | } 15 | 16 | if config.EnableTickerProducer { 17 | log.Debugf("lazyload: ticker producer begin") 18 | tp = NewTickerProducer(config.TickerProducerConfig, source) 19 | tp.Start() 20 | go tp.HandleTickerEvent() 21 | } 22 | 23 | // stop producers 24 | go func() { 25 | <-config.StopChan 26 | if config.EnableWatcherProducer { 27 | wp.Stop() 28 | } 29 | if config.EnableTickerProducer { 30 | tp.Stop() 31 | } 32 | log.Infof("all producers stopped") 33 | }() 34 | } 35 | 36 | func NewSource(config *ProducerConfig) Source { 37 | // init source 38 | var source Source 39 | switch { 40 | case config.EnablePrometheusSource: 41 | source = NewPrometheusSource(config.PrometheusSourceConfig) 42 | case config.EnableMockSource: 43 | source = NewMockSource() 44 | default: 45 | source = NewAccessLogSource(config.AccessLogSourceConfig) 46 | } 47 | return source 48 | } 49 | -------------------------------------------------------------------------------- /framework/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | const ( 4 | LogFieldKeyModule = "module" 5 | LogFieldKeyPkg = "pkg" 6 | LogFieldKeyFunction = "func" 7 | LogFieldKeyResource = "resource" 8 | ) 9 | -------------------------------------------------------------------------------- /framework/model/source/aggregate/source.go: -------------------------------------------------------------------------------- 1 | package aggregate 2 | 3 | import ( 4 | "k8s.io/apimachinery/pkg/types" 5 | 6 | "slime.io/slime/framework/model/source" 7 | ) 8 | 9 | type Source struct { 10 | Sources []source.Source 11 | } 12 | 13 | func (s *Source) Start(stop <-chan struct{}) { 14 | for _, v := range s.Sources { 15 | v.Start(stop) 16 | } 17 | } 18 | 19 | func (s *Source) WatchAdd(meta types.NamespacedName) { 20 | for _, v := range s.Sources { 21 | v.WatchAdd(meta) 22 | } 23 | } 24 | 25 | func (s *Source) WatchRemove(meta types.NamespacedName) { 26 | for _, v := range s.Sources { 27 | v.WatchRemove(meta) 28 | } 29 | } 30 | 31 | func (s *Source) Get(meta types.NamespacedName) map[string]string { 32 | aggregateMap := make(map[string]string) 33 | for _, v := range s.Sources { 34 | for k, v := range v.Get(meta) { 35 | aggregateMap[k] = v 36 | } 37 | } 38 | return aggregateMap 39 | } 40 | 41 | func (s *Source) AppendSource(src source.Source) { 42 | s.Sources = append(s.Sources, src) 43 | } 44 | -------------------------------------------------------------------------------- /framework/model/source/k8s/test/test.json: -------------------------------------------------------------------------------- 1 | { 2 | "limiter": { 3 | "enable": true, 4 | "backend": 1 5 | }, 6 | "fence": { 7 | "enable": false 8 | }, 9 | "plugin": { 10 | "enable": false, 11 | "local": { 12 | "mount": "/tmp/envoy" 13 | } 14 | }, 15 | "global": { 16 | "service": "app", 17 | "istioNamespace": "istio-system", 18 | "slimeNamespace": "mesh-operator" 19 | }, 20 | "metric": { 21 | "prometheus": { 22 | "address": "http://localhost:9090", 23 | "handlers": { 24 | "cpu.sum": { 25 | "type": "Group", 26 | "query": "sum(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod=~\"$pod_name\",image=\"\"})" 27 | } 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /framework/model/source/source.go: -------------------------------------------------------------------------------- 1 | /* 2 | * @Author: yangdihang 3 | * @Date: 2020/10/13 4 | */ 5 | 6 | package source 7 | 8 | import "k8s.io/apimachinery/pkg/types" 9 | 10 | type Source interface { 11 | Start(stop <-chan struct{}) 12 | WatchAdd(meta types.NamespacedName) 13 | WatchRemove(meta types.NamespacedName) 14 | Get(meta types.NamespacedName) map[string]string 15 | } 16 | 17 | type EventType uint32 18 | 19 | const ( 20 | Add EventType = iota 21 | Delete 22 | Update 23 | ) 24 | 25 | type Event struct { 26 | EventType 27 | Loc types.NamespacedName 28 | Info map[string]string 29 | } 30 | -------------------------------------------------------------------------------- /framework/test/e2e/framework/log/logger.go: -------------------------------------------------------------------------------- 1 | package log 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | 7 | "github.com/onsi/ginkgo" 8 | ) 9 | 10 | func nowStamp() string { 11 | return time.Now().Format(time.StampMilli) 12 | } 13 | 14 | func log(level string, format string, args ...interface{}) { 15 | fmt.Fprintf(ginkgo.GinkgoWriter, nowStamp()+": "+level+": "+format+"\n", args...) 16 | } 17 | 18 | // Logf logs the info. 19 | func Logf(format string, args ...interface{}) { 20 | log("INFO", format, args...) 21 | } 22 | -------------------------------------------------------------------------------- /framework/test/util/util.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "bytes" 5 | "os" 6 | 7 | "k8s.io/apimachinery/pkg/runtime" 8 | "k8s.io/apimachinery/pkg/runtime/serializer" 9 | "sigs.k8s.io/controller-runtime/pkg/client" 10 | "sigs.k8s.io/yaml" 11 | ) 12 | 13 | func LoadYamlObjects(scheme *runtime.Scheme, path string) ([]client.Object, error) { 14 | codecs := serializer.NewCodecFactory(scheme) 15 | 16 | data, err := os.ReadFile(path) 17 | if err != nil { 18 | return nil, err 19 | } 20 | items := bytes.Split(data, []byte("---\n")) 21 | objs := make([]client.Object, 0, len(items)) 22 | for _, item := range items { 23 | item = bytes.TrimSpace(item) 24 | if len(item) == 0 { 25 | continue 26 | } 27 | obj, _, err := codecs.UniversalDeserializer().Decode(item, nil, nil) 28 | if err != nil { 29 | return nil, err 30 | } 31 | objs = append(objs, obj.(client.Object)) 32 | } 33 | return objs, nil 34 | } 35 | 36 | func LoadYamlTestData[T any](receiver *T, path string) error { 37 | data, err := os.ReadFile(path) 38 | if err != nil { 39 | return err 40 | } 41 | return yaml.Unmarshal(data, receiver) 42 | } 43 | -------------------------------------------------------------------------------- /framework/util/error.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | type Error struct { 4 | M string 5 | } 6 | 7 | func (e Error) Error() string { 8 | return e.M 9 | } 10 | -------------------------------------------------------------------------------- /framework/util/set.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | type Set[V comparable] map[V]struct{} 4 | 5 | func NewSet[V comparable]() Set[V] { 6 | return make(Set[V]) 7 | } 8 | 9 | func (s Set[V]) Insert(v V) { 10 | s[v] = struct{}{} 11 | } 12 | 13 | func (s Set[V]) Remove(v V) { 14 | delete(s, v) 15 | } 16 | 17 | func (s Set[V]) Contains(v V) bool { 18 | _, ok := s[v] 19 | return ok 20 | } 21 | 22 | func (s Set[V]) Len() int { 23 | return len(s) 24 | } 25 | -------------------------------------------------------------------------------- /framework/util/stack.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | type Queue interface { 4 | Pop() interface{} 5 | Push(interface{}) 6 | Peek() interface{} 7 | Length() int 8 | } 9 | 10 | type FILOStack struct { 11 | slice []interface{} 12 | } 13 | 14 | func (s *FILOStack) Length() int { 15 | return len(s.slice) 16 | } 17 | 18 | func NewFILOStack() *FILOStack { 19 | return &FILOStack{ 20 | slice: make([]interface{}, 0), 21 | } 22 | } 23 | 24 | func (s *FILOStack) Pop() interface{} { 25 | if len(s.slice) == 0 { 26 | return nil 27 | } 28 | r := s.slice[len(s.slice)-1] 29 | s.slice = s.slice[:len(s.slice)-1] 30 | return r 31 | } 32 | 33 | func (s *FILOStack) Push(e interface{}) { 34 | s.slice = append(s.slice, e) 35 | } 36 | 37 | func (s *FILOStack) Peek() interface{} { 38 | if len(s.slice) == 0 { 39 | return nil 40 | } 41 | r := s.slice[len(s.slice)-1] 42 | return r 43 | } 44 | 45 | type FIFOStack struct { 46 | slice []interface{} 47 | } 48 | 49 | func (s *FIFOStack) Length() int { 50 | return len(s.slice) 51 | } 52 | 53 | func NewFIFOStack() *FIFOStack { 54 | return &FIFOStack{ 55 | slice: make([]interface{}, 0), 56 | } 57 | } 58 | 59 | func (s *FIFOStack) Pop() interface{} { 60 | if len(s.slice) == 0 { 61 | return nil 62 | } 63 | r := s.slice[len(s.slice)-1] 64 | s.slice = s.slice[:len(s.slice)-1] 65 | return r 66 | } 67 | 68 | func (s *FIFOStack) Push(e interface{}) { 69 | s.slice = append(s.slice, e) 70 | } 71 | 72 | func (s *FIFOStack) Peek() interface{} { 73 | if len(s.slice) == 0 { 74 | return nil 75 | } 76 | r := s.slice[len(s.slice)-1] 77 | return r 78 | } 79 | -------------------------------------------------------------------------------- /framework/util/util.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "flag" 5 | "strings" 6 | ) 7 | 8 | const ( 9 | slimeLogLevel = "info" 10 | slimeKLogLevel = 5 11 | slimeDefaultILogLevel = "info" 12 | slimeDefaultScopeName = "default" 13 | ) 14 | 15 | var fs *flag.FlagSet 16 | 17 | // K8S operation 18 | func IsK8SService(host string) (string, string, bool) { 19 | ss := strings.Split(host, ".") 20 | if len(ss) != 2 && len(ss) != 5 { 21 | return "", "", false 22 | } 23 | return ss[0], ss[1], true 24 | } 25 | 26 | func UnityHost(host string, namespace string) string { 27 | if len(strings.Split(host, ".")) == 1 { 28 | return host + "." + namespace + WellknownK8sSuffix 29 | } 30 | svc, ns, ok := IsK8SService(host) 31 | if !ok { 32 | return host 33 | } 34 | return svc + "." + ns + WellknownK8sSuffix 35 | } 36 | -------------------------------------------------------------------------------- /framework/util/util_test.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "reflect" 5 | "testing" 6 | ) 7 | 8 | func TestMapToMapInterface(t *testing.T) { 9 | ssMap := map[string]string{ 10 | "a.b.c0": "d0", 11 | "a.b.c1": "d1", 12 | "c2": "d2", 13 | } 14 | iMap := MapToMapInterface(ssMap) 15 | expected := map[string]interface{}{ 16 | "a": map[string]interface{}{ 17 | "b": map[string]interface{}{ 18 | "c0": "d0", 19 | "c1": "d1", 20 | }, 21 | }, 22 | "c2": "d2", 23 | } 24 | if !reflect.DeepEqual(iMap, expected) { 25 | t.Fatalf("expected: %v, but got %v", expected, iMap) 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /install/config/reviews-destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: reviews 5 | spec: 6 | host: reviews 7 | trafficPolicy: 8 | loadBalancer: 9 | simple: RANDOM 10 | subsets: 11 | - name: v1 12 | labels: 13 | version: v1 14 | - name: v2 15 | labels: 16 | version: v2 17 | - name: v3 18 | labels: 19 | version: v3 -------------------------------------------------------------------------------- /media/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/arch.png -------------------------------------------------------------------------------- /media/policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/policy.png -------------------------------------------------------------------------------- /media/policy_zh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/policy_zh.png -------------------------------------------------------------------------------- /media/slime-arch-v2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/slime-arch-v2.png -------------------------------------------------------------------------------- /media/slime-arch-v3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/slime-arch-v3.png -------------------------------------------------------------------------------- /media/slime-qq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/slime-qq.png -------------------------------------------------------------------------------- /media/slime_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/media/slime_logo.png -------------------------------------------------------------------------------- /modules/example/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | FROM ubuntu:focal 4 | WORKDIR / 5 | COPY manager.exe ./manager 6 | 7 | ENTRYPOINT ["/manager"] 8 | -------------------------------------------------------------------------------- /modules/example/PROJECT: -------------------------------------------------------------------------------- 1 | domain: slime.io 2 | layout: 3 | - go.kubebuilder.io/v3 4 | projectName: example 5 | repo: slime.io/slime/modules/example 6 | resources: 7 | - api: 8 | crdVersion: v1alpha1 9 | namespaced: true 10 | controller: true 11 | domain: slime.io 12 | group: microservice 13 | kind: Example 14 | path: slime.io/slime/modules/example/api/v1alpha1 15 | version: v1alpha1 16 | version: "3" 17 | -------------------------------------------------------------------------------- /modules/example/README.md: -------------------------------------------------------------------------------- 1 | # Slime Example Modules 2 | -------------------------------------------------------------------------------- /modules/example/api/config/example_module.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | package slime.microservice.example.config; 3 | 4 | option go_package = "slime.io/slime/modules/example/api/config"; 5 | 6 | 7 | // Example config of example module 8 | message Example { 9 | string foo = 1; 10 | } 11 | -------------------------------------------------------------------------------- /modules/example/api/config/example_module_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using Example within kubernetes types, where deepcopy-gen is used. 9 | func (in *Example) DeepCopyInto(out *Example) { 10 | p := proto.Clone(in).(*Example) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Example. Required by controller-gen. 15 | func (in *Example) DeepCopy() *Example { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(Example) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Example. Required by controller-gen. 25 | func (in *Example) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | -------------------------------------------------------------------------------- /modules/example/api/config/example_module_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Example 10 | func (this *Example) MarshalJSON() ([]byte, error) { 11 | str, err := ExampleModuleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Example 16 | func (this *Example) UnmarshalJSON(b []byte) error { 17 | return ExampleModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | ExampleModuleMarshaler = &jsonpb.Marshaler{} 22 | ExampleModuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /modules/example/api/v1alpha1/example.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | package slime.microservice.example.v1alpha1; 3 | 4 | option go_package = "slime.io/slime/modules/example/api/v1alpha1"; 5 | 6 | 7 | // ExampleSpec defines the desired state of Example 8 | message ExampleSpec { 9 | // Foo is an example field of Example. 10 | string foo = 1; 11 | 12 | // Foo2 is an example field of Example. 13 | string foo2 = 2; 14 | } 15 | 16 | // ExampleStatus defines the observed state of Example 17 | message ExampleStatus { 18 | // Bar is an example field of ExampleStatus. 19 | string bar = 1; 20 | } 21 | -------------------------------------------------------------------------------- /modules/example/api/v1alpha1/example_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for ExampleSpec 10 | func (this *ExampleSpec) MarshalJSON() ([]byte, error) { 11 | str, err := ExampleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for ExampleSpec 16 | func (this *ExampleSpec) UnmarshalJSON(b []byte) error { 17 | return ExampleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for ExampleStatus 21 | func (this *ExampleStatus) MarshalJSON() ([]byte, error) { 22 | str, err := ExampleMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for ExampleStatus 27 | func (this *ExampleStatus) UnmarshalJSON(b []byte) error { 28 | return ExampleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | ExampleMarshaler = &jsonpb.Marshaler{} 33 | ExampleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /modules/example/api/v1alpha1/example_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | //+kubebuilder:object:root=true 8 | //+kubebuilder:subresource:status 9 | 10 | // Example is the Schema for the examples API 11 | type Example struct { 12 | metav1.TypeMeta `json:",inline"` 13 | metav1.ObjectMeta `json:"metadata,omitempty"` 14 | 15 | Spec ExampleSpec `json:"spec,omitempty"` 16 | Status ExampleStatus `json:"status,omitempty"` 17 | } 18 | 19 | //+kubebuilder:object:root=true 20 | 21 | // ExampleList contains a list of Example 22 | type ExampleList struct { 23 | metav1.TypeMeta `json:",inline"` 24 | metav1.ListMeta `json:"metadata,omitempty"` 25 | Items []Example `json:"items"` 26 | } 27 | 28 | func init() { 29 | SchemeBuilder.Register(&Example{}, &ExampleList{}) 30 | } 31 | -------------------------------------------------------------------------------- /modules/example/api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Package v1alpha1 contains API Schema definitions for the microservice v1alpha1 API group 2 | // +kubebuilder:object:generate=true 3 | // +groupName=microservice.slime.io 4 | package v1alpha1 5 | 6 | import ( 7 | "k8s.io/apimachinery/pkg/runtime/schema" 8 | "sigs.k8s.io/controller-runtime/pkg/scheme" 9 | ) 10 | 11 | var ( 12 | // GroupVersion is group version used to register these objects 13 | GroupVersion = schema.GroupVersion{Group: "microservice.slime.io", Version: "v1alpha1"} 14 | 15 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 16 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 17 | 18 | // AddToScheme adds the types in this group-version to the given scheme. 19 | AddToScheme = SchemeBuilder.AddToScheme 20 | ) 21 | -------------------------------------------------------------------------------- /modules/example/charts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/modules/example/charts/values.yaml -------------------------------------------------------------------------------- /modules/example/controllers/example_controller.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "context" 5 | 6 | "k8s.io/apimachinery/pkg/runtime" 7 | ctrl "sigs.k8s.io/controller-runtime" 8 | "sigs.k8s.io/controller-runtime/pkg/client" 9 | 10 | "slime.io/slime/framework/bootstrap" 11 | "slime.io/slime/modules/example/api/config" 12 | examplev1alpha1 "slime.io/slime/modules/example/api/v1alpha1" 13 | ) 14 | 15 | // ExampleReconciler reconciles a ... object 16 | type ExampleReconciler struct { 17 | Cfg *config.Example 18 | client.Client 19 | Scheme *runtime.Scheme 20 | Env *bootstrap.Environment 21 | } 22 | 23 | func (r *ExampleReconciler) Reconcile(_ context.Context, _ ctrl.Request) (ctrl.Result, error) { 24 | return ctrl.Result{}, nil 25 | } 26 | 27 | func (r *ExampleReconciler) SetupWithManager(mgr ctrl.Manager) error { 28 | return ctrl.NewControllerManagedBy(mgr). 29 | For(&examplev1alpha1.Example{}). 30 | Complete(r) 31 | } 32 | -------------------------------------------------------------------------------- /modules/example/install/samples/slimeboot_example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.netease.com/v1alpha1 2 | kind: SlimeBoot 3 | metadata: 4 | name: example 5 | namespace: mesh-operator 6 | spec: 7 | image: 8 | pullPolicy: Always 9 | repository: docker.io/slimeio/slime-example 10 | tag: latest 11 | module: 12 | - name: example 13 | kind: example 14 | enable: true 15 | -------------------------------------------------------------------------------- /modules/example/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | "slime.io/slime/modules/example/model" 22 | modmodule "slime.io/slime/modules/example/module" 23 | ) 24 | 25 | func main() { 26 | module.Main(model.ModuleName, []module.Module{&modmodule.Module{}}) 27 | } 28 | -------------------------------------------------------------------------------- /modules/example/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | ) 8 | 9 | const ModuleName = "example" 10 | 11 | var ModuleLog = logrus.WithField(frameworkmodel.LogFieldKeyModule, ModuleName) 12 | -------------------------------------------------------------------------------- /modules/example/module/module.go: -------------------------------------------------------------------------------- 1 | package module 2 | 3 | import ( 4 | "google.golang.org/protobuf/proto" 5 | networkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" 6 | "k8s.io/apimachinery/pkg/runtime" 7 | clientgoscheme "k8s.io/client-go/kubernetes/scheme" 8 | 9 | "slime.io/slime/framework/model/module" 10 | "slime.io/slime/modules/example/api/config" 11 | v1alpha1 "slime.io/slime/modules/example/api/v1alpha1" 12 | "slime.io/slime/modules/example/controllers" 13 | "slime.io/slime/modules/example/model" 14 | ) 15 | 16 | var log = model.ModuleLog 17 | 18 | type Module struct { 19 | config config.Example 20 | } 21 | 22 | func (mo *Module) Setup(opts module.ModuleOptions) error { 23 | env := opts.Env 24 | mgr := opts.Manager 25 | cfg := &mo.config 26 | 27 | var err error 28 | if err = (&controllers.ExampleReconciler{ 29 | Cfg: cfg, Env: &env, Scheme: mgr.GetScheme(), Client: mgr.GetClient(), 30 | }).SetupWithManager(mgr); err != nil { 31 | log.Errorf("unable to create example controller, %+v", err) 32 | return err 33 | } 34 | return nil 35 | } 36 | 37 | func (mo *Module) Kind() string { 38 | return model.ModuleName 39 | } 40 | 41 | func (mo *Module) Config() proto.Message { 42 | return &mo.config 43 | } 44 | 45 | func (mo *Module) InitScheme(scheme *runtime.Scheme) error { 46 | for _, f := range []func(*runtime.Scheme) error{ 47 | clientgoscheme.AddToScheme, 48 | v1alpha1.AddToScheme, 49 | networkingv1alpha3.AddToScheme, 50 | } { 51 | if err := f(scheme); err != nil { 52 | return err 53 | } 54 | } 55 | return nil 56 | } 57 | 58 | func (mo *Module) Clone() module.Module { 59 | ret := *mo 60 | return &ret 61 | } 62 | -------------------------------------------------------------------------------- /modules/example/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | source *.env.sh 2>/dev/null 4 | export MOD=example 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-all/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-all/README.md: -------------------------------------------------------------------------------- 1 | `bundle`聚合了`lazyload` `limiter` `plugin` `meshregistry`四个子模块 2 | 3 | 部署一个bundle deploy,即可具备当前slime全部能力,部署样例可参考 [slime-boot](../../../../../../doc/zh/slime-boot.md) -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-all/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | lazyloadmod "slime.io/slime/modules/lazyload/module" 22 | limitermod "slime.io/slime/modules/limiter/module" 23 | meshregistrymod "slime.io/slime/modules/meshregistry/module" 24 | pluginmod "slime.io/slime/modules/plugin/module" 25 | ) 26 | 27 | func main() { 28 | module.Main("bundle-all", []module.Module{ 29 | &lazyloadmod.Module{}, 30 | &limitermod.Module{}, 31 | &pluginmod.Module{}, 32 | &meshregistrymod.Module{}, 33 | }) 34 | } 35 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-all/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=bundle-all 4 | 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-hango/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-hango/README.md: -------------------------------------------------------------------------------- 1 | ## 背景 2 | `hango`目前使用了`slime`的`plugin`和`limiter`模块,本文档提供`hango`场景下`slime`的部署方式 3 | 4 | ## 安装 5 | 6 | 1. 安装`slime`组件前,需要安装相关`CRD 7 | 8 | 需要用户手动 apply [v1版本](install/crds-v1.yaml) 或者 [v1beta1版本](install/crds-v1beta1.yaml) 版本的`CRD` 9 | 10 | **注意**: 11 | 12 | k8s version >= v1.22,只支持`apiextensions.k8s.io/v1`版本的`CRD`,不再支持`apiextensions.k8s.io/v1beta1`版本`CRD`,详见[k8s官方文档](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#customresourcedefinition-v122) 13 | 14 | 1.16 <= k8s version < v1.22 两个版本选其一 15 | 16 | 2. 安装`slime`组件,使用[deployment](install/slime-hango.yaml) 17 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-hango/install/crds-v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: smartlimiters.microservice.slime.io 5 | spec: 6 | group: microservice.slime.io 7 | names: 8 | kind: SmartLimiter 9 | listKind: SmartLimiterList 10 | plural: smartlimiters 11 | singular: smartlimiter 12 | scope: Namespaced 13 | subresources: 14 | status: {} 15 | version: v1alpha2 16 | versions: 17 | - name: v1alpha2 18 | served: true 19 | storage: true 20 | --- 21 | apiVersion: apiextensions.k8s.io/v1beta1 22 | kind: CustomResourceDefinition 23 | metadata: 24 | name: envoyplugins.microservice.slime.io 25 | spec: 26 | group: microservice.slime.io 27 | names: 28 | shortNames: 29 | - evp 30 | kind: EnvoyPlugin 31 | listKind: EnvoyPluginList 32 | plural: envoyplugins 33 | singular: envoyplugin 34 | scope: Namespaced 35 | versions: 36 | - name: v1alpha1 37 | served: true 38 | storage: true 39 | --- 40 | apiVersion: apiextensions.k8s.io/v1beta1 41 | kind: CustomResourceDefinition 42 | metadata: 43 | name: pluginmanagers.microservice.slime.io 44 | spec: 45 | group: microservice.slime.io 46 | names: 47 | shortNames: 48 | - plm 49 | kind: PluginManager 50 | listKind: PluginManagerList 51 | plural: pluginmanagers 52 | singular: pluginmanager 53 | scope: Namespaced 54 | versions: 55 | - name: v1alpha1 56 | served: true 57 | storage: true -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-hango/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | limitermod "slime.io/slime/modules/limiter/module" 22 | meshregistrymod "slime.io/slime/modules/meshregistry/module" 23 | pluginmod "slime.io/slime/modules/plugin/module" 24 | ) 25 | 26 | func main() { 27 | module.Main("bundle-hango", []module.Module{ 28 | &limitermod.Module{}, 29 | &pluginmod.Module{}, 30 | &meshregistrymod.Module{}, 31 | }) 32 | } 33 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/bundle-hango/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=bundle-hango 4 | 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/PROJECT: -------------------------------------------------------------------------------- 1 | domain: my.domain 2 | repo: slime.io/slime 3 | resources: 4 | - group: microservice.slime.io 5 | kind: Servicefence 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/api/config/fence_module_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Fence 10 | func (this *Fence) MarshalJSON() ([]byte, error) { 11 | str, err := FenceModuleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Fence 16 | func (this *Fence) UnmarshalJSON(b []byte) error { 17 | return FenceModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for Dispatch 21 | func (this *Dispatch) MarshalJSON() ([]byte, error) { 22 | str, err := FenceModuleMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for Dispatch 27 | func (this *Dispatch) UnmarshalJSON(b []byte) error { 28 | return FenceModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for DomainAlias 32 | func (this *DomainAlias) MarshalJSON() ([]byte, error) { 33 | str, err := FenceModuleMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for DomainAlias 38 | func (this *DomainAlias) UnmarshalJSON(b []byte) error { 39 | return FenceModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | var ( 43 | FenceModuleMarshaler = &jsonpb.Marshaler{} 44 | FenceModuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 45 | ) 46 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the microservice.slime.io v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=microservice.slime.io 20 | package v1alpha1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "microservice.slime.io", Version: "v1alpha1"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/api/v1alpha1/servicefence_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 8 | 9 | // ServiceFence is the Schema for the servicefences API 10 | // +kubebuilder:subresource:status 11 | // +kubebuilder:resource:path=servicefences,scope=Namespaced 12 | type ServiceFence struct { 13 | metav1.TypeMeta `json:",inline"` 14 | metav1.ObjectMeta `json:"metadata,omitempty"` 15 | 16 | Spec ServiceFenceSpec `json:"spec,omitempty"` 17 | Status ServiceFenceStatus `json:"status,omitempty"` 18 | } 19 | 20 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 21 | 22 | // ServiceFenceList contains a list of ServiceFence 23 | type ServiceFenceList struct { 24 | metav1.TypeMeta `json:",inline"` 25 | metav1.ListMeta `json:"metadata,omitempty"` 26 | Items []ServiceFence `json:"items"` 27 | } 28 | 29 | func init() { 30 | SchemeBuilder.Register(&ServiceFence{}, &ServiceFenceList{}) 31 | } 32 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/charts/charts.go: -------------------------------------------------------------------------------- 1 | package charts 2 | 3 | import ( 4 | "embed" 5 | ) 6 | 7 | const GlobalSidecar = "global-sidecar" 8 | 9 | //go:embed global-sidecar 10 | var GlobalSidecarFS embed.FS 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/charts/global-sidecar/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 0.1.0 3 | name: global-sidecar 4 | type: application -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/charts/global-sidecar/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: mesh-operator 2 | istioNamespace: istio-system 3 | 4 | service: 5 | logSourcePort: 8082 6 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/cmd/envoyproxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM envoyproxy/envoy:v1.26-latest 2 | 3 | WORKDIR / 4 | 5 | COPY proxy.yaml . 6 | 7 | ENTRYPOINT ["envoy","-c","./proxy.yaml"] 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/cmd/proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | 8 | COPY manager.exe ./proxy-app 9 | 10 | ENTRYPOINT ["/proxy-app"] 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/cmd/proxy/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=global-sidecar 4 | 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../../../bin/publish.sh "$@" 9 | fi -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for 4 | # breaking changes 5 | apiVersion: cert-manager.io/v1alpha2 6 | kind: Issuer 7 | metadata: 8 | name: selfsigned-issuer 9 | namespace: system 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1alpha2 14 | kind: Certificate 15 | metadata: 16 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 17 | namespace: system 18 | spec: 19 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 20 | dnsNames: 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 22 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 23 | issuerRef: 24 | kind: Issuer 25 | name: selfsigned-issuer 26 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 27 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/microservice.slime.io_servicefences.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | #- patches/webhook_in_servicefences.yaml 12 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 13 | 14 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 15 | # patches here are for enabling the CA injection for each CRD 16 | #- patches/cainjection_in_servicefences.yaml 17 | # +kubebuilder:scaffold:crdkustomizecainjectionpatch 18 | 19 | # the following config is for teaching kustomize how to do kustomization for CRDs. 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/crd/patches/cainjection_in_servicefences.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: servicefences.microservice.slime.io 9 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/crd/patches/webhook_in_servicefences.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: servicefences.microservice.slime.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/servicefence_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit servicefences. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: servicefence-editor-role 6 | rules: 7 | - apiGroups: 8 | - microservice.slime.io 9 | resources: 10 | - servicefences 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - microservice.slime.io 21 | resources: 22 | - servicefences/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/rbac/servicefence_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view servicefences. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: servicefence-viewer-role 6 | rules: 7 | - apiGroups: 8 | - microservice.slime.io 9 | resources: 10 | - servicefences 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - microservice.slime.io 17 | resources: 18 | - servicefences/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/samples/microservice.slime.io_v1alpha1_servicefence.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha1 2 | kind: Servicefence 3 | metadata: 4 | name: servicefence-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/controllers/monitoring.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "slime.io/slime/framework/monitoring" 5 | "slime.io/slime/modules/lazyload/model" 6 | ) 7 | 8 | var ( 9 | SidecarCreations = monitoring.NewSum( 10 | model.ModuleName, 11 | "sidecar_creations", 12 | "total number of sidecar creations", 13 | ) 14 | 15 | SidecarFailedCreations = monitoring.NewSum( 16 | model.ModuleName, 17 | "sidecar_failed_creations", 18 | "total number of sidecar creations failed", 19 | ) 20 | 21 | SidecarRefreshes = monitoring.NewSum( 22 | model.ModuleName, 23 | "sidecar_refreshes", 24 | "total number of sidecar refreshes", 25 | ) 26 | 27 | ServiceFenceCreations = monitoring.NewSum( 28 | model.ModuleName, 29 | "servicefence_creations", 30 | "total number of servicefence creations success", 31 | ) 32 | 33 | ServiceFenceFailedCreations = monitoring.NewSum( 34 | model.ModuleName, 35 | "servicefence_failed_creations", 36 | "total number of servicefence creations failed", 37 | ) 38 | 39 | ServiceFenceRefresh = monitoring.NewSum( 40 | model.ModuleName, 41 | "servicefence_refreshes", 42 | "total number of servicefence refreshes", 43 | ) 44 | 45 | ServiceFenceDelections = monitoring.NewSum( 46 | model.ModuleName, 47 | "servicefence_deletions", 48 | "total number of servicefence deletions", 49 | ) 50 | 51 | UpdateExtraResourceFailed = monitoring.NewSum( 52 | model.ModuleName, 53 | "update_extra_resource_failed", 54 | "total number of update extra resource failed", 55 | ) 56 | 57 | ServicefenceLoads = monitoring.NewHistogram( 58 | model.ModuleName, 59 | "servicefenc_loads", 60 | "total number of servicefence loads", 61 | ) 62 | ) 63 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/controllers/testdata/autofence.base.expect.sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Sidecar 3 | metadata: 4 | name: foo 5 | namespace: lazyload 6 | spec: 7 | egress: 8 | - hosts: 9 | - "istio-system/*" 10 | - "mesh-operator/*" 11 | workloadSelector: 12 | labels: 13 | app: foo -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/controllers/testdata/autofence.base.input.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: lazyload 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: foo 11 | namespace: lazyload 12 | spec: 13 | ports: 14 | - port: 80 15 | protocol: TCP 16 | targetPort: 80 17 | selector: 18 | app: foo 19 | type: ClusterIP 20 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/easy_install_lazyload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [[ "$#" -eq 0 ]]; then 3 | echo "No specified tag or commit. Use the latest tag." 4 | tag_or_commit=$(curl -s https://api.github.com/repos/slime-io/slime/tags | grep 'name' | cut -d\" -f4 | head -1) 5 | if [[ -z $tag_or_commit ]]; then 6 | echo "Failed to get the latest tag. Exited." 7 | exit 1 8 | fi 9 | echo "The Latest slime tag: $tag_or_commit." 10 | else 11 | tag_or_commit=$1 12 | echo "Use specified tag or commit: $tag_or_commit" 13 | fi 14 | 15 | crds_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/install/init/crds-v1.yaml" 16 | deployment_slimeboot_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/install/init/deployment_slime-boot.yaml" 17 | slimeboot_lazyload_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/slimeboot_cluster_accesslog.yaml" 18 | 19 | kubectl create ns mesh-operator 20 | kubectl apply -f "${crds_url}" 21 | kubectl apply -f "${deployment_slimeboot_url}" 22 | kubectl apply -f "${slimeboot_lazyload_url}" 23 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/easy_uninstall_lazyload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [[ "$#" -eq 0 ]]; then 3 | echo "No specified tag or commit. Use the latest tag." 4 | tag_or_commit=$(curl -s https://api.github.com/repos/slime-io/slime/tags | grep 'name' | cut -d\" -f4 | head -1) 5 | if [[ -z $tag_or_commit ]]; then 6 | echo "Failed to get the latest tag. Exited." 7 | exit 1 8 | fi 9 | echo "The Latest slime tag: $tag_or_commit." 10 | else 11 | tag_or_commit=$1 12 | echo "Use specified tag or commit: $tag_or_commit" 13 | fi 14 | 15 | crds_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/install/init/crds-v1.yaml" 16 | deployment_slimeboot_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/install/init/deployment_slime-boot.yaml" 17 | slimeboot_lazyload_url="https://raw.githubusercontent.com/slime-io/slime/$tag_or_commit/staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/slimeboot_cluster_accesslog.yaml" 18 | 19 | 20 | kubectl delete -f "${slimeboot_lazyload_url}" 21 | kubectl delete -f "${deployment_slimeboot_url}" 22 | kubectl delete -f "${crds_url}" 23 | kubectl get slimeboot --all-namespaces | awk 'NR>1 {print "kubectl delete "$2" slimeboot -n "$1""}' | bash 24 | for i in $(kubectl get ns --no-headers |awk '{print $1}');do kubectl delete servicefence -n $i --all;done 25 | kubectl delete ns mesh-operator -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/pvc_lazyload.yaml: -------------------------------------------------------------------------------- 1 | # hostPath pv for minikube demo 2 | --- 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: lazyload-claim 7 | namespace: mesh-operator 8 | spec: 9 | storageClassName: manual 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 3Gi 15 | --- 16 | apiVersion: v1 17 | kind: PersistentVolume 18 | metadata: 19 | name: lazyload-volumn 20 | labels: 21 | type: local 22 | spec: 23 | storageClassName: manual 24 | capacity: 25 | storage: 5Gi 26 | accessModes: 27 | - ReadWriteOnce 28 | hostPath: 29 | path: "/mnt/data" 30 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/servicefence_productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: microservice.slime.io/v1alpha1 3 | kind: ServiceFence 4 | metadata: 5 | name: productpage 6 | namespace: default 7 | spec: 8 | enable: true 9 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/install/samples/lazyload/slimeboot_cluster_accesslog.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.netease.com/v1alpha1 3 | kind: SlimeBoot 4 | metadata: 5 | name: lazyload 6 | namespace: mesh-operator 7 | spec: 8 | image: 9 | pullPolicy: Always 10 | repository: docker.io/slimeio/slime-lazyload 11 | tag: v0.9.0 12 | namespace: mesh-operator 13 | istioNamespace: istio-system 14 | module: 15 | - name: lazyload 16 | kind: lazyload 17 | enable: true 18 | general: 19 | autoPort: true 20 | autoFence: true 21 | defaultFence: true 22 | wormholePort: # replace to your application service ports, and extend the list in case of multi ports 23 | - "9080" 24 | globalSidecarMode: cluster # the mode of global-sidecar 25 | metricSourceType: accesslog # indicate the metric source 26 | global: 27 | log: 28 | logLevel: info 29 | slimeNamespace: mesh-operator 30 | resources: 31 | requests: 32 | cpu: 300m 33 | memory: 300Mi 34 | limits: 35 | cpu: 600m 36 | memory: 600Mi 37 | component: 38 | globalSidecar: 39 | enable: true 40 | sidecarInject: 41 | enable: true # should be true 42 | mode: pod 43 | labels: # optional, used for sidecarInject.mode = pod 44 | sidecar.istio.io/inject: "true" 45 | resources: 46 | requests: 47 | cpu: 200m 48 | memory: 200Mi 49 | limits: 50 | cpu: 400m 51 | memory: 400Mi 52 | image: 53 | repository: docker.io/slimeio/slime-global-sidecar 54 | tag: v0.9.0 55 | probePort: 20000 56 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | "slime.io/slime/modules/lazyload/model" 22 | modmodule "slime.io/slime/modules/lazyload/module" 23 | ) 24 | 25 | func main() { 26 | module.Main(model.ModuleName, []module.Module{&modmodule.Module{}}) 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2021-10-19-en.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2021-10-19-en.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2021-10-19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2021-10-19.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-20211222.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-20211222.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-20211222_zh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-20211222_zh.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2023-12-06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-architecture-2023-12-06.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/lazyload-vs-update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/lazyload-vs-update.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/media/ll.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/lazyload/media/ll.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/model/const.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | const ( 4 | SlimeLeader = "slime.io/leader" 5 | GlobalSidecar = "global-sidecar" 6 | ) 7 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | ) 8 | 9 | const ModuleName = "lazyload" 10 | 11 | var ModuleLog = logrus.WithField(frameworkmodel.LogFieldKeyModule, ModuleName) 12 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/pkg/kube/resources.go: -------------------------------------------------------------------------------- 1 | package kube 2 | 3 | import "k8s.io/apimachinery/pkg/runtime/schema" 4 | 5 | var ( 6 | ServiceGVR = schema.GroupVersionResource{ 7 | Group: "", 8 | Version: "v1", 9 | Resource: "services", 10 | } 11 | ConfigMapGVR = schema.GroupVersionResource{ 12 | Group: "", 13 | Version: "v1", 14 | Resource: "configmaps", 15 | } 16 | EnvoyFilterGVR = schema.GroupVersionResource{ 17 | Group: "networking.istio.io", 18 | Version: "v1alpha3", 19 | Resource: "envoyfilters", 20 | } 21 | ) 22 | 23 | var ( 24 | ServiceGVK = schema.GroupVersionKind{ 25 | Group: "", 26 | Version: "v1", 27 | Kind: "Service", 28 | } 29 | ConfigMapGVK = schema.GroupVersionKind{ 30 | Group: "", 31 | Version: "v1", 32 | Kind: "ConfigMap", 33 | } 34 | EnvoyFilterGVK = schema.GroupVersionKind{ 35 | Group: "networking.istio.io", 36 | Version: "v1alpha3", 37 | Kind: "EnvoyFilter", 38 | } 39 | ) 40 | 41 | var ( 42 | gvr2GVK = map[schema.GroupVersionResource]schema.GroupVersionKind{ 43 | ServiceGVR: ServiceGVK, 44 | ConfigMapGVR: ConfigMapGVK, 45 | EnvoyFilterGVR: EnvoyFilterGVK, 46 | } 47 | 48 | gvk2GVR = map[schema.GroupVersionKind]schema.GroupVersionResource{ 49 | ServiceGVK: ServiceGVR, 50 | ConfigMapGVK: ConfigMapGVR, 51 | EnvoyFilterGVK: EnvoyFilterGVR, 52 | } 53 | ) 54 | 55 | func ConvertToGroupVersionResource(gvk schema.GroupVersionKind) schema.GroupVersionResource { 56 | return gvk2GVR[gvk] 57 | } 58 | 59 | func ConvertToGroupVersionKind(gvr schema.GroupVersionResource) schema.GroupVersionKind { 60 | return gvr2GVK[gvr] 61 | } 62 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/pkg/proxy/cache.go: -------------------------------------------------------------------------------- 1 | package proxy 2 | 3 | import ( 4 | "sync" 5 | 6 | "k8s.io/apimachinery/pkg/types" 7 | ) 8 | 9 | type Cache struct { 10 | Data map[types.NamespacedName]struct{} 11 | sync.RWMutex 12 | } 13 | 14 | func (c *Cache) Exist(nn types.NamespacedName) bool { 15 | c.RLock() 16 | defer c.RUnlock() 17 | _, ok := c.Data[nn] 18 | return ok 19 | } 20 | 21 | func (c *Cache) Set(nn types.NamespacedName) { 22 | c.Lock() 23 | defer c.Unlock() 24 | c.Data[nn] = struct{}{} 25 | } 26 | 27 | func (c *Cache) Delete(nn types.NamespacedName) { 28 | c.Lock() 29 | defer c.Unlock() 30 | delete(c.Data, nn) 31 | } 32 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/pkg/server/http.go: -------------------------------------------------------------------------------- 1 | package server 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | 7 | log "github.com/sirupsen/logrus" 8 | "k8s.io/kube-openapi/pkg/common" 9 | 10 | "slime.io/slime/framework/model/metric" 11 | ) 12 | 13 | type Handler struct { 14 | HttpPathHandler common.PathHandler 15 | Source metric.Source 16 | } 17 | 18 | func (s *Handler) HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request)) { 19 | if s.HttpPathHandler != nil { 20 | s.HttpPathHandler.Handle(pattern, http.HandlerFunc(handler)) 21 | } 22 | } 23 | 24 | // SvfResetSetting ns is needed, it will reset all svf in ns if svc is empty 25 | // otherwise, ns/name will reset 26 | func (s *Handler) SvfResetSetting(w http.ResponseWriter, r *http.Request) { 27 | ns := r.URL.Query().Get("ns") 28 | name := r.URL.Query().Get("name") 29 | if ns == "" { 30 | http.Error(w, "ns name is empty", http.StatusBadRequest) 31 | return 32 | } 33 | 34 | info := ns + "/" + name 35 | if err := s.Source.Reset(info); err != nil { 36 | http.Error(w, fmt.Sprintf("svf reset err %s", err), http.StatusInternalServerError) 37 | return 38 | } 39 | 40 | if _, err := w.Write([]byte("succeed")); err != nil { 41 | log.Errorf("reset svf %s err %s", info, err) 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=lazyload 4 | 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/e2e_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path/filepath" 7 | "testing" 8 | 9 | framework2 "slime.io/slime/framework/test/e2e/framework" 10 | "slime.io/slime/framework/test/e2e/framework/testfiles" 11 | 12 | "github.com/golang/glog" 13 | "github.com/onsi/ginkgo" 14 | "github.com/onsi/ginkgo/config" 15 | "github.com/onsi/ginkgo/reporters" 16 | "github.com/onsi/gomega" 17 | ) 18 | 19 | func init() { 20 | framework2.RegisterFlags() 21 | if framework2.TestContext.RepoRoot != "" { 22 | testfiles.AddFileSource(testfiles.RootFileSource{Root: framework2.TestContext.RepoRoot}) 23 | } 24 | } 25 | 26 | func TestE2E(t *testing.T) { 27 | RunE2ETests(t) 28 | } 29 | 30 | func RunE2ETests(t *testing.T) { 31 | t.Skip("skip unready e2e test") 32 | gomega.RegisterFailHandler(ginkgo.Fail) 33 | 34 | var r []ginkgo.Reporter 35 | ReportDir := "reports" 36 | 37 | if framework2.TestContext.ReportDir != "" { 38 | ReportDir = framework2.TestContext.ReportDir 39 | } 40 | 41 | if err := os.Mkdir(ReportDir, os.ModePerm); err != nil && !os.IsExist(err) { 42 | glog.Fatalf("Failed creating report directory %s ", ReportDir) 43 | } 44 | 45 | r = append(r, reporters.NewJUnitReporter(filepath.Join(ReportDir, fmt.Sprintf("service_%02d.xml", config.GinkgoConfig.ParallelNode)))) 46 | 47 | framework2.Logf("Starting e2e run %q on ginkgo node %d \n", framework2.RunId, config.GinkgoConfig.ParallelNode) 48 | ginkgo.RunSpecsWithDefaultAndCustomReporters(t, "e2e test suite", r) 49 | } 50 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/lazyload_test_clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # use sed cmd change {{xx}} to xx in yaml files 3 | # the value of xx has no effect on cleaning resource 4 | 5 | sed -e 's/{{istioRevKey}}/istioRevKey/g' -e 's/{{istioRevValue}}/istioRevValue/g' ./testdata/install/samples/lazyload/servicefence_productpage.yaml > tmp_servicefence_productpage.yaml 6 | kubectl delete -f tmp_servicefence_productpage.yaml 7 | 8 | sed -e 's/{{lazyloadTag}}/lazyloadTag/g' -e 's/{{istioRevValue}}/istioRevValue/g' -e 's/{{strictRev}}/strictRev/g' -e 's/{{globalSidecarTag}}/globalSidecarTag/g' -e 's/{{globalSidecarPilotTag}}/globalSidecarPilotTag/g' ./testdata/install/samples/lazyload/slimeboot_lazyload.yaml > tmp_slimeboot_lazyload.yaml 9 | kubectl delete -f tmp_slimeboot_lazyload.yaml 10 | 11 | kubectl delete -f ./testdata/install/config/bookinfo.yaml 12 | 13 | sed -e 's/{{slimebootTag}}/slimebootTag/g' ./testdata/install/init/deployment_slime-boot.yaml > tmp_deployment_slime-boot.yaml 14 | kubectl delete -f tmp_deployment_slime-boot.yaml 15 | 16 | kubectl delete -f ./testdata/install/init/crds.yaml 17 | 18 | kubectl delete ns example-apps 19 | 20 | kubectl delete ns mesh-operator 21 | 22 | rm -f tmp_* 23 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/reports/service_01.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/testdata/install/init/deployment_slime-boot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: slime-boot 5 | namespace: mesh-operator 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | name: slime-boot 11 | template: 12 | metadata: 13 | labels: 14 | name: slime-boot 15 | spec: 16 | serviceAccountName: slime-boot 17 | containers: 18 | - name: slime-boot 19 | # Replace this with the built image name 20 | image: docker.io/slimeio/slime-boot:{{slimebootTag}} 21 | imagePullPolicy: Always 22 | env: 23 | - name: WATCH_NAMESPACE 24 | value: "" 25 | - name: POD_NAME 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.name 29 | - name: OPERATOR_NAME 30 | value: "slime-boot" 31 | --- 32 | kind: RoleBinding 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | metadata: 35 | name: slime-boot 36 | namespace: mesh-operator 37 | subjects: 38 | - kind: ServiceAccount 39 | name: slime-boot 40 | namespace: mesh-operator 41 | roleRef: 42 | kind: Role 43 | name: slime-boot 44 | apiGroup: rbac.authorization.k8s.io 45 | --- 46 | apiVersion: v1 47 | kind: ServiceAccount 48 | metadata: 49 | name: slime-boot 50 | namespace: mesh-operator 51 | --- 52 | apiVersion: rbac.authorization.k8s.io/v1 53 | kind: ClusterRoleBinding 54 | metadata: 55 | name: slime-boot 56 | subjects: 57 | - kind: ServiceAccount 58 | name: slime-boot 59 | namespace: mesh-operator 60 | roleRef: 61 | kind: ClusterRole 62 | name: cluster-admin 63 | apiGroup: rbac.authorization.k8s.io 64 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/testdata/install/samples/lazyload/servicefence_productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: microservice.slime.io/v1alpha1 3 | kind: ServiceFence 4 | metadata: 5 | name: productpage 6 | labels: 7 | {{istioRevKey}}: {{istioRevValue}} 8 | #namespace: default 9 | spec: 10 | enable: true 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/lazyload/test/e2e/testdata/install/samples/lazyload/slimeboot_lazyload.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.netease.com/v1alpha1 3 | kind: SlimeBoot 4 | metadata: 5 | name: lazyload 6 | namespace: mesh-operator 7 | spec: 8 | image: 9 | pullPolicy: Always 10 | repository: docker.io/slimeio/slime-lazyload 11 | tag: {{lazyloadTag}} 12 | module: 13 | - name: lazyload 14 | enable: true 15 | fence: 16 | wormholePort: # replace to your application svc ports 17 | - "9080" 18 | metric: 19 | prometheus: 20 | address: http://prometheus.istio-system:9090 21 | handlers: 22 | destination: 23 | query: | 24 | sum(istio_requests_total{source_app="$source_app",reporter="destination"})by(destination_service) 25 | type: Group 26 | global: 27 | istioRev: {{istioRevValue}} 28 | strictRev: {{strictRev}} 29 | component: 30 | globalSidecar: 31 | enable: true 32 | type: namespaced 33 | namespace: 34 | - example-apps # 替换为bookinfo安装的ns 35 | resources: 36 | requests: 37 | cpu: 200m 38 | memory: 200Mi 39 | limits: 40 | cpu: 400m 41 | memory: 200Mi 42 | image: 43 | repository: istio/proxyv2 44 | tag: {{globalSidecarTag}} 45 | pilot: 46 | enable: true 47 | resources: 48 | requests: 49 | cpu: 200m 50 | memory: 200Mi 51 | limits: 52 | cpu: 400m 53 | memory: 800Mi 54 | image: 55 | repository: docker.io/slimeio/pilot 56 | tag: {{globalSidecarPilotTag}} 57 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] 10 | 11 | 12 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/api/config/limiter_module_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Limiter 10 | func (this *Limiter) MarshalJSON() ([]byte, error) { 11 | str, err := LimiterModuleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Limiter 16 | func (this *Limiter) UnmarshalJSON(b []byte) error { 17 | return LimiterModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for RlsConfigMap 21 | func (this *RlsConfigMap) MarshalJSON() ([]byte, error) { 22 | str, err := LimiterModuleMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for RlsConfigMap 27 | func (this *RlsConfigMap) UnmarshalJSON(b []byte) error { 28 | return LimiterModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for RateLimitService 32 | func (this *RateLimitService) MarshalJSON() ([]byte, error) { 33 | str, err := LimiterModuleMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for RateLimitService 38 | func (this *RateLimitService) UnmarshalJSON(b []byte) error { 39 | return LimiterModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | var ( 43 | LimiterModuleMarshaler = &jsonpb.Marshaler{} 44 | LimiterModuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 45 | ) 46 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/api/v1alpha2/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha2 contains API Schema definitions for the microservice.slime.io v1alpha2 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=microservice.slime.io 20 | package v1alpha2 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "microservice.slime.io", Version: "v1alpha2"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/api/v1alpha2/smartlimiter_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha2 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | // +kubebuilder:object:root=true 24 | 25 | // SmartLimiter is the Schema for the smartlimiters API 26 | type SmartLimiter struct { 27 | metav1.TypeMeta `json:",inline"` 28 | metav1.ObjectMeta `json:"metadata,omitempty"` 29 | 30 | Spec SmartLimiterSpec `json:"spec,omitempty"` 31 | Status SmartLimiterStatus `json:"status,omitempty"` 32 | } 33 | 34 | // +kubebuilder:object:root=true 35 | 36 | // SmartLimiterList contains a list of SmartLimiter 37 | type SmartLimiterList struct { 38 | metav1.TypeMeta `json:",inline"` 39 | metav1.ListMeta `json:"metadata,omitempty"` 40 | Items []SmartLimiter `json:"items"` 41 | } 42 | 43 | func init() { 44 | SchemeBuilder.Register(&SmartLimiter{}, &SmartLimiterList{}) 45 | } 46 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/cfg.json: -------------------------------------------------------------------------------- 1 | { 2 | "enable":true, 3 | "limiter":{ 4 | "backend":1 5 | }, 6 | "metric":{ 7 | "k8s":{ 8 | "handlers":[ 9 | "pod" 10 | ] 11 | }, 12 | "prometheus":{ 13 | "address":"http://127.0.0.1:9090", 14 | "handlers":{ 15 | "cpu.max":{ 16 | "query":"max(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod=~\"$pod_name\",image=\"\"})\n" 17 | }, 18 | "cpu.sum":{ 19 | "query":"sum(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod=~\"$pod_name\",image=\"\"})\n" 20 | }, 21 | "rt99":{ 22 | "query":"histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{kubernetes_pod_name=~\"$pod_name\"}[2m]))by(le))\n" 23 | } 24 | } 25 | } 26 | }, 27 | "name":"limiter" 28 | } 29 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/charts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/limiter/charts/values.yaml -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for 4 | # breaking changes 5 | apiVersion: cert-manager.io/v1alpha2 6 | kind: Issuer 7 | metadata: 8 | name: selfsigned-issuer 9 | namespace: system 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1alpha2 14 | kind: Certificate 15 | metadata: 16 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 17 | namespace: system 18 | spec: 19 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 20 | dnsNames: 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 22 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 23 | issuerRef: 24 | kind: Issuer 25 | name: selfsigned-issuer 26 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 27 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/microservice.slime.io_smartlimiters.yaml 6 | - bases/networking.istio.io_destinationrules.yaml 7 | # +kubebuilder:scaffold:crdkustomizeresource 8 | 9 | patchesStrategicMerge: 10 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 11 | # patches here are for enabling the conversion webhook for each CRD 12 | #- patches/webhook_in_smartlimiters.yaml 13 | #- patches/webhook_in_destinationrules.yaml 14 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 15 | 16 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 17 | # patches here are for enabling the CA injection for each CRD 18 | #- patches/cainjection_in_smartlimiters.yaml 19 | #- patches/cainjection_in_destinationrules.yaml 20 | # +kubebuilder:scaffold:crdkustomizecainjectionpatch 21 | 22 | # the following config is for teaching kustomize how to do kustomization for CRDs. 23 | configurations: 24 | - kustomizeconfig.yaml 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/patches/cainjection_in_destinationrules.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: destinationrules.networking.istio.io 9 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/patches/cainjection_in_smartlimiters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: smartlimiters.microservice.slime.io 9 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/patches/webhook_in_destinationrules.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: destinationrules.networking.istio.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/crd/patches/webhook_in_smartlimiters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: smartlimiters.microservice.slime.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/destinationrule_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit destinationrules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destinationrule-editor-role 6 | rules: 7 | - apiGroups: 8 | - networking.istio.io 9 | resources: 10 | - destinationrules 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - networking.istio.io 21 | resources: 22 | - destinationrules/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/destinationrule_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view destinationrules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destinationrule-viewer-role 6 | rules: 7 | - apiGroups: 8 | - networking.istio.io 9 | resources: 10 | - destinationrules 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - networking.istio.io 17 | resources: 18 | - destinationrules/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/smartlimiter_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit smartlimiters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: smartlimiter-editor-role 6 | rules: 7 | - apiGroups: 8 | - microservice.slime.io 9 | resources: 10 | - smartlimiters 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - microservice.slime.io 21 | resources: 22 | - smartlimiters/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/rbac/smartlimiter_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view smartlimiters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: smartlimiter-viewer-role 6 | rules: 7 | - apiGroups: 8 | - microservice.slime.io 9 | resources: 10 | - smartlimiters 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - microservice.slime.io 17 | resources: 18 | - smartlimiters/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/samples/microservice.slime.io_v1alpha1_smartlimiter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha1 2 | kind: SmartLimiter 3 | metadata: 4 | name: smartlimiter-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/samples/networking.istio.io_v1alpha3_destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: destinationrule-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/controllers.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | frameworkmodel "slime.io/slime/framework/model" 5 | "slime.io/slime/modules/limiter/model" 6 | ) 7 | 8 | var log = model.ModuleLog.WithField(frameworkmodel.LogFieldKeyPkg, "controllers") 9 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/monitoring.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "slime.io/slime/framework/monitoring" 5 | "slime.io/slime/modules/limiter/model" 6 | ) 7 | 8 | var ( 9 | ReconcilesTotal = monitoring.NewSum( 10 | model.ModuleName, 11 | "reconciles", 12 | "total number of smartlimiter reconciles", 13 | ) 14 | 15 | ValidationFailedTotal = monitoring.NewSum( 16 | model.ModuleName, 17 | "validations_failed", 18 | "the total number of failed smartlimiter validations", 19 | ) 20 | 21 | EnvoyFilterCreations = monitoring.NewSum( 22 | model.ModuleName, 23 | "envoyfilter_creations", 24 | "total number of envoyfilter creations", 25 | ) 26 | 27 | EnvoyFilterCreationsFailed = monitoring.NewSum( 28 | model.ModuleName, 29 | "envoyfilter_creations_failed", 30 | "total number of envoyfilter creations failed", 31 | ) 32 | 33 | EnvoyfilterRefreshes = monitoring.NewSum( 34 | model.ModuleName, 35 | "envoyfilter_refreshes", 36 | "total number of envoyfilter refreshes", 37 | ) 38 | 39 | EnvoyfilterDeletions = monitoring.NewSum( 40 | model.ModuleName, 41 | "envoyfilter_deletions", 42 | "total number of envoyfilter deletions", 43 | ) 44 | 45 | CachedLimiter = monitoring.NewGauge( 46 | model.ModuleName, 47 | "cached_limiter", 48 | "the number of cached limiter", 49 | ) 50 | ) 51 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/testdata/base_objs.local.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: hello 6 | namespace: default 7 | labels: 8 | app: hello 9 | spec: 10 | containers: 11 | - name: hello 12 | image: nginx:1.14 13 | ports: 14 | - containerPort: 80 15 | --- 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: hello 20 | namespace: default 21 | labels: 22 | app: hello 23 | spec: 24 | selector: 25 | app: hello 26 | ports: 27 | - port: 80 28 | targetPort: 80 29 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/testdata/limit_by_method.local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha2 2 | kind: SmartLimiter 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: hello 7 | namespace: default 8 | spec: 9 | sets: 10 | _base: 11 | descriptor: 12 | - action: 13 | fillInterval: 14 | seconds: 1 15 | quota: "10" 16 | strategy: single 17 | condition: "true" 18 | match: 19 | - exact_match: GET 20 | name: :method 21 | target: {} 22 | workloadSelector: 23 | app: hello 24 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/testdata/limit_by_query.local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha2 2 | kind: SmartLimiter 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: hello 7 | namespace: default 8 | spec: 9 | sets: 10 | _base: 11 | descriptor: 12 | - action: 13 | fillInterval: 14 | seconds: 1 15 | quota: "10" 16 | strategy: single 17 | condition: "true" 18 | match: 19 | - matchSource: QueryMatch 20 | name: foo 21 | prefixMatch: bar 22 | target: {} 23 | workloadSelector: 24 | app: hello 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/testdata/limit_by_sourceIP.local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha2 2 | kind: SmartLimiter 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: hello 7 | namespace: default 8 | spec: 9 | sets: 10 | _base: 11 | descriptor: 12 | - action: 13 | fillInterval: 14 | seconds: 1 15 | quota: "10" 16 | strategy: single 17 | condition: "true" 18 | match: 19 | - matchSource: SourceIpMatch 20 | exactMatch: 10.0.0.1 21 | target: {} 22 | # without workloadSelector, the SmartLimiter will get it from svc. 23 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/controllers/testdata/limit_outbound_with_mismatch_selector.local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha2 2 | kind: SmartLimiter 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: withselector-missing-match-workload 7 | namespace: default 8 | spec: 9 | gateway: true 10 | sets: 11 | _base: 12 | descriptor: 13 | - action: 14 | fill_interval: 15 | seconds: 60 16 | quota: "50" 17 | strategy: single 18 | condition: "true" 19 | target: 20 | direction: outbound 21 | route: 22 | - /foo 23 | workloadSelector: 24 | app: not-matched-any-workload 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/easy_install_limiter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [[ "$#" -eq 0 ]]; then 3 | echo "No specified tag or commit. Use the latest tag." 4 | slime_tag_or_commit=$(curl -s https://api.github.com/repos/slime-io/slime/tags | grep 'name' | cut -d\" -f4 | head -1) 5 | if [[ -z $slime_tag_or_commit ]]; then 6 | echo "Failed to get the latest slime tag. Exited." 7 | exit 1 8 | fi 9 | echo "The Latest slime tag: $slime_tag_or_commit." 10 | else 11 | slime_tag_or_commit=$1 12 | echo "Use specified slime tag or commit: $slime_tag_or_commit" 13 | fi 14 | 15 | crds_url="https://raw.githubusercontent.com/slime-io/slime/$slime_tag_or_commit/install/init/crds-v1.yaml" 16 | deployment_slimeboot_url="https://raw.githubusercontent.com/slime-io/slime/$slime_tag_or_commit/install/init/deployment_slime-boot.yaml" 17 | slimeboot_smartlimiter_url="https://raw.githubusercontent.com/slime-io/slime/$slime_tag_or_commit/staging/src/slime.io/slime/modules/limiter/install/limiter.yaml" 18 | 19 | kubectl create ns mesh-operator 20 | kubectl apply -f "${crds_url}" 21 | kubectl apply -f "${deployment_slimeboot_url}" 22 | kubectl apply -f "${slimeboot_smartlimiter_url}" 23 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/easy_uninstall_limiter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [[ "$#" -eq 0 ]]; then 3 | echo "No specified tag or commit. Use the latest tag." 4 | slime_tag_or_commit=$(curl -s https://api.github.com/repos/slime-io/slime/tags | grep 'name' | cut -d\" -f4 | head -1) 5 | if [[ -z $slime_tag_or_commit ]]; then 6 | echo "Failed to get the latest slime tag. Exited." 7 | exit 1 8 | fi 9 | echo "The Latest slime tag: $slime_tag_or_commit." 10 | fi 11 | 12 | crds_url="https://raw.githubusercontent.com/slime-io/slime/$slime_tag_or_commit/install/init/crds.yaml" 13 | deployment_slimeboot_url="https://raw.githubusercontent.com/slime-io/limiter/$slime_tag_or_commit/install/init/deployment_slime-boot.yaml" 14 | slimeboot_smartlimiter_url="https://raw.githubusercontent.com/slime-io/slime/$slime_tag_or_commit/staging/src/slime.io/slime/modules/limiter/install/limiter.yaml" 15 | 16 | for i in $(kubectl get ns --no-headers |awk '{print $1}');do kubectl delete smartlimiter -n $i --all;done 17 | kubectl delete -f "${slimeboot_smartlimiter_url}" 18 | kubectl delete -f "${deployment_slimeboot_url}" 19 | kubectl delete -f "${crds_url}" 20 | kubectl delete ns mesh-operator 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/gw_limiter_envoyfilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | labels: 5 | istio.io/rev: gateway 6 | name: envoyfilters-gateway 7 | namespace: gateway 8 | spec: 9 | configPatches: 10 | - applyTo: HTTP_FILTER 11 | match: 12 | context: GATEWAY 13 | listener: 14 | filterChain: 15 | filter: 16 | name: envoy.filters.network.http_connection_manager 17 | subFilter: 18 | name: envoy.filters.http.router 19 | patch: 20 | operation: INSERT_BEFORE 21 | value: 22 | name: envoy.filters.http.local_ratelimit 23 | typed_config: 24 | '@type': type.googleapis.com/udpa.type.v1.TypedStruct 25 | type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 26 | value: 27 | stat_prefix: http_local_rate_limiter 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/limiter-global.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.netease.com/v1alpha1 2 | kind: SlimeBoot 3 | metadata: 4 | name: limiter 5 | namespace: mesh-operator 6 | spec: 7 | image: 8 | pullPolicy: Always 9 | repository: docker.io/slimeio/slime-limiter 10 | tag: v0.9.0 11 | module: 12 | - name: limiter 13 | kind: limiter 14 | enable: true 15 | general: 16 | disableGlobalRateLimit: false 17 | disableAdaptive: true 18 | disableInsertGlobalRateLimit: false 19 | rlsConfigMap: 20 | name: rate-limit-config 21 | namespace: istio-system 22 | rls: 23 | service: rate-limit.istio-system.svc.cluster.local 24 | port: 18081 25 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/limiter.yaml: -------------------------------------------------------------------------------- 1 | kind: SlimeBoot 2 | metadata: 3 | name: limiter 4 | namespace: mesh-operator 5 | spec: 6 | image: 7 | pullPolicy: Always 8 | repository: docker.io/slimeio/slime-limiter 9 | tag: v0.9.0 10 | module: 11 | - name: limiter 12 | kind: limiter 13 | enable: true 14 | general: 15 | disableGlobalRateLimit: true 16 | disableAdaptive: true 17 | disableInsertGlobalRateLimit: true 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/rate-limit-config-gw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | config.yaml: | 4 | domain: slime 5 | kind: ConfigMap 6 | metadata: 7 | name: rate-limit-config 8 | namespace: gateway-system -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/install/rate-limit-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | config.yaml: | 4 | domain: slime 5 | kind: ConfigMap 6 | metadata: 7 | name: rate-limit-config 8 | namespace: istio-system -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | "slime.io/slime/modules/limiter/model" 22 | modmodule "slime.io/slime/modules/limiter/module" 23 | ) 24 | 25 | func main() { 26 | module.Main(model.ModuleName, []module.Module{&modmodule.Module{}}) 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/media/SmartLimiter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/limiter/media/SmartLimiter.png -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/media/smartlimiter.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/limiter/media/smartlimiter.jpg -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/model/const.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | const ( 4 | ConfigMapName = "rate-limit-config" 5 | 6 | ConfigMapConfig = "config.yaml" 7 | 8 | GenericKey = "generic_key" 9 | 10 | HeaderValueMatch = "header_match" 11 | 12 | RemoteAddress = "remote_address" 13 | 14 | QueryMatch = "query_match" 15 | 16 | BodyMatch = "body_match" 17 | 18 | DescriptiorValue = "descriptor_value" 19 | 20 | Bodies = "bodies" 21 | 22 | RateLimits = "rate_limits" 23 | 24 | RateLimitActions = "actions" 25 | 26 | Route = "route" 27 | 28 | Domain = "slime" 29 | 30 | Inbound = "inbound" 31 | 32 | Outbound = "outbound" 33 | 34 | Gateway = "gateway" 35 | 36 | // AllowAllPort use the implicit semantic "empty means match-all" 37 | AllowAllPort = "" 38 | 39 | GlobalSmartLimiter = "global" 40 | 41 | SingleSmartLimiter = "single" 42 | 43 | AverageSmartLimiter = "average" 44 | 45 | TypeUrlEnvoyRateLimit = "type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit" 46 | 47 | StructDomain = "domain" 48 | 49 | StructRateLimitService = "rate_limit_service" 50 | 51 | TypePerFilterConfig = "typed_per_filter_config" 52 | 53 | EnvoyFiltersHttpRateLimit = "envoy.filters.http.ratelimit" 54 | 55 | EnvoyStatPrefix = "stat_prefix" 56 | 57 | EnvoyHttpLocalRateLimiterStatPrefix = "http_local_rate_limiter" 58 | 59 | MetricSourceTypePrometheus = "prometheus" 60 | 61 | MetricSourceTypeLocal = "local" 62 | 63 | MetricSourceType = "metric_source_type" 64 | 65 | InlineMetricPod = "pod" 66 | 67 | InboundDefaultRoute = "default" 68 | 69 | MockHost = "mock_host" 70 | 71 | MockSourceIp = "240.240.240.240" 72 | ) 73 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | ) 8 | 9 | const ModuleName = "limiter" 10 | 11 | var ModuleLog = logrus.WithField(frameworkmodel.LogFieldKeyModule, ModuleName) 12 | 13 | type RateLimitConfig struct { 14 | Domain string `yaml:"domain,omitempty"` 15 | Descriptors []*Descriptor `yaml:"descriptors,omitempty"` 16 | } 17 | 18 | type Descriptor struct { 19 | Key string `yaml:"key,omitempty"` 20 | Value string `yaml:"value,omitempty"` 21 | RateLimit *RateLimit `yaml:"rate_limit,omitempty"` 22 | Descriptors []Descriptor `yaml:"descriptors,omitempty"` 23 | } 24 | 25 | type RateLimit struct { 26 | RequestsPerUnit uint32 `yaml:"requests_per_unit,omitempty"` 27 | Unit string `yaml:"unit,omitempty"` 28 | } 29 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=limiter 4 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 5 | ../../../../../../bin/multiarch.sh "$@" 6 | else 7 | ../../../../../../bin/publish.sh "$@" 8 | fi 9 | 10 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sed -e 's/{{istioRevKey}}/istioRevKey/g' -e 's/{{istioRevValue}}/istioRevValue/g' ./testdata/install/samples/limit/productpage_smartlimiter.yaml > tmp_productpage_smartlimiter.yaml 4 | kubectl delete -f tmp_productpage_smartlimiter.yaml 5 | 6 | sed -e 's/{{limitTag}}/limitTag/g' ./testdata/install/samples/limit/slimeboot_limit.yaml > tmp_slimeboot_limit.yaml 7 | kubectl delete -f tmp_slimeboot_limit.yaml 8 | 9 | kubectl delete -f ./testdata/install/config/bookinfo.yaml 10 | 11 | sed -e 's/{{slimebootTag}}/slimebootTag/g' ./testdata/install/init/deployment_slime-boot.yaml > tmp_deployment_slime-boot.yaml 12 | kubectl delete -f tmp_deployment_slime-boot.yaml 13 | 14 | kubectl delete -f ./testdata/install/init/crds.yaml 15 | 16 | kubectl delete ns temp 17 | 18 | kubectl delete ns mesh-operator 19 | 20 | rm -f tmp_* 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/e2e_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path/filepath" 7 | "testing" 8 | 9 | framework2 "slime.io/slime/framework/test/e2e/framework" 10 | "slime.io/slime/framework/test/e2e/framework/testfiles" 11 | 12 | "github.com/golang/glog" 13 | "github.com/onsi/ginkgo" 14 | "github.com/onsi/ginkgo/config" 15 | "github.com/onsi/ginkgo/reporters" 16 | "github.com/onsi/gomega" 17 | ) 18 | 19 | func init() { 20 | framework2.RegisterFlags() 21 | if framework2.TestContext.RepoRoot != "" { 22 | testfiles.AddFileSource(testfiles.RootFileSource{Root: framework2.TestContext.RepoRoot}) 23 | } 24 | } 25 | 26 | func TestE2E(t *testing.T) { 27 | RunE2ETests(t) 28 | } 29 | 30 | func RunE2ETests(t *testing.T) { 31 | t.Skip("skip unready e2e test") 32 | gomega.RegisterFailHandler(ginkgo.Fail) 33 | 34 | var r []ginkgo.Reporter 35 | ReportDir := "reports" 36 | 37 | if framework2.TestContext.ReportDir != "" { 38 | ReportDir = framework2.TestContext.ReportDir 39 | } 40 | 41 | if err := os.Mkdir(ReportDir, os.ModePerm); err != nil && !os.IsExist(err) { 42 | glog.Fatalf("Failed creating report directory %s ", ReportDir) 43 | } 44 | 45 | r = append(r, reporters.NewJUnitReporter(filepath.Join(ReportDir, fmt.Sprintf("service_%02d.xml", config.GinkgoConfig.ParallelNode)))) 46 | 47 | framework2.Logf("Starting e2e run %q on ginkgo node %d \n", framework2.RunId, config.GinkgoConfig.ParallelNode) 48 | ginkgo.RunSpecsWithDefaultAndCustomReporters(t, "e2e test suite", r) 49 | } 50 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/testdata/install/init/deployment_slime-boot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: slime-boot 5 | namespace: mesh-operator 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | name: slime-boot 11 | template: 12 | metadata: 13 | labels: 14 | name: slime-boot 15 | spec: 16 | serviceAccountName: slime-boot 17 | containers: 18 | - name: slime-boot 19 | # Replace this with the built image name 20 | image: docker.io/slimeio/slime-boot:{{slimebootTag}} 21 | imagePullPolicy: Always 22 | env: 23 | - name: WATCH_NAMESPACE 24 | value: "" 25 | - name: POD_NAME 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.name 29 | - name: OPERATOR_NAME 30 | value: "slime-boot" 31 | --- 32 | kind: RoleBinding 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | metadata: 35 | name: slime-boot 36 | namespace: mesh-operator 37 | subjects: 38 | - kind: ServiceAccount 39 | name: slime-boot 40 | namespace: mesh-operator 41 | roleRef: 42 | kind: Role 43 | name: slime-boot 44 | apiGroup: rbac.authorization.k8s.io 45 | --- 46 | apiVersion: v1 47 | kind: ServiceAccount 48 | metadata: 49 | name: slime-boot 50 | namespace: mesh-operator 51 | --- 52 | apiVersion: rbac.authorization.k8s.io/v1 53 | kind: ClusterRoleBinding 54 | metadata: 55 | name: slime-boot 56 | subjects: 57 | - kind: ServiceAccount 58 | name: slime-boot 59 | namespace: mesh-operator 60 | roleRef: 61 | kind: ClusterRole 62 | name: cluster-admin 63 | apiGroup: rbac.authorization.k8s.io 64 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/testdata/install/samples/limiter/productpage_smartlimiter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha2 2 | kind: SmartLimiter 3 | metadata: 4 | name: productpage 5 | namespace: temp 6 | spec: 7 | sets: 8 | _base: 9 | descriptor: 10 | - action: 11 | fill_interval: 12 | seconds: 60 13 | quota: "4/{{._base.pod}}" 14 | stragety: "average" 15 | condition: "true" 16 | target: 17 | port: 9080 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/testdata/install/samples/limiter/slimeboot_limiter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.netease.com/v1alpha1 3 | kind: SlimeBoot 4 | metadata: 5 | name: limiter 6 | namespace: mesh-operator 7 | spec: 8 | image: 9 | pullPolicy: Always 10 | repository: liuliluo/limiter 11 | tag: {{limitTag}} 12 | module: 13 | - enable: true 14 | limiter: 15 | backend: 1 16 | metric: 17 | k8s: 18 | handlers: 19 | - pod 20 | prometheus: 21 | address: 'http://prometheus.istio-system:9090' 22 | handlers: 23 | cpu.max: 24 | query: > 25 | max(container_cpu_usage_seconds_total{namespace="$namespace",pod=~"$pod_name",image=""}) 26 | cpu.sum: 27 | query: > 28 | sum(container_cpu_usage_seconds_total{namespace="$namespace",pod=~"$pod_name",image=""}) 29 | rt99: 30 | query: > 31 | histogram_quantile(0.99, 32 | sum(rate(istio_request_duration_milliseconds_bucket{kubernetes_pod_name=~"$pod_name"}[2m]))by(le)) 33 | name: limiter 34 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/limiter/test/e2e/values.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | // the values normally you do not need to change 4 | var ( 5 | testResourceToDelete []*TestResource 6 | slGroup = "microservice.slime.io" 7 | slVersion = "v1alpha2" 8 | slResource = "smartlimiters" 9 | 10 | efGroup = "networking.istio.io" 11 | efVersion = "v1alpha3" 12 | efResource = "envoyfilters" 13 | 14 | istioRevKey = "istio.io/rev" 15 | ) 16 | 17 | // the values you can change 18 | // these are only example values, you can change them according to your situation 19 | // you can also use env to override these default values avoiding changing values.go all the time, see func substituteValue in lazyload_test.go 20 | // latest image tag link https://github.com/slime-io/slime/wiki/Slime-Project-Tag-and-Image-Tag-Mapping-Table 21 | var ( 22 | nsSlime = "mesh-operator" // namespace deployed slime 23 | nsApps = "temp" // namespace deployed demo apps 24 | test = "test/e2e/testdata/install" // testdata path 25 | slimebootName = "slime-boot" // consistent with your deployment_slime-boot.yaml 26 | istioRevValue = "1-10-2" // istio revision 27 | slimebootTag = "v0.2.3-5bf313f" // slime-boot image tag, using the link above as reference 28 | limitTag = "v0.4" // limit image tag, using the link above as reference 29 | ) 30 | 31 | type TestResource struct { 32 | Namespace string 33 | Contents string 34 | Selectors []string 35 | } 36 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] 10 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/PROJECT: -------------------------------------------------------------------------------- 1 | domain: my.domain 2 | repo: slime.io/slime 3 | resources: 4 | - group: microservice.slime.io 5 | kind: PluginManager 6 | version: v1alpha1 7 | - group: microservice.slime.io 8 | kind: EnvoyPlugin 9 | version: v1alpha1 10 | version: "2" 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/README.md: -------------------------------------------------------------------------------- 1 | README_CH.md -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/api/config/meshregistry_module.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | package slime.microservice.meshregistry.v1alpha1; 3 | 4 | option go_package = "slime.io/slime/modules/meshregistry/api/v1alpha1"; 5 | 6 | message MeshRegistryModule { 7 | } 8 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/api/config/meshregistry_module_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using MeshRegistryModule within kubernetes types, where deepcopy-gen is used. 9 | func (in *MeshRegistryModule) DeepCopyInto(out *MeshRegistryModule) { 10 | p := proto.Clone(in).(*MeshRegistryModule) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRegistryModule. Required by controller-gen. 15 | func (in *MeshRegistryModule) DeepCopy() *MeshRegistryModule { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(MeshRegistryModule) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshRegistryModule. Required by controller-gen. 25 | func (in *MeshRegistryModule) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/api/config/meshregistry_module_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for MeshRegistryModule 10 | func (this *MeshRegistryModule) MarshalJSON() ([]byte, error) { 11 | str, err := MeshregistryModuleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for MeshRegistryModule 16 | func (this *MeshRegistryModule) UnmarshalJSON(b []byte) error { 17 | return MeshregistryModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | MeshregistryModuleMarshaler = &jsonpb.Marshaler{} 22 | MeshregistryModuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 slime. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the microservice.slime.io v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=microservice.slime.io 20 | package v1alpha1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "microservice.slime.io", Version: "v1alpha1"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/charts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/meshregistry/charts/values.yaml -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/controllers/controllers.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | frameworkmodel "slime.io/slime/framework/model" 5 | "slime.io/slime/modules/meshregistry/model" 6 | ) 7 | 8 | var log = model.ModuleLog.WithField(frameworkmodel.LogFieldKeyPkg, "controllers") 9 | 10 | var _ = log 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/install/samples/plugin/slimeboot_meshregistry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.netease.com/v1alpha1 2 | kind: SlimeBoot 3 | metadata: 4 | name: meshregistry 5 | namespace: mesh-operator 6 | spec: 7 | module: 8 | - name: meshregistry # custom value 9 | kind: meshregistry # should be "meshregistry" 10 | enable: true 11 | image: 12 | pullPolicy: Always 13 | repository: docker.io/slimeio/slime-meshregistry 14 | tag: v0.2.0_linux_amd64 15 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | "slime.io/slime/modules/meshregistry/model" 22 | modmodule "slime.io/slime/modules/meshregistry/module" 23 | ) 24 | 25 | func main() { 26 | module.Main(model.ModuleName, []module.Module{&modmodule.Module{}}) 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | ) 8 | 9 | const ModuleName = "meshregistry" 10 | 11 | var ModuleLog = logrus.WithField(frameworkmodel.LogFieldKeyModule, ModuleName) 12 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/module/testdata/legacy-gw-mode.dynamic.cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: slime 5 | namespace: default 6 | data: 7 | cfg_meshregistry: | 8 | name: meshregistry 9 | kind: meshregistry 10 | enable: true 11 | mode: BundleItem 12 | general: 13 | LEGACY: 14 | # override the default value 15 | ExcludedResourceKinds: 16 | - "-" 17 | # override the default value 18 | Snapshots: 19 | - "-" 20 | K8SSource: 21 | Enabled: false 22 | EurekaSource: 23 | Enabled: true 24 | Address: 25 | - "http://127.0.0.1/eureka" 26 | RefreshPeriod: 15s 27 | SvcPort: 80 28 | GatewayModel: true 29 | NacosSource: 30 | Enabled: true 31 | Address: 32 | - "127.0.0.1:8848" 33 | RefreshPeriod: 15s 34 | Mode: polling 35 | SvcPort: 80 36 | GatewayModel: true 37 | ServiceHostAliases: 38 | - Host: foo.bar 39 | Aliases: 40 | - foo1.bar 41 | - foo2.bar 42 | ZookeeperSource: 43 | Enabled: true 44 | Mode: watching 45 | RefreshPeriod: 30s 46 | Address: 47 | - 127.0.0.1:2181 48 | GatewayModel: true 49 | EndpointSelectors: 50 | - ExcludeIPRanges: 51 | IPS: 52 | - 10.1.1.1 53 | - matchLabels: 54 | env: prod 55 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/module/testdata/legacy-gw-mode.dynamic.cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha1 2 | kind: RegistrySource 3 | metadata: 4 | name: slime 5 | namespace: default 6 | spec: 7 | zookeeper: 8 | availableInterfaces: 9 | - interface: foo 10 | group: bar 11 | version: v1 12 | globalAbnormalInstanceIPs: 13 | ipset1: 14 | - 1.1.1.1 15 | - 2.2.2.2 16 | ipset2: 17 | - 3.3.3.3 18 | abnormalInstanceIPs: 19 | "foo:bar:v1": 20 | - 4.4.4.4 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/module/testdata/legacy-gw-mode.static.yaml: -------------------------------------------------------------------------------- 1 | name: meshregistry 2 | kind: meshregistry 3 | enable: true 4 | mode: BundleItem 5 | general: 6 | LEGACY: 7 | # override the default value 8 | ExcludedResourceKinds: 9 | - "-" 10 | # override the default value 11 | Snapshots: 12 | - "-" 13 | K8SSource: 14 | Enabled: false 15 | EurekaSource: 16 | Enabled: true 17 | Address: 18 | - "http://127.0.0.1/eureka" 19 | RefreshPeriod: 15s 20 | SvcPort: 80 21 | GatewayModel: true 22 | NacosSource: 23 | Enabled: true 24 | Address: 25 | - "127.0.0.1:8848" 26 | RefreshPeriod: 15s 27 | Mode: polling 28 | SvcPort: 80 29 | GatewayModel: true 30 | ZookeeperSource: 31 | Enabled: true 32 | Mode: watching 33 | RefreshPeriod: 30s 34 | Address: 35 | - 127.0.0.1:2181 36 | GatewayModel: true -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/monitoring/monitoring.go: -------------------------------------------------------------------------------- 1 | package monitoring 2 | 3 | import ( 4 | "time" 5 | 6 | "slime.io/slime/framework/monitoring" 7 | "slime.io/slime/modules/meshregistry/model" 8 | ) 9 | 10 | var ( 11 | // souceLabel is the label for the source of the service entry. 12 | souceLabel = monitoring.MustCreateLabel("source") 13 | // statusLabel is the label for the status of the event. 14 | statusLabel = monitoring.MustCreateLabel("status") 15 | ) 16 | 17 | var ( 18 | 19 | // enabledSource is the number of enabled sources. 20 | enabledSource = monitoring.NewGauge( 21 | model.ModuleName, 22 | "enabled_source", 23 | "Number of enabled sources.", 24 | ) 25 | 26 | // readyTime is the time spent on ready in seconds. 27 | readyTime = monitoring.NewHistogram( 28 | model.ModuleName, 29 | "ready_time", 30 | "Time spent on ready in seconds", 31 | ) 32 | 33 | // mcpPushCount is the number of mcp push. 34 | mcpPushCount = monitoring.NewSum( 35 | model.ModuleName, 36 | "mcp_push_count", 37 | "Number of mcp push.", 38 | ) 39 | ) 40 | 41 | // RecordEnabledSource records the number of enabled sources. 42 | func RecordEnabledSource(count int) { 43 | enabledSource.Record(float64(count)) 44 | } 45 | 46 | // RecordReady records the time spent on ready. 47 | func RecordReady(source string, t0, t1 time.Time) { 48 | readyTime.With(souceLabel.Value(source)).Record(float64(t1.Sub(t0).Seconds())) 49 | } 50 | 51 | // RecordMcpPush records the number of mcp push. 52 | func RecordMcpPush() { 53 | mcpPushCount.Increment() 54 | } 55 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/server/server.go: -------------------------------------------------------------------------------- 1 | /* 2 | * @Author: yangdihang 3 | * @Date: 2020/8/31 4 | */ 5 | 6 | package server 7 | 8 | import ( 9 | "google.golang.org/grpc" 10 | 11 | slimebootstrap "slime.io/slime/framework/bootstrap" 12 | frameworkmodel "slime.io/slime/framework/model" 13 | "slime.io/slime/modules/meshregistry/model" 14 | "slime.io/slime/modules/meshregistry/pkg/bootstrap" 15 | ) 16 | 17 | var log = model.ModuleLog.WithField(frameworkmodel.LogFieldKeyPkg, "server") 18 | 19 | type Server struct { 20 | p *Processing 21 | } 22 | 23 | type Args struct { 24 | SlimeEnv slimebootstrap.Environment 25 | RegistryArgs *bootstrap.RegistryArgs 26 | // AddOnRegArgs should be called only in `new` stage. NOT IN `RUN` stage 27 | AddOnRegArgs func(onConfig func(args *bootstrap.RegistryArgs)) 28 | } 29 | 30 | func NewServer(args *Args) (*Server, error) { 31 | grpc.EnableTracing = args.RegistryArgs.EnableGRPCTracing 32 | proc := NewProcessing(args) 33 | return &Server{ 34 | p: proc, 35 | }, nil 36 | } 37 | 38 | func (s *Server) Run(stop <-chan struct{}) error { 39 | if err := s.p.Start(); err != nil { 40 | return err 41 | } 42 | <-stop 43 | s.p.Stop() 44 | return nil 45 | } 46 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/server/sources.go: -------------------------------------------------------------------------------- 1 | package server 2 | 3 | import ( 4 | // register eureka source 5 | _ "slime.io/slime/modules/meshregistry/pkg/source/eureka" 6 | // register k8s fs source 7 | _ "slime.io/slime/modules/meshregistry/pkg/source/k8s/fs" 8 | // register nacos source 9 | _ "slime.io/slime/modules/meshregistry/pkg/source/nacos" 10 | // register zookeeper source 11 | _ "slime.io/slime/modules/meshregistry/pkg/source/zookeeper" 12 | ) 13 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/eureka/mock_client.go: -------------------------------------------------------------------------------- 1 | package eureka 2 | 3 | import "slime.io/slime/modules/meshregistry/pkg/source/sourcetest" 4 | 5 | var _ Client = (*MockClient)(nil) 6 | 7 | type MockClient struct { 8 | sourcetest.MockPollingClient[application] 9 | } 10 | 11 | func (m *MockClient) Applications() ([]*application, error) { 12 | return m.Services() 13 | } 14 | 15 | func (m *MockClient) RegistryInfo() string { 16 | return m.MockPollingClient.RegistryInfo() 17 | } 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/eureka/testdata/legacy_gateway_mode.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: applicationa.eureka 6 | namespace: eureka 7 | labels: 8 | registry: eureka 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - applicationa.eureka 13 | ports: 14 | - number: 80 15 | protocol: HTTP 16 | name: http-80 17 | resolution: STATIC 18 | endpoints: 19 | - address: 192.168.2.10 20 | ports: 21 | http-80: 8000 22 | labels: 23 | version: 2.1.0 24 | zone: eu-west-1a 25 | - address: 192.168.2.11 26 | ports: 27 | http-80: 8001 28 | labels: 29 | version: 2.1.0 30 | zone: eu-west-1b 31 | --- 32 | kind: ServiceEntry 33 | apiVersion: networking.istio.io/v1alpha3 34 | metadata: 35 | name: applicationb.eureka 36 | namespace: eureka 37 | labels: 38 | registry: eureka 39 | annotations: {} 40 | spec: 41 | hosts: 42 | - applicationb.eureka 43 | ports: 44 | - number: 80 45 | protocol: HTTP 46 | name: http-80 47 | resolution: STATIC 48 | endpoints: 49 | - address: 192.168.3.10 50 | ports: 51 | http-80: 9000 52 | labels: 53 | version: 1.2.0 54 | zone: ap-southeast-1a -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/eureka/testdata/simple.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: applicationa 6 | namespace: eureka 7 | labels: 8 | registry: eureka 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - applicationa 13 | ports: 14 | - number: 8000 15 | protocol: HTTP 16 | name: http-8000 17 | - number: 8001 18 | protocol: HTTP 19 | name: http-8001 20 | resolution: STATIC 21 | endpoints: 22 | - address: 192.168.2.10 23 | ports: 24 | http-8000: 8000 25 | http-8001: 8000 26 | labels: 27 | version: 2.1.0 28 | zone: eu-west-1a 29 | - address: 192.168.2.11 30 | ports: 31 | http-8000: 8001 32 | http-8001: 8001 33 | labels: 34 | version: 2.1.0 35 | zone: eu-west-1b 36 | --- 37 | kind: ServiceEntry 38 | apiVersion: networking.istio.io/v1alpha3 39 | metadata: 40 | name: applicationb 41 | namespace: eureka 42 | labels: 43 | registry: eureka 44 | annotations: {} 45 | spec: 46 | hosts: 47 | - applicationb 48 | ports: 49 | - number: 9000 50 | protocol: HTTP 51 | name: http-9000 52 | resolution: STATIC 53 | endpoints: 54 | - address: 192.168.3.10 55 | ports: 56 | http-9000: 9000 57 | labels: 58 | version: 1.2.0 59 | zone: ap-southeast-1a -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/eureka/testdata/simple_scale_down_instance.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: applicationa 6 | namespace: eureka 7 | labels: 8 | registry: eureka 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - applicationa 13 | ports: 14 | - number: 8000 15 | protocol: HTTP 16 | name: http-8000 17 | resolution: STATIC 18 | endpoints: 19 | - address: 192.168.2.10 20 | ports: 21 | http-8000: 8000 22 | labels: 23 | version: 2.1.0 24 | zone: eu-west-1a 25 | --- 26 | kind: ServiceEntry 27 | apiVersion: networking.istio.io/v1alpha3 28 | metadata: 29 | name: applicationb 30 | namespace: eureka 31 | labels: 32 | registry: eureka 33 | annotations: {} 34 | spec: 35 | hosts: 36 | - applicationb 37 | ports: 38 | - number: 9000 39 | protocol: HTTP 40 | name: http-9000 41 | resolution: STATIC 42 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/k8s/source.go: -------------------------------------------------------------------------------- 1 | package k8s 2 | 3 | import ( 4 | "istio.io/libistio/pkg/config/schema/collection" 5 | "istio.io/libistio/pkg/config/schema/collections" 6 | "istio.io/libistio/pkg/config/schema/resource" 7 | 8 | "slime.io/slime/modules/meshregistry/pkg/bootstrap" 9 | ) 10 | 11 | func BuildKubeSourceSchemas(cols, excludedKinds []string) collection.Schemas { 12 | builder := collection.NewSchemasBuilder() 13 | 14 | colMap := make(map[string]struct{}) 15 | for _, col := range cols { 16 | colMap[col] = struct{}{} 17 | } 18 | excludeKindMap := make(map[string]struct{}) 19 | for _, col := range excludedKinds { 20 | excludeKindMap[col] = struct{}{} 21 | } 22 | schemaMap := make(map[resource.Schema]struct{}) 23 | for col := range colMap { 24 | var schemas collection.Schemas 25 | switch col { 26 | case bootstrap.CollectionsAll: 27 | schemas = collections.All 28 | case bootstrap.CollectionsIstio: 29 | schemas = collections.PilotGatewayAPI() 30 | case bootstrap.CollectionsLegacyDefault: 31 | schemas = collections.LegacyDefault 32 | case bootstrap.CollectionsLegacyLocal: 33 | schemas = collections.LegacyLocalAnalysis 34 | } 35 | for _, s := range schemas.All() { 36 | if _, ok := excludeKindMap[s.Kind()]; ok { 37 | continue 38 | } 39 | schemaMap[s] = struct{}{} 40 | } 41 | } 42 | for s := range schemaMap { 43 | builder.MustAdd(s) 44 | } 45 | return builder.Build() 46 | } 47 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/nacos/mock_client.go: -------------------------------------------------------------------------------- 1 | package nacos 2 | 3 | import "slime.io/slime/modules/meshregistry/pkg/source/sourcetest" 4 | 5 | var _ Client = (*MockClient)(nil) 6 | 7 | type MockClient struct { 8 | sourcetest.MockPollingClient[instanceResp] 9 | } 10 | 11 | func (m *MockClient) Instances() ([]*instanceResp, error) { 12 | return m.Services() 13 | } 14 | 15 | func (m *MockClient) RegistryInfo() string { 16 | return m.MockPollingClient.RegistryInfo() 17 | } 18 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/nacos/testdata/legacy_gateway_mode.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: service-a.nacos 6 | namespace: nacos 7 | labels: 8 | registry: nacos 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - service-a.nacos 13 | ports: 14 | - number: 80 15 | protocol: HTTP 16 | name: http-80 17 | resolution: STATIC 18 | endpoints: 19 | - address: 10.0.0.1 20 | ports: 21 | http-80: 8080 22 | labels: 23 | environment: test 24 | version: v1 25 | - address: 10.0.0.2 26 | ports: 27 | http-80: 8080 28 | labels: 29 | environment: test 30 | version: v2 31 | --- 32 | kind: ServiceEntry 33 | apiVersion: networking.istio.io/v1alpha3 34 | metadata: 35 | name: service-b.nacos 36 | namespace: nacos 37 | labels: 38 | registry: nacos 39 | annotations: {} 40 | spec: 41 | hosts: 42 | - service-b.nacos 43 | ports: 44 | - number: 80 45 | protocol: HTTP 46 | name: http-80 47 | resolution: STATIC 48 | endpoints: 49 | - address: 10.0.1.1 50 | ports: 51 | http-80: 9000 52 | labels: 53 | environment: test 54 | version: v1 -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/nacos/testdata/simple.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: service-a 6 | namespace: nacos 7 | labels: 8 | registry: nacos 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - service-a 13 | ports: 14 | - number: 8080 15 | protocol: HTTP 16 | name: http-8080 17 | resolution: STATIC 18 | endpoints: 19 | - address: 10.0.0.1 20 | ports: 21 | http-8080: 8080 22 | labels: 23 | environment: test 24 | version: v1 25 | - address: 10.0.0.2 26 | ports: 27 | http-8080: 8080 28 | labels: 29 | environment: test 30 | version: v2 31 | --- 32 | kind: ServiceEntry 33 | apiVersion: networking.istio.io/v1alpha3 34 | metadata: 35 | name: service-b 36 | namespace: nacos 37 | labels: 38 | registry: nacos 39 | annotations: {} 40 | spec: 41 | hosts: 42 | - service-b 43 | ports: 44 | - number: 9000 45 | protocol: HTTP 46 | name: http-9000 47 | resolution: STATIC 48 | endpoints: 49 | - address: 10.0.1.1 50 | ports: 51 | http-9000: 9000 52 | labels: 53 | environment: test 54 | version: v1 -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/nacos/testdata/simple_scale_down_instance.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: service-a 6 | namespace: nacos 7 | labels: 8 | registry: nacos 9 | annotations: {} 10 | spec: 11 | hosts: 12 | - service-a 13 | ports: 14 | - number: 8080 15 | protocol: HTTP 16 | name: http-8080 17 | resolution: STATIC 18 | endpoints: 19 | - address: 10.0.0.1 20 | ports: 21 | http-8080: 8080 22 | labels: 23 | environment: test 24 | version: v1 25 | --- 26 | kind: ServiceEntry 27 | apiVersion: networking.istio.io/v1alpha3 28 | metadata: 29 | name: service-b 30 | namespace: nacos 31 | labels: 32 | registry: nacos 33 | annotations: {} 34 | spec: 35 | hosts: 36 | - service-b 37 | ports: 38 | - number: 9000 39 | protocol: HTTP 40 | name: http-9000 41 | resolution: STATIC 42 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/zookeeper/mock_zk.go: -------------------------------------------------------------------------------- 1 | package zookeeper 2 | 3 | import ( 4 | "github.com/go-zookeeper/zk" 5 | 6 | "slime.io/slime/modules/meshregistry/pkg/source/sourcetest" 7 | ) 8 | 9 | var _ ZkConn = (*MockZkConn)(nil) 10 | 11 | type MockZkConn struct { 12 | sourcetest.MockZookeeperClient 13 | } 14 | 15 | func (m *MockZkConn) Store(*zk.Conn) {} 16 | 17 | func (m *MockZkConn) Load() any { 18 | return m.MockZookeeperClient 19 | } 20 | 21 | func (m *MockZkConn) Children(path string) ([]string, error) { 22 | return m.MockZookeeperClient.Children(path) 23 | } 24 | 25 | func (m *MockZkConn) ChildrenW(path string) ([]string, <-chan zk.Event, error) { 26 | return m.MockZookeeperClient.ChildrenW(path) 27 | } 28 | 29 | func (m *MockZkConn) LoadData(path string) error { 30 | return m.MockZookeeperClient.Load(path) 31 | } 32 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/source/zookeeper/testdata/simple_scale_down_instance.expected.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceEntry 3 | apiVersion: networking.istio.io/v1alpha3 4 | metadata: 5 | name: com.example.service.ServiceA:g:0.0.2 6 | namespace: dubbo 7 | labels: 8 | path: com.example.service.ServiceA 9 | registry: zookeeper 10 | annotations: {} 11 | spec: 12 | hosts: 13 | - 'com.example.service.ServiceA:g:0.0.2' 14 | ports: 15 | - number: 20880 16 | protocol: DUBBO 17 | name: dubbo-20880 18 | resolution: STATIC 19 | endpoints: 20 | - address: 10.0.0.2 21 | ports: 22 | dubbo-20880: 20880 23 | labels: 24 | application: service-a 25 | group: g 26 | interface: com.example.service.ServiceA 27 | side: provider 28 | version: 0.0.2 29 | --- 30 | kind: ServiceEntry 31 | apiVersion: networking.istio.io/v1alpha3 32 | metadata: 33 | name: com.example.service.ServiceB:g2:0.0.1 34 | namespace: dubbo 35 | labels: 36 | path: com.example.service.ServiceB 37 | registry: zookeeper 38 | annotations: {} 39 | spec: 40 | hosts: 41 | - 'com.example.service.ServiceB:g2:0.0.1' 42 | ports: 43 | - number: 20881 44 | protocol: DUBBO 45 | name: dubbo-20881 46 | resolution: STATIC 47 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/util/cache/nodeCache.go: -------------------------------------------------------------------------------- 1 | // nolint: unused 2 | package cache 3 | 4 | import ( 5 | v1 "k8s.io/api/core/v1" 6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 | "k8s.io/client-go/tools/cache" 8 | 9 | "slime.io/slime/modules/meshregistry/pkg/multicluster" 10 | ) 11 | 12 | var K8sNodeCaches = &cacheHandler[*metav1.ObjectMeta, *v1.Node]{ 13 | objectHandler: nodeHandler{}, 14 | } 15 | 16 | type nodeHandler struct{} 17 | 18 | func (h nodeHandler) informer(cluster *multicluster.Cluster) cache.SharedIndexInformer { 19 | return cluster.KubeInformer.Core().V1().Nodes().Informer() 20 | } 21 | 22 | func (h nodeHandler) meta(meta *metav1.ObjectMeta) *metav1.ObjectMeta { 23 | return meta 24 | } 25 | 26 | func (h nodeHandler) hostKey(meta *metav1.ObjectMeta) string { 27 | return meta.Name 28 | } 29 | 30 | func (h nodeHandler) onAdd(n *v1.Node) (string, *metav1.ObjectMeta, bool) { 31 | return h.onUpdate(nil, n) 32 | } 33 | 34 | func (h nodeHandler) onUpdate(_, n *v1.Node) (string, *metav1.ObjectMeta, bool) { 35 | if n != nil { 36 | n.ObjectMeta.ManagedFields = nil // ignore managed fields 37 | return n.Name, &n.ObjectMeta, true 38 | } 39 | return "", nil, false 40 | } 41 | 42 | func (h nodeHandler) onDelete(n *v1.Node) (string, bool) { 43 | if n != nil { 44 | return n.Name, true 45 | } 46 | return "", false 47 | } 48 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/util/signal.go: -------------------------------------------------------------------------------- 1 | /* 2 | * @Author: yangdihang 3 | * @Date: 2020/8/31 4 | */ 5 | 6 | package util 7 | 8 | import ( 9 | "os" 10 | "os/signal" 11 | "syscall" 12 | ) 13 | 14 | // WaitSignal awaits for SIGINT or SIGTERM and closes the channel 15 | func WaitSignal(stop chan struct{}) { 16 | sigs := make(chan os.Signal, 1) 17 | signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) 18 | <-sigs 19 | close(stop) 20 | } 21 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/util/util.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "encoding/json" 5 | "errors" 6 | "time" 7 | 8 | frameworkmodel "slime.io/slime/framework/model" 9 | "slime.io/slime/modules/meshregistry/model" 10 | ) 11 | 12 | var log = model.ModuleLog.WithField(frameworkmodel.LogFieldKeyPkg, "util") 13 | 14 | var ErrValue = errors.New("value error") 15 | 16 | type Duration time.Duration 17 | 18 | func (d Duration) MarshalJSON() ([]byte, error) { 19 | return json.Marshal(time.Duration(d).String()) 20 | } 21 | 22 | func (d *Duration) UnmarshalJSON(b []byte) error { 23 | var v string 24 | if err := json.Unmarshal(b, &v); err != nil { 25 | return err 26 | } 27 | 28 | du, err := time.ParseDuration(v) 29 | if err != nil { 30 | return err 31 | } 32 | 33 | *d = Duration(du) 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/pkg/util/util_test.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "encoding/json" 5 | "testing" 6 | "time" 7 | ) 8 | 9 | func TestDuration_MarshalJSON(t *testing.T) { 10 | type tp struct { 11 | D Duration 12 | } 13 | 14 | v := tp{D: Duration(2 * time.Second)} 15 | bs, err := json.Marshal(v) 16 | if err != nil { 17 | t.Fatal(err) 18 | } 19 | 20 | var v1 tp 21 | if err = json.Unmarshal(bs, &v1); err != nil { 22 | t.Fatalf("%s %v", string(bs), err) 23 | } 24 | 25 | if v != v1 { 26 | t.Fatalf("%+v %+v", v, v1) 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/meshregistry/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | export MOD=meshregistry 4 | 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use distroless as minimal base image to package the manager binary 2 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 3 | ARG BASE_IMAGE 4 | FROM ${BASE_IMAGE} 5 | 6 | WORKDIR / 7 | COPY manager.exe ./manager 8 | 9 | ENTRYPOINT ["/manager"] -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/PROJECT: -------------------------------------------------------------------------------- 1 | domain: my.domain 2 | repo: slime.io/slime 3 | resources: 4 | - group: microservice.slime.io 5 | kind: PluginManager 6 | version: v1alpha1 7 | - group: microservice.slime.io 8 | kind: EnvoyPlugin 9 | version: v1alpha1 10 | version: "2" 11 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/config/plugin_module.proto: -------------------------------------------------------------------------------- 1 | /* 2 | * @Author: wangchenyu 3 | * @Date: 2022/2/23 4 | */ 5 | 6 | syntax = "proto3"; 7 | 8 | import "google/protobuf/struct.proto"; 9 | 10 | package slime.microservice.plugin.config; 11 | 12 | option go_package = "slime.io/slime/modules/plugin/api/config"; 13 | 14 | message PluginModule { 15 | // by typeURL 16 | map configDiscoveryDefaultConfig = 1; 17 | 18 | // A regular expression in golang regex format (RE2) that can be used to select proxies using a specific version of istio proxy to apply plugin envoyfilter. 19 | // refer to https://istio.io/latest/docs/reference/config/networking/envoy-filter/#EnvoyFilter-ProxyMatch 20 | string proxyVersion = 2; 21 | } 22 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/config/plugin_module_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using PluginModule within kubernetes types, where deepcopy-gen is used. 9 | func (in *PluginModule) DeepCopyInto(out *PluginModule) { 10 | p := proto.Clone(in).(*PluginModule) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginModule. Required by controller-gen. 15 | func (in *PluginModule) DeepCopy() *PluginModule { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(PluginModule) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PluginModule. Required by controller-gen. 25 | func (in *PluginModule) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/config/plugin_module_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package config 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for PluginModule 10 | func (this *PluginModule) MarshalJSON() ([]byte, error) { 11 | str, err := PluginModuleMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for PluginModule 16 | func (this *PluginModule) UnmarshalJSON(b []byte) error { 17 | return PluginModuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | PluginModuleMarshaler = &jsonpb.Marshaler{} 22 | PluginModuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/v1alpha1/envoy_plugin_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for WorkloadSelector 10 | func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { 11 | str, err := EnvoyPluginMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for WorkloadSelector 16 | func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { 17 | return EnvoyPluginUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for EnvoyPluginSpec 21 | func (this *EnvoyPluginSpec) MarshalJSON() ([]byte, error) { 22 | str, err := EnvoyPluginMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for EnvoyPluginSpec 27 | func (this *EnvoyPluginSpec) UnmarshalJSON(b []byte) error { 28 | return EnvoyPluginUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for EnvoyPluginSpec_Listener 32 | func (this *EnvoyPluginSpec_Listener) MarshalJSON() ([]byte, error) { 33 | str, err := EnvoyPluginMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for EnvoyPluginSpec_Listener 38 | func (this *EnvoyPluginSpec_Listener) UnmarshalJSON(b []byte) error { 39 | return EnvoyPluginUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | var ( 43 | EnvoyPluginMarshaler = &jsonpb.Marshaler{} 44 | EnvoyPluginUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 45 | ) 46 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the microservice.slime.io v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=microservice.slime.io 20 | package v1alpha1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "microservice.slime.io", Version: "v1alpha1"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/api/v1alpha1/types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | //+kubebuilder:object:root=true 8 | 9 | // EnvoyPlugin is the Schema for the EnvoyPlugin API 10 | type EnvoyPlugin struct { 11 | metav1.TypeMeta `json:",inline"` 12 | metav1.ObjectMeta `json:"metadata,omitempty"` 13 | 14 | Spec EnvoyPluginSpec `json:"spec,omitempty"` 15 | } 16 | 17 | //+kubebuilder:object:root=true 18 | 19 | // EnvoyPluginList contains a list of EnvoyPlugin 20 | type EnvoyPluginList struct { 21 | metav1.TypeMeta `json:",inline"` 22 | metav1.ListMeta `json:"metadata,omitempty"` 23 | Items []EnvoyPlugin `json:"items"` 24 | } 25 | 26 | //+kubebuilder:object:root=true 27 | 28 | // PluginManager is the Schema for the PluginManager API 29 | type PluginManager struct { 30 | metav1.TypeMeta `json:",inline"` 31 | metav1.ObjectMeta `json:"metadata,omitempty"` 32 | 33 | Spec PluginManagerSpec `json:"spec,omitempty"` 34 | } 35 | 36 | //+kubebuilder:object:root=true 37 | 38 | // PluginManagerList contains a list of PluginManager 39 | type PluginManagerList struct { 40 | metav1.TypeMeta `json:",inline"` 41 | metav1.ListMeta `json:"metadata,omitempty"` 42 | Items []PluginManager `json:"items"` 43 | } 44 | 45 | func init() { 46 | SchemeBuilder.Register(&EnvoyPlugin{}, &EnvoyPluginList{}) 47 | SchemeBuilder.Register(&PluginManager{}, &PluginManagerList{}) 48 | } 49 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/charts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/slime-io/slime/043e38df95fa5c65e17fb4b12d8382ce8389afd4/staging/src/slime.io/slime/modules/plugin/charts/values.yaml -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/controllers.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "k8s.io/apimachinery/pkg/types" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | "slime.io/slime/modules/plugin/model" 8 | ) 9 | 10 | var ( 11 | log = model.ModuleLog.WithField(frameworkmodel.LogFieldKeyPkg, "controllers") 12 | emptyNN = types.NamespacedName{} 13 | ) 14 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/conversion_test.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "testing" 5 | 6 | "slime.io/slime/framework/util" 7 | "slime.io/slime/modules/plugin/api/v1alpha1" 8 | ) 9 | 10 | func TestPluginManagerReconciler_getListenerFilterName(t *testing.T) { 11 | tests := []struct { 12 | name string 13 | in *v1alpha1.Plugin 14 | want string 15 | }{ 16 | { 17 | name: "http connection manager", 18 | in: &v1alpha1.Plugin{ 19 | Protocol: v1alpha1.Plugin_HTTP, 20 | }, 21 | want: util.EnvoyHTTPConnectionManager, 22 | }, 23 | { 24 | name: "dubbo proxy", 25 | in: &v1alpha1.Plugin{ 26 | Protocol: v1alpha1.Plugin_Dubbo, 27 | }, 28 | want: util.EnvoyDubboProxy, 29 | }, 30 | { 31 | name: "generic proxy", 32 | in: &v1alpha1.Plugin{ 33 | Protocol: v1alpha1.Plugin_Generic, 34 | GenericAppProtocol: "thrift", 35 | }, 36 | want: util.EnvoyGenericProxyPrefix + "thrift", 37 | }, 38 | { 39 | name: "unknown protocol", 40 | in: &v1alpha1.Plugin{ 41 | Protocol: v1alpha1.Plugin_Protocol(100), 42 | }, 43 | want: "", 44 | }, 45 | } 46 | r := &PluginManagerReconciler{} 47 | for _, tt := range tests { 48 | t.Run(tt.name, func(t *testing.T) { 49 | if got := r.getListenerFilterName(tt.in); got != tt.want { 50 | t.Errorf("PluginManagerReconciler.getListenerFilterName() = %v, want %v", got, tt.want) 51 | } 52 | }) 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/monitoring.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "slime.io/slime/framework/monitoring" 5 | "slime.io/slime/modules/plugin/model" 6 | ) 7 | 8 | var ( 9 | resourceName = monitoring.MustCreateLabel("resourceName") 10 | 11 | EnvoypluginReconciles = monitoring.NewSum( 12 | model.ModuleName, 13 | "envoyplugin_reconciles", 14 | "total number of envoyplugin reconciles", 15 | ) 16 | 17 | EnvoypluginReconcilesFailed = monitoring.NewSum( 18 | model.ModuleName, 19 | "envoyplugin_reconciles_failed", 20 | "total number of envoyplugin reconciles failed", 21 | ) 22 | 23 | PluginManagerReconciles = monitoring.NewSum( 24 | model.ModuleName, 25 | "pluginmanager_reconciles", 26 | "total number of pluginmanager reconciles", 27 | ) 28 | 29 | PluginManagerReconcilesFailed = monitoring.NewSum( 30 | model.ModuleName, 31 | "pluginmanager_reconciles_failed", 32 | "total number of pluginmanager reconciles failed", 33 | ) 34 | 35 | EnvoyfilterCreations = monitoring.NewSum( 36 | model.ModuleName, 37 | "envoyfilter_creations", 38 | "total number of envoyfilter creations", 39 | ) 40 | 41 | EnvoyfilterCreationsFailed = monitoring.NewSum( 42 | model.ModuleName, 43 | "envoyfilter_creations_failed", 44 | "total number of envoyfilter creations failed", 45 | ) 46 | 47 | EnvoyfilterRefreshes = monitoring.NewSum( 48 | model.ModuleName, 49 | "envoyfilter_refreshes", 50 | "total number of envoyfilter refreshes", 51 | ) 52 | ) 53 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/testdata/gateway_rc_patch.ep.expect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: gateway-rc-patch 5 | namespace: default 6 | labels: 7 | istio.io/rev: default 8 | spec: 9 | configPatches: 10 | - applyTo: ROUTE_CONFIGURATION 11 | match: 12 | context: GATEWAY 13 | routeConfiguration: 14 | name: http.80 15 | patch: 16 | operation: MERGE 17 | value: 18 | typedPerFilterConfig: 19 | envoy.filters.http.fault: 20 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 21 | type_url: "" 22 | value: 23 | abort: 24 | http_status: 429 25 | percentage: 26 | denominator: HUNDRED 27 | numerator: 30 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/testdata/gateway_rc_patch.ep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha1 2 | kind: EnvoyPlugin 3 | metadata: 4 | name: gateway-rc-patch 5 | namespace: default 6 | labels: 7 | istio.io/rev: default 8 | spec: 9 | listener: 10 | - port: 80 11 | portName: http 12 | plugins: 13 | - enable: true 14 | inline: 15 | settings: 16 | abort: 17 | http_status: 429 18 | percentage: 19 | denominator: HUNDRED 20 | numerator: 30 21 | listenerType: Gateway 22 | name: envoy.filters.http.fault 23 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/testdata/gateway_sample.plm.expect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: gateway-sample 7 | namespace: default 8 | spec: 9 | configPatches: 10 | - applyTo: HTTP_FILTER 11 | match: 12 | context: GATEWAY 13 | listener: 14 | filterChain: 15 | filter: 16 | name: envoy.filters.network.http_connection_manager 17 | subFilter: 18 | name: envoy.filters.http.router 19 | portNumber: 80 20 | patch: 21 | operation: INSERT_BEFORE 22 | value: 23 | disabled: true 24 | name: envoy.filters.http.fault 25 | typed_config: 26 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 27 | type_url: "" 28 | value: {} 29 | - applyTo: HTTP_FILTER 30 | match: 31 | context: GATEWAY 32 | listener: 33 | filterChain: 34 | filter: 35 | name: envoy.filters.network.http_connection_manager 36 | subFilter: 37 | name: envoy.filters.http.router 38 | portNumber: 80 39 | patch: 40 | operation: INSERT_BEFORE 41 | value: 42 | disabled: true 43 | name: envoy.filters.http.rbac 44 | typed_config: 45 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 46 | type_url: "" 47 | value: {} 48 | workloadSelector: {} -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/controllers/testdata/gateway_sample.plm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: microservice.slime.io/v1alpha1 2 | kind: PluginManager 3 | metadata: 4 | labels: 5 | istio.io/rev: default 6 | name: gateway-sample 7 | namespace: default 8 | spec: 9 | plugin: 10 | - disableOnFilterLevel: true 11 | enable: true 12 | inline: {} 13 | listenerType: Gateway 14 | name: envoy.filters.http.fault 15 | port: 80 16 | - disableOnFilterLevel: true 17 | enable: true 18 | inline: {} 19 | listenerType: Gateway 20 | name: envoy.filters.http.rbac 21 | port: 80 22 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/install/samples/plugin/slimeboot_plugin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.netease.com/v1alpha1 2 | kind: SlimeBoot 3 | metadata: 4 | name: plugin 5 | namespace: mesh-operator 6 | spec: 7 | image: 8 | pullPolicy: Always 9 | repository: docker.io/slimeio/slime-plugin 10 | tag: v0.9.0 11 | module: 12 | - name: plugin 13 | kind: plugin 14 | enable: true 15 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "slime.io/slime/framework/model/module" 21 | "slime.io/slime/modules/plugin/model" 22 | modmodule "slime.io/slime/modules/plugin/module" 23 | ) 24 | 25 | func main() { 26 | module.Main(model.ModuleName, []module.Module{&modmodule.Module{}}) 27 | } 28 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/model/model.go: -------------------------------------------------------------------------------- 1 | package model 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | 6 | frameworkmodel "slime.io/slime/framework/model" 7 | ) 8 | 9 | const ModuleName = "plugin" 10 | 11 | var ModuleLog = logrus.WithField(frameworkmodel.LogFieldKeyModule, ModuleName) 12 | -------------------------------------------------------------------------------- /staging/src/slime.io/slime/modules/plugin/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | source *.env.sh 2>/dev/null 4 | export MOD=plugin 5 | if [[ "$1" == "publish" || "$1" == "copy" ]]; then 6 | ../../../../../../bin/multiarch.sh "$@" 7 | else 8 | ../../../../../../bin/publish.sh "$@" 9 | fi 10 | 11 | --------------------------------------------------------------------------------