Skip to content

Dev/polaris sidecar adaptation #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Sep 8, 2025
Merged

Dev/polaris sidecar adaptation #210

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
aac8699
fix: polaris-sidecar config update
Aug 14, 2025
2bbfb14
feat: update request and limit for dnsagent
Aug 18, 2025
82f5540
chore: makefile support identified container repo
Aug 18, 2025
43aa654
feat: update version to v2.1.0
Aug 18, 2025
e23e2fe
feat: support multi arch
Aug 18, 2025
5d1c563
feat: support more config for dnsagent
Aug 19, 2025
281d854
feat: support more config for sidecar
Aug 21, 2025
b3a601f
feat: support route config for sidecar
Aug 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 51 additions & 39 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,68 +1,80 @@
REGISTRY = ""
ORG = polarismesh
IMAGE_TAG ?= v2.1.0
ORG ?= polarismesh
REPO = polaris-controller
SIDECAR_INIT_REPO = polaris-sidecar-init
ENVOY_SIDECAR_INIT_REPO = polaris-envoy-bootstrap-generator
IMAGE_TAG = v1.7.3
PLATFORMS = linux/amd64,linux/arm64

.PHONY: all
all: fmt build-amd64 build-arm64 build-multi-arch-image \
build-sidecar-init build-envoy-sidecar-init push-image
all: push-all-image

.PHONY: push-all-image
push-all-image: push-controller-image push-init-image

.PHONY: gen-all-image
gen-all-image: gen-controller-image gen-init-image

.PHONY: clean
clean:
rm -rf bin
rm -rf polaris-controller-release*

.PHONY: fmt
fmt: ## Run go fmt against code.
go fmt ./...

.PHONY: build-amd64
build-amd64:
build-amd64: clean fmt
@echo "------------------"
@echo "--> Building binary for polaris-controller (linux/amd64)"
@echo "------------------"
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o ./bin/amd64/polaris-controller ./cmd/polaris-controller/main.go

.PHONY: build-arm64
build-arm64:
build-arm64: clean fmt
@echo "------------------"
@echo "--> Building binary for polaris-controller (linux/arm64)"
@echo "------------------"
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o ./bin/arm64/polaris-controller ./cmd/polaris-controller/main.go

.PHONY: build-multi-arch-image
build-multi-arch-image:
.PHONY: bin
bin: build-amd64 build-arm64
@echo "------------------"
@echo "--> Building multi-arch docker image for polaris-controller"
@echo "--> Building binary for polaris-controller"
@echo "------------------"
@docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push ./

.PHONY: build-sidecar-init
build-sidecar-init:
docker build ./sidecar/polaris-sidecar-init -f ./sidecar/polaris-sidecar-init/Dockerfile -t $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG)

.PHONY: build-envoy-sidecar-init
build-envoy-sidecar-init:
docker build ./sidecar/envoy-bootstrap-config-generator -f ./sidecar/envoy-bootstrap-config-generator/Dockerfile -t $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG)

.PHONY: push-image
push-image:
docker push $(REGISTRY)$(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG)
docker push $(REGISTRY)$(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG)

.PHONY: clean
clean:
rm -rf bin
rm -rf polaris-controller-release*
.PHONY: gen-controller-image
gen-controller-image: bin
@echo "------------------"
@echo "--> Generate multi-arch docker image to registry for polaris-controller"
@echo "------------------"
@docker buildx build ./ --file ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS)

.PHONY: fmt
fmt: ## Run go fmt against code.
go fmt ./...
.PHONY: push-controller-image
push-controller-image: bin
@echo "------------------"
@echo "--> Building and push multi-arch docker image for polaris-controller"
@echo "------------------"
@docker buildx build ./ --file ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push

.PHONY: generate-multi-arch-image
generate-multi-arch-image: fmt build-amd64 build-arm64
.PHONY: gen-init-image
gen-init-image:
@echo "------------------"
@echo "--> Generate multi-arch docker image to registry for polaris-controller"
@echo "--> Building multi-arch docker image for polaris-sidecar-init"
@echo "------------------"
@docker buildx build ./sidecar/polaris-sidecar-init --file ./sidecar/polaris-sidecar-init/Dockerfile --tag $(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
@echo "------------------"
@docker buildx build -f ./docker/Dockerfile --tag $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS) ./
@echo "--> Building multi-arch docker image for envoy-bootstrap-config-generator"
@echo "------------------"
@docker buildx build ./sidecar/envoy-bootstrap-config-generator --file ./sidecar/envoy-bootstrap-config-generator/Dockerfile --tag $(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS)

.PHONY: push-multi-arch-image
push-multi-arch-image: generate-multi-arch-image
.PHONY: push-init-image
push-init-image:
@echo "------------------"
@echo "--> Building and push multi-arch docker image for polaris-sidecar-init"
@echo "------------------"
@docker buildx build ./sidecar/polaris-sidecar-init --file ./sidecar/polaris-sidecar-init/Dockerfile --tag $(ORG)/$(SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push
@echo "------------------"
@echo "--> Push multi-arch docker image to registry for polaris-controller"
@echo "--> Building and push multi-arch docker image for envoy-bootstrap-config-generator"
@echo "------------------"
@docker image push $(ORG)/$(REPO):$(IMAGE_TAG) --platform $(PLATFORMS)
@docker buildx build ./sidecar/envoy-bootstrap-config-generator --file ./sidecar/envoy-bootstrap-config-generator/Dockerfile --tag $(ORG)/$(ENVOY_SIDECAR_INIT_REPO):$(IMAGE_TAG) --platform $(PLATFORMS) --push
24 changes: 15 additions & 9 deletions deploy/kubernetes_v1.21/kubernetes/injector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ metadata:
app: sidecar-injector
data:
values: |-
{"clusterResources":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configNamespace":"polaris-system","configValidation":"false","controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"istio","imagePullPolicy":"Always","imagePullSecrets":[],"istioNamespace":"polaris-system","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"mtls":{"enabled":false},"multiCluster":{"enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"policyNamespace":"polaris-system","priorityClassName":"","prometheusNamespace":"polaris-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false,"host":null,"port":null},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"10ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tag":"1.7.0","tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"udsPath":""},"tag":"1.5.8","telemetryNamespace":"polaris-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true,"xdsApiVersion":"v3"},"istio_cni":{"enabled":false},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableAccessLog":false,"enableNamespacesByDefault":false,"image":"sidecar_injector","injectLabel":"istio-injection","neverInjectSelector":[],"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":2,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[]},"version":""}
{"clusterResources":true,"global":{"proxy":{"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}}}

dns-config: |-
policy: enabled
Expand Down Expand Up @@ -52,11 +52,11 @@ data:
imagePullPolicy: Always
resources:
limits:
cpu: 200m
memory: 200Mi
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 50Mi
cpu: 200m
memory: 300Mi
volumeMounts:
- mountPath: /root/polaris
defaultMode: 777
Expand Down Expand Up @@ -150,21 +150,21 @@ data:
- name: java-agent-dir
emptyDir: {}

mesh-config: |+
mesh-config: |-
policy: enabled
alwaysInjectSelector:
[]

neverInjectSelector:
[{"matchLabels":{"polarismesh.cn/inject":"disabled"}}]

template: |+
containers:
- name: envoy
image: envoyproxy/envoy:#ENVOY_VERSION#
imagePullPolicy: Always
command: ["/usr/local/bin/envoy"]
args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log", "--log-level", "debug"]
args: ["-c", "/etc/envoy/envoy.yaml", "--log-path", "/etc/envoy_logs/envoy.log"]
resources:
{{- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPULimit`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemoryLimit`) }}
{{- if or (isset .ObjectMeta.Annotations `polarismesh.cn/proxyCPU`) (isset .ObjectMeta.Annotations `polarismesh.cn/proxyMemory`) }}
Expand Down Expand Up @@ -217,6 +217,12 @@ data:
cpu: 100m
memory: 50Mi
volumeMounts:
- mountPath: /root/polaris
defaultMode: 777
name: polaris-dir
- mountPath: /root/log
defaultMode: 777
name: polaris-log
- mountPath: /tmp/polaris-sidecar
defaultMode: 777
name: polaris-socket
Expand Down
1 change: 1 addition & 0 deletions deploy/kubernetes_v1.21/kubernetes/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ rules:
- events
- configmaps
- endpoints
- secrets
verbs:
- create
- update
Expand Down
25 changes: 19 additions & 6 deletions deploy/kubernetes_v1.22/kubernetes/injector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app: sidecar-injector
data:
values: |-
{"clusterResources":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configNamespace":"polaris-system","configValidation":"false","controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"istio","imagePullPolicy":"Always","imagePullSecrets":[],"istioNamespace":"polaris-system","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"mtls":{"enabled":false},"multiCluster":{"enabled":false},"oneNamespace":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"policyNamespace":"polaris-system","priorityClassName":"","prometheusNamespace":"polaris-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false,"host":null,"port":null},"envoyMetricsService":{"enabled":false,"host":null,"port":null},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"10ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tag":"1.7.0","tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"udsPath":""},"tag":"1.5.8","telemetryNamespace":"polaris-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"","useMCP":true,"xdsApiVersion":"v3"},"istio_cni":{"enabled":false},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableAccessLog":false,"enableNamespacesByDefault":false,"image":"sidecar_injector","injectLabel":"istio-injection","neverInjectSelector":[],"nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":2,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[]},"version":""}
{"clusterResources":true,"global":{"proxy":{"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}}}

dns-config: |-
policy: enabled
Expand Down Expand Up @@ -37,11 +37,11 @@ data:
imagePullPolicy: Always
resources:
limits:
cpu: 200m
memory: 200Mi
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 50Mi
cpu: 200m
memory: 300Mi
volumeMounts:
- mountPath: /root/polaris
defaultMode: 777
Expand Down Expand Up @@ -135,7 +135,6 @@ data:
- name: java-agent-dir
emptyDir: {}


mesh-config: |-
policy: enabled
alwaysInjectSelector:
Expand Down Expand Up @@ -212,6 +211,10 @@ data:
- mountPath: /tmp/polaris-sidecar
defaultMode: 777
name: polaris-socket
{{ if ( openTlsMode .ObjectMeta.Annotations `polarismesh.cn/tls-mode` ) }}
- name: root-ca
mountPath: /etc/polaris-sidecar/certs
{{ end }}
initContainers:
- name: polaris-bootstrap-writer
image: polarismesh/polaris-envoy-bootstrap-generator:#CONTROLLER_VERSION#
Expand Down Expand Up @@ -281,6 +284,16 @@ data:
- mountPath: /data/polaris-client-config
name: polaris-client-config
volumes:
- name: sds
emptyDir: {}
{{ if ( openTlsMode .ObjectMeta.Annotations `polarismesh.cn/tls-mode` ) }}
- name: root-ca
secret:
secretName: polaris-sidecar-secret
items:
- key: root-cert
path: rootca.pem
{{ end }}
- name: polaris-client-config
emptyDir: {}
- name: envoy-bootstrap
Expand Down
1 change: 1 addition & 0 deletions deploy/kubernetes_v1.22/kubernetes/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ rules:
- events
- configmaps
- endpoints
- secrets
verbs:
- create
- update
Expand Down
27 changes: 18 additions & 9 deletions pkg/inject/pkg/kube/inject/apply/mesh/patch.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,32 +83,41 @@ func (pb *PodPatchBuilder) PatchContainer(req *inject.OperateContainerRequest) (

// handlePolarisSidecarEnvInject 处理polaris-sidecar容器的环境变量
func (pb *PodPatchBuilder) handlePolarisSidecarEnvInject(opt *inject.PatchOptions, pod *corev1.Pod, add *corev1.Container) (bool, error) {

annotations := pod.Annotations
err := pb.ensureRootCertExist(opt.KubeClient, pod)
if err != nil {
return false, err
}
envMap := make(map[string]string)
// 基础通用默认配置
envMap[EnvSidecarNamespace] = pod.GetNamespace()
envMap[EnvPolarisAddress] = common.PolarisServerGrpcAddress
envMap[EnvSidecarPort] = strconv.Itoa(ValueListenPort)
envMap[EnvSidecarRecurseEnable] = strconv.FormatBool(true)
envMap[EnvSidecarLogLevel] = "info"
if opt.SidecarMode == utils.SidecarForDns {
// dns mode
envMap[EnvSidecarDnsEnable] = strconv.FormatBool(true)
envMap[EnvSidecarMeshEnable] = strconv.FormatBool(false)
envMap[EnvSidecarMetricEnable] = strconv.FormatBool(false)
envMap[EnvSidecarMetricListenPort] = strconv.Itoa(ValueMetricListenPort)
envMap[EnvSidecarDnsRouteLabels] = buildLabelsStr(pod.Labels)

} else {
// mesh mode
envMap[EnvSidecarDnsEnable] = strconv.FormatBool(false)
envMap[EnvSidecarMeshEnable] = strconv.FormatBool(true)
envMap[EnvSidecarRLSEnable] = strconv.FormatBool(true)
envMap[EnvSidecarMetricEnable] = strconv.FormatBool(true)
envMap[EnvSidecarMetricListenPort] = strconv.Itoa(ValueMetricListenPort)
if inject.EnableMtls(pod) {
envMap[EnvSidecarMtlsEnable] = strconv.FormatBool(true)
}
}
envMap[EnvSidecarLogLevel] = "info"
envMap[EnvSidecarNamespace] = pod.GetNamespace()
envMap[EnvPolarisAddress] = common.PolarisServerGrpcAddress
envMap[EnvSidecarDnsRouteLabels] = buildLabelsStr(pod.Labels)
if inject.EnableMtls(pod) {
envMap[EnvSidecarMtlsEnable] = strconv.FormatBool(true)
if sidecarConfig, ok := annotations[utils.AnnotationKeySidecarConfig]; ok {
config, err := getSidecarConfig(sidecarConfig)
if err != nil {
return false, err
}
fillEnv(envMap, config, opt.SidecarMode)
}
log.InjectScope().Infof("pod=[%s, %s] inject polaris-sidecar mode %s, env map %v",
pod.Namespace, pod.Name, utils.ParseSidecarModeName(opt.SidecarMode), envMap)
Expand Down
Loading
Loading