aeraki support other namespace install option (#327)

Signed-off-by: chentanjun <tanjunchen20@gmail.com>
aeraki-mesh · Apr 5, 2023 · 34e75f5 · 34e75f5
1 parent c0b0898
commit 34e75f5
Show file tree

Hide file tree

Showing 24 changed files with 168 additions and 106 deletions.
diff --git a/Makefile b/Makefile
@@ -31,8 +31,11 @@ endif
 
 OUT?=./out
 DOCKER_TMP?=$(OUT)/docker_temp/
-DOCKER_TAG_E2E?=ghcr.io/aeraki-mesh/aeraki:`git log --format="%H" -n 1`
-DOCKER_TAG?=ghcr.io/aeraki-mesh/aeraki:$(IMAGE_TAG)
+DOCKER_REPO?=ghcr.io/aeraki-mesh
+DOCKER_IMAGE_NAME?=aeraki
+DOCKER_IMAGE?=$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)
+DOCKER_TAG_E2E?=$(DOCKER_IMAGE):`git log --format="%H" -n 1`
+DOCKER_TAG?=$(DOCKER_IMAGE):$(IMAGE_TAG)
 BINARY_NAME?=$(OUT)/aeraki
 BINARY_NAME_DARWIN?=$(BINARY_NAME)-darwin
 MAIN_PATH_CONSUL_MCP=./cmd/aeraki/main.go

diff --git a/cmd/aeraki/main.go b/cmd/aeraki/main.go
@@ -24,6 +24,7 @@ import (
 	"github.com/google/uuid"
 
 	"github.com/aeraki-mesh/aeraki/pkg/bootstrap"
+	"github.com/aeraki-mesh/aeraki/pkg/config/constants"
 	"github.com/aeraki-mesh/aeraki/pkg/envoyfilter"
 	"github.com/aeraki-mesh/aeraki/pkg/model/protocol"
 	"github.com/aeraki-mesh/aeraki/plugin/kafka"
@@ -38,7 +39,6 @@ import (
 const (
 	defaultIstiodAddr        = "istiod.istio-system:15010"
 	defaultRootNamespace     = "istio-system"
-	defaultXdsAddr           = ":15010"
 	defaultElectionID        = "aeraki-controller"
 	defaultLogLevel          = "all:info"
 	defaultConfigStoreSecret = ""
@@ -49,11 +49,12 @@ const (
 func main() {
 	args := bootstrap.NewAerakiArgs()
 	flag.BoolVar(&args.Master, "master", true, "Istiod xds server address")
+	flag.StringVar(&args.AerakiXdsAddr, "aeraki-xds-address", constants.DefaultAerakiXdsAddr, "Aeraki xds server address")
+	flag.StringVar(&args.AerakiXdsPort, "aeraki-xds-port", constants.DefaultAerakiXdsPort, "Aeraki xds server port")
 	flag.StringVar(&args.IstiodAddr, "istiod-address", defaultIstiodAddr, "Istiod xds server address")
 	flag.StringVar(&args.IstioConfigMapName, "istiod-configMap-name", defaultMeshConfigMapName, "Istiod configMap name")
 	flag.StringVar(&args.RootNamespace, "root-namespace", defaultRootNamespace, "The Root Namespace of Aeraki")
 	flag.StringVar(&args.ClusterID, "cluster-id", "", "The cluster where Aeraki is deployed")
-	flag.StringVar(&args.XdsAddr, "xds-listen-address", defaultXdsAddr, "Istiod xds server port")
 	flag.StringVar(&args.ConfigStoreSecret, "config-store-secret", defaultConfigStoreSecret,
 		"The secret to store the Istio kube config store, use the in cluster API server if it's not specified")
 	flag.StringVar(&args.ElectionID, "election-id", defaultElectionID, "ElectionID to elect master controller")
@@ -68,10 +69,14 @@ func main() {
 	if args.ServerID == "" {
 		args.ServerID = "Aeraki-" + uuid.New().String()
 	}
+
 	args.PodName = env.RegisterStringVar("POD_NAME", args.ServerID, "").Get()
 	args.RootNamespace = env.RegisterStringVar("AERAKI_NAMESPACE", args.RootNamespace, "").Get()
 	args.EnableEnvoyFilterNSScope = env.RegisterBoolVar("AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE",
 		args.EnableEnvoyFilterNSScope, "").Get()
+	args.IstiodAddr = env.RegisterStringVar("AERAKI_ISTIOD_ADDR", args.IstiodAddr, "").Get()
+	args.AerakiXdsAddr = env.RegisterStringVar("AERAKI_XDS_ADDR", constants.DefaultAerakiXdsAddr, "").Get()
+	args.AerakiXdsPort = env.RegisterStringVar("AERAKI_XDS_PORT", constants.DefaultAerakiXdsPort, "").Get()
 
 	flag.VisitAll(func(flag *flag.Flag) {
 		log.Infof("Aeraki parameter: %s: %v", flag.Name, flag.Value)

diff --git a/demo/common_func.sh b/demo/common_func.sh
@@ -23,7 +23,7 @@ function LabelIstioInjectLabel()
 	echo $ns
 	label=`kubectl get po -n ${ISTIO_NAMESPACE}  |grep istiod | awk '{print $1}'  |xargs kubectl get po  -o yaml  -n ${ISTIO_NAMESPACE}  |grep -A 1 REVIS |grep value:  |awk  '{print $2}'`
 	echo $label
-	if [ $label != "" ];then
+	if [ "$label" != "" ];then
 		kubectl label namespace $ns istio.io/rev=$label --overwrite
 	else
 		kubectl label namespace $ns istio-injection=enabled --overwrite=true

diff --git a/demo/gateway/demo-ingress.yaml b/demo/gateway/demo-ingress.yaml
@@ -54,20 +54,20 @@ spec:
     - port: 20001
     route:
     - destination:
-        host: kiali.istio-system.svc.cluster.local
+        host: kiali.${ISTIO_NAMESPACE}.svc.cluster.local
         port:
           number: 20001
   - match:
     - port: 3000
     route:
     - destination:
-        host: grafana.istio-system.svc.cluster.local
+        host: grafana.${ISTIO_NAMESPACE}.svc.cluster.local
         port:
           number: 3000
   - match:
     - port: 9090
     route:
     - destination:
-        host: prometheus.istio-system.svc.cluster.local
+        host: prometheus.${ISTIO_NAMESPACE}.svc.cluster.local
         port:
           number: 9090
diff --git a/demo/install-aeraki.sh b/demo/install-aeraki.sh
@@ -19,12 +19,4 @@ BASEDIR=$(dirname "$0")/..
 SCRIPTS_DIR=$BASEDIR/test/e2e/scripts
 COMMON_DIR=$BASEDIR/test/e2e/common
 
-if [ -z "$AERAKI_TAG" ]; then
-  export AERAKI_TAG=1.2.3
-fi
-
-if [ -z "$AERAKI_IMG_PULL_POLICY" ]; then
-  export AERAKI_IMG_PULL_POLICY=Always
-fi
-
 bash ${SCRIPTS_DIR}/aeraki.sh $1
diff --git a/demo/uninstall-aeraki.sh b/demo/uninstall-aeraki.sh
@@ -16,6 +16,14 @@ BASEDIR=$(dirname "$0")/..
 
 MODE=$1
 
+if [ -z "$ISTIO_NAMESPACE" ]; then
+  export ISTIO_NAMESPACE="istio-system"
+fi
+
+if [ -z "$AERAKI_NAMESPACE" ]; then
+  export AERAKI_NAMESPACE=${ISTIO_NAMESPACE}
+fi
+
 if [ "${MODE}" == "tcm" ]; then
   kubectl delete -f $BASEDIR/k8s/tcm-apiservice.yaml
   kubectl delete -f $BASEDIR/k8s/tcm-istio-cm.yaml
@@ -24,3 +32,4 @@ else
   kubectl delete -f $BASEDIR/k8s/crd.yaml
 fi
 
+kubectl delete validatingwebhookconfigurations aeraki-${AERAKI_NAMESPACE} || true
diff --git a/demo/uninstall-demo.sh b/demo/uninstall-demo.sh
@@ -18,7 +18,7 @@ SCRIPTS_DIR=$BASEDIR/test/e2e/scripts
 
 bash ${SCRIPTS_DIR}/uninstall-addons.sh
 bash ${SCRIPTS_DIR}/uninstall-istio.sh
-bash uninstall-aeraki.sh
+bash demo/uninstall-aeraki.sh
 
 DEMO=$1
 if [ "${DEMO}" == "default" ]

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -15,25 +15,6 @@
 # FROM ubuntu:bionic
 # FROM praqma/network-multitool
 FROM alpine:3.13.5
-ENV AERAKI_ISTIOD_ADDR="istiod.istio-system:15010"
-ENV AERAKI_NAMESPACE="istio-system"
-ENV AERAKI_ISTIO_CONFIG_STORE_SECRET=""
-ENV AERAKI_XDS_LISTEN_ADDR=":15010"
-ENV AERAKI_LOG_LEVEL="all:info"
-ENV AERAKI_SERVER_ID=""
-ENV AERAKI_CLUSTER_ID=""
-ENV AERAKI_IS_MASTER="true"
-ENV AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE="false"
-
 
 COPY aeraki /usr/local/bin/
-ENTRYPOINT /usr/local/bin/aeraki                                                     \
-           -istiod-address=$AERAKI_ISTIOD_ADDR                                       \
-           -root-namespace=$AERAKI_NAMESPACE                                              \
-           -cluster-id=$AERAKI_CLUSTER_ID                                            \
-           -config-store-secret=$AERAKI_ISTIO_CONFIG_STORE_SECRET                    \
-           -xds-listen-address=$AERAKI_XDS_LISTEN_ADDR                               \
-           -log-level=$AERAKI_LOG_LEVEL                                              \
-           -server-id=$AERAKI_SERVER_ID                                              \
-           -master=$AERAKI_IS_MASTER                                                 \
-           -enable-envoy-filter-namespace-scope=$AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE \
+ENTRYPOINT /usr/local/bin/aeraki
diff --git a/k8s/aeraki.yaml b/k8s/aeraki.yaml
@@ -35,16 +35,16 @@ spec:
       serviceAccountName: aeraki
       containers:
         - name: aeraki
-          image: ghcr.io/aeraki-mesh/aeraki:${AERAKI_TAG}
+          image: ${AERAKI_IMAGE}:${AERAKI_TAG}
+          # imagePullPolicy should be set to Never so Minikube can use local image for e2e testing
+          imagePullPolicy: ${AERAKI_IMG_PULL_POLICY}
           resources:
             requests:
               memory: "1Gi"
               cpu: "250m"
             limits:
               memory: "4Gi"
               cpu: "1000m"
-          # imagePullPolicy should be set to Never so Minikube can use local image for e2e testing
-          imagePullPolicy: ${AERAKI_IMG_PULL_POLICY}
           env:
             - name: AERAKI_IS_MASTER
               value: "${AERAKI_IS_MASTER}"
@@ -55,8 +55,10 @@ spec:
             # In case of TCM, Istio config store can be a different k8s API server from the one Aeraki is running with
             - name: AERAKI_ISTIO_CONFIG_STORE_SECRET
               value: ${AERAKI_ISTIO_CONFIG_STORE_SECRET}
-            - name: AERAKI_XDS_LISTEN_ADDR
-              value: ":15010"
+            - name: AERAKI_XDS_ADDR
+              value: ${AERAKI_XDS_ADDR}
+            - name: AERAKI_XDS_PORT
+              value: ${AERAKI_XDS_PORT}
             - name: AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE
               # False(Default): The generated envoyFilters will be placed under Istio root namespace
               # True: The generated envoyFilters will be placed under the service namespace

diff --git a/manifests/charts/aeraki/templates/deployment.yaml b/manifests/charts/aeraki/templates/deployment.yaml
@@ -53,8 +53,10 @@ spec:
             # In case of TCM, Istio config store can be a different k8s API server from the one Aeraki is running with
             - name: AERAKI_ISTIO_CONFIG_STORE_SECRET
               value: {{ .Values.AERAKI_ENV.AERAKI_ISTIO_CONFIG_STORE_SECRET }}
-            - name: AERAKI_XDS_LISTEN_ADDR
-              value: {{ .Values.AERAKI_ENV.AERAKI_XDS_LISTEN_ADDR }}
+            - name: AERAKI_XDS_ADDR
+              value: {{ .Values.AERAKI_ENV.AERAKI_XDS_ADDR }}
+            - name: AERAKI_XDS_PORT
+              value: { { .Values.AERAKI_ENV.AERAKI_XDS_PORT } }
             - name: AERAKI_LOG_LEVEL
               value: {{ .Values.AERAKI_ENV.AERAKI_LOG_LEVEL }}
             - name: AERAKI_NAMESPACE
@@ -71,18 +73,18 @@ spec:
               readOnly: true
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-#          ports:
-#            - name: http
-#              containerPort: 80
-#              protocol: TCP
-#          livenessProbe:
-#            httpGet:
-#              path: /
-#              port: http
-#          readinessProbe:
-#            httpGet:
-#              path: /
-#              port: http
+      #          ports:
+      #            - name: http
+      #              containerPort: 80
+      #              protocol: TCP
+      #          livenessProbe:
+      #            httpGet:
+      #              path: /
+      #              port: http
+      #          readinessProbe:
+      #            httpGet:
+      #              path: /
+      #              port: http
       volumes:
         - name: istiod-ca-cert
           configMap:
@@ -99,4 +101,4 @@ spec:
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}
diff --git a/manifests/charts/aeraki/values.yaml b/manifests/charts/aeraki/values.yaml
@@ -30,7 +30,8 @@ AERAKI_ENV:
   AERAKI_ISTIOD_ADDR: "istiod.istio-system:15010"
   AERAKI_CLUSTER_ID:
   AERAKI_ISTIO_CONFIG_STORE_SECRET:
-  AERAKI_XDS_LISTEN_ADDR: ":15010"
+  AERAKI_XDS_ADDR: "aeraki.istio-system"
+  AERAKI_XDS_PORT: ":15010"
   AERAKI_LOG_LEVEL: "all:debug"
   AERAKI_ISTIOD_CONFIGMAP_NAME: "istio"
 
@@ -51,15 +52,15 @@ podAnnotations:
   sidecar.istio.io/inject: "false"
 
 podSecurityContext: {}
-  # fsGroup: 2000
+# fsGroup: 2000
 
 securityContext: {}
   # capabilities:
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
-  # runAsUser: 1000
+# runAsUser: 1000
 
 service:
   create: false
@@ -76,7 +77,7 @@ resources: {}
   #   memory: 128Mi
   # requests:
   #   cpu: 100m
-  #   memory: 128Mi
+#   memory: 128Mi
 #  requests:
 #    cpu: 500m
 #    memory: 2048Mi

diff --git a/pkg/bootstrap/options.go b/pkg/bootstrap/options.go
@@ -23,7 +23,8 @@ import (
 type AerakiArgs struct {
 	Master             bool
 	IstiodAddr         string
-	XdsAddr            string
+	AerakiXdsAddr      string
+	AerakiXdsPort      string
 	PodName            string
 	IstioConfigMapName string
 	// The listening address for HTTPS (webhooks).

diff --git a/pkg/bootstrap/server.go b/pkg/bootstrap/server.go
@@ -114,7 +114,7 @@ func NewServer(args *AerakiArgs) (*Server, error) {
 		routeCacheMgr.ConfigUpdated(prev, curr, event)
 	})
 	// xdsServer is the RDS server for metaProtocol proxy
-	xdsServer := xds.NewServer(args.XdsAddr, routeCacheMgr)
+	xdsServer := xds.NewServer(args.AerakiXdsPort, routeCacheMgr)
 
 	// crdCtrlMgr watches Aeraki CRDs,  such as MetaRouter, ApplicationProtocol, etc.
 	scalableCtrlMgr, err := createScalableControllers(args, kubeConfig, envoyFilterController, routeCacheMgr)
@@ -224,7 +224,7 @@ func createSingletonControllers(args *AerakiArgs, kubeConfig *rest.Config) (mana
 	if err != nil {
 		aerakiLog.Fatalf("could not add ServiceEntryController: %e", err)
 	}
-	err = kube.AddNamespaceController(mgr)
+	err = kube.AddNamespaceController(mgr, args.AerakiXdsAddr, args.AerakiXdsPort)
 	if err != nil {
 		aerakiLog.Fatalf("could not add NamespaceController: %e", err)
 	}
@@ -274,7 +274,7 @@ func (s *Server) Start(stop <-chan struct{}) {
 	}()
 
 	go func() {
-		aerakiLog.Infof("starting MetaProtocol RDS server, listening on %s", s.args.XdsAddr)
+		aerakiLog.Infof("starting MetaProtocol RDS server, listening on %s", s.args.AerakiXdsPort)
 		s.xdsServer.Run(stop)
 	}()
 

diff --git a/pkg/config/constants/constants.go b/pkg/config/constants/constants.go
@@ -17,4 +17,8 @@ package constants
 const (
 	// AerakiFieldManager is the FileldManager for Aeraki CRDs
 	AerakiFieldManager = "Aeraki"
+	// DefaultAerakiXdsPort is the default value for Aeraki xds port
+	DefaultAerakiXdsPort = ":15010"
+	// DefaultAerakiXdsAddr is the default value for Aeraki xds address
+	DefaultAerakiXdsAddr = "aeraki.istio-system"
 )
diff --git a/pkg/controller/kube/namesapce.go b/pkg/controller/kube/namesapce.go
@@ -50,6 +50,8 @@ var (
 // namespaceController creates bootstrap configMap for sidecar proxies
 type namespaceController struct {
 	controllerclient.Client
+	AerakiAddr string
+	AerakiPort string
 }
 
 // Reconcile watch namespace change and create bootstrap configmap for sidecar proxies
@@ -73,9 +75,11 @@ func (c *namespaceController) Reconcile(ctx context.Context, request reconcile.R
 }
 
 // AddNamespaceController adds namespaceController
-func AddNamespaceController(mgr manager.Manager) error {
+func AddNamespaceController(mgr manager.Manager, aerakiAddr, aerakiPort string) error {
 	namespaceCtrl := &namespaceController{
-		Client: mgr.GetClient(),
+		Client:     mgr.GetClient(),
+		AerakiAddr: aerakiAddr,
+		AerakiPort: aerakiPort,
 	}
 	c, err := controller.New("aeraki-namespace-controller", mgr,
 		controller.Options{Reconciler: namespaceCtrl})
@@ -98,7 +102,7 @@ func (c *namespaceController) createBootstrapConfigMap(ns string) {
 	cm.Name = "aeraki-bootstrap-config"
 	cm.Namespace = ns
 	cm.Data = map[string]string{
-		"custom_bootstrap.json": bootstrapConfig,
+		"custom_bootstrap.json": GetBootstrapConfig(c.AerakiAddr, c.AerakiPort),
 	}
 	if err := c.Client.Create(context.TODO(), cm, &controllerclient.CreateOptions{
 		FieldManager: constants.AerakiFieldManager,