From 9d917ae9cb68bc297217002e940e1530ac93cb85 Mon Sep 17 00:00:00 2001 From: naison <895703375@qq.com> Date: Sat, 14 Sep 2024 20:01:58 +0800 Subject: [PATCH] docs: update doc (#333) --- README.md | 61 +++++++++++++++++++++++++++------- README_ZH.md | 66 ++++++++++++++++++++++++++++++++++--- cmd/kubevpn/cmds/clone.go | 10 +++--- cmd/kubevpn/cmds/connect.go | 2 +- cmd/kubevpn/cmds/dev.go | 4 +-- cmd/kubevpn/cmds/proxy.go | 14 ++++---- docs/en/Architecture.md | 2 +- pkg/inject/mesh.go | 4 +-- 8 files changed, 128 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 8fc2c987..6f8529f7 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,9 @@ kubectl delete -f https://raw.githubusercontent.com/kubenetworks/kubevpn/master/ ### Connect to k8s cluster network +use command `kubevpn connect` connect to k8s cluster network, prompt `Password:` need to input computer +password. to enable root operation (create a tun device). + ```shell ➜ ~ kubevpn connect Password: @@ -126,6 +129,8 @@ Configured DNS service ➜ ~ ``` +already connected to cluster network, use command `kubevpn status` to check status + ```shell ➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status @@ -133,6 +138,8 @@ ID Mode Cluster Kubeconfig Namespace Status ➜ ~ ``` +use pod `productpage-788df7ff7f-jpkcs` IP `172.29.2.134` + ```shell ➜ ~ kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES @@ -144,6 +151,8 @@ ratings-77b6cd4499-zvl6c 1/1 Running 0 reviews-85c88894d9-vgkxd 1/1 Running 0 24d 172.29.2.249 192.168.0.5 ``` +use `ping` to test connection, seems good + ```shell ➜ ~ ping 172.29.2.134 PING 172.29.2.134 (172.29.2.134): 56 data bytes @@ -157,6 +166,8 @@ PING 172.29.2.134 (172.29.2.134): 56 data bytes round-trip min/avg/max/stddev = 54.293/55.380/56.270/0.728 ms ``` +use service `productpage` IP `172.21.10.49` + ```shell ➜ ~ kubectl get services -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR @@ -169,6 +180,8 @@ ratings ClusterIP 172.21.3.247 9080/TCP reviews ClusterIP 172.21.8.24 9080/TCP 114d app=reviews ``` +use command `curl` to test service connection + ```shell ➜ ~ curl 172.21.10.49:9080 @@ -180,8 +193,18 @@ reviews ClusterIP 172.21.8.24 9080/TCP ``` +seems good too~ + ### Domain resolve +support k8s dns name resolve. + +a Pod/Service named `productpage` in the `default` namespace can successfully resolve by following name: + +- `productpage` +- `productpage.default` +- `productpage.default.svc.cluster.local` + ```shell ➜ ~ curl productpage.default.svc.cluster.local:9080 @@ -214,12 +237,19 @@ use [Domain resolve](./README.md#domain-resolve) ### Connect to multiple kubernetes cluster network +- Mode `lite`: can connect to multiple cluster network, design for only connecting to multiple cluster network. +- Mode `Full`: not only connect to cluster network, it also supports proxy workloads inbound traffic to local PC. + +already connected cluster `ccijorbccotmqodvr189g` with mode `full` + ```shell ➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status 0 full ccijorbccotmqodvr189g /Users/naison/.kube/config default Connected ``` +then connect to another cluster `ccidd77aam2dtnc3qnddg` with mode `lite` + ```shell ➜ ~ kubevpn connect -n default --kubeconfig ~/.kube/dev_config --lite Starting connect @@ -234,6 +264,8 @@ Configured DNS service +----------------------------------------------------------+ ``` +use command `kubevpn status` to check connection status + ```shell ➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status @@ -244,6 +276,8 @@ ID Mode Cluster Kubeconfig Namespace Status ### Reverse proxy +use command `kubevpn proxy` to proxy all inbound traffic to local computer. + ```shell ➜ ~ kubevpn proxy deployment/productpage Connected to cluster @@ -294,20 +328,20 @@ then run it export selector=productpage export pod=`kubectl get pods -l app=${selector} -n default -o jsonpath='{.items[0].metadata.name}'` export pod_ip=`kubectl get pod $pod -n default -o jsonpath='{.status.podIP}'` -curl -v -H "a: 1" http://$pod_ip:9080/health +curl -v -H "foo: bar" http://$pod_ip:9080/health ``` response would like below ``` -❯ curl -v -H "a: 1" http://$pod_ip:9080/health +❯ curl -v -H "foo: bar" http://$pod_ip:9080/health * Trying 192.168.72.77:9080... * Connected to 192.168.72.77 (192.168.72.77) port 9080 (#0) > GET /health HTTP/1.1 > Host: 192.168.72.77:9080 > User-Agent: curl/7.87.0 > Accept: */* -> a: 1 +> foo: bar > >>Received request: GET /health from xxx.xxx.xxx.xxx:52974 * Mark bundle as not supporting multiuse @@ -331,10 +365,10 @@ Hello world!% ### Reverse proxy with mesh -Support HTTP, GRPC and WebSocket etc. with specific header `"a: 1"` will route to your local machine +Support HTTP, GRPC and WebSocket etc. with specific header `"foo: bar"` will route to your local machine ```shell -➜ ~ kubevpn proxy deployment/productpage --headers a=1 +➜ ~ kubevpn proxy deployment/productpage --headers foo=bar Connected to cluster Injecting inbound sidecar for deployment/productpage Checking rollout status for deployment/productpage @@ -347,7 +381,7 @@ Rollout successfully for deployment/productpage ➜ ~ ``` -first access without header "a: 1", it will access existing pod on kubernetes cluster. +first access without header "foo: bar", it will access existing pod on kubernetes cluster. ```shell ➜ ~ curl productpage:9080 @@ -361,10 +395,10 @@ first access without header "a: 1", it will access existing pod on kubernetes cl ... ``` -Now let's access local service with header `"a: 1"` +Now let's access local service with header `"foo: bar"` ```shell -➜ ~ curl productpage:9080 -H "a: 1" +➜ ~ curl productpage:9080 -H "foo: bar" >>Received request: GET / from xxx.xxx.xxx.xxx:51296 Hello world! ``` @@ -387,7 +421,7 @@ Run the Kubernetes pod in the local Docker container, and cooperate with the ser the specified header to the local, or all the traffic to the local. ```shell -➜ ~ kubevpn dev deployment/authors --headers a=1 --entrypoint sh +➜ ~ kubevpn dev deployment/authors --headers foo=bar --entrypoint sh Starting connect Got network CIDR from cache Use exist traffic manager @@ -470,7 +504,7 @@ Here is how to access pod in local docker container ```shell export authors_pod=`kubectl get pods -l app=authors -n default -o jsonpath='{.items[0].metadata.name}'` export authors_pod_ip=`kubectl get pod $authors_pod -n default -o jsonpath='{.status.podIP}'` -curl -kv -H "a: 1" http://$authors_pod_ip:80/health +curl -kv -H "foo: bar" http://$authors_pod_ip:80/health ``` Verify logs of nginx container @@ -622,7 +656,7 @@ OK: 8 MiB in 19 packages >> Container Received request: GET / from 127.0.0.1:41230 Hello world!/opt/microservices # -/opt/microservices # curl authors:9080/health -H "a: 1" +/opt/microservices # curl authors:9080/health -H "foo: bar" >>Received request: GET /health from 223.254.0.109:57930 Hello world!/opt/microservices # /opt/microservices # curl localhost:9080/health @@ -659,6 +693,8 @@ kubectl delete -f https://raw.githubusercontent.com/kubenetworks/kubevpn/master/ ### Multiple Protocol +support OSI model layers 3 and above, protocols like `ICMP`, `TCP`, and `UDP`... + - TCP - UDP - ICMP @@ -833,7 +869,8 @@ restart docker and retry ## Architecture -Architecture can be found [here](/docs/en/Architecture.md) and [website](https://www.kubevpn.cn/docs/architecture/connect). +Architecture can be found [here](/docs/en/Architecture.md) +and [website](https://www.kubevpn.cn/docs/architecture/connect). ## Contributions diff --git a/README_ZH.md b/README_ZH.md index 3c92496a..4541c283 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -78,6 +78,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubenetworks/kubevpn/master/s ### 链接到集群网络 +使用命令 `kubevpn connect` 链接到集群,请注意这里需要输入电脑密码。因为需要 `root` 权限。(创建虚拟网卡) + ```shell ➜ ~ kubevpn connect Password: @@ -115,6 +117,8 @@ Configured DNS service ➜ ~ ``` +提示已经链接到集群了。使用命令 `kubevpn status` 检查一下状态。 + ```shell ➜ ~ kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES @@ -126,6 +130,8 @@ ratings-77b6cd4499-zvl6c 1/1 Running 0 reviews-85c88894d9-vgkxd 1/1 Running 0 24d 172.29.2.249 192.168.0.5 ``` +找一个 pod 的 IP,比如 `productpage-788df7ff7f-jpkcs` 的 IP `172.29.2.134` + ```shell ➜ ~ ping 172.29.2.134 PING 172.29.2.134 (172.29.2.134): 56 data bytes @@ -139,6 +145,8 @@ PING 172.29.2.134 (172.29.2.134): 56 data bytes round-trip min/avg/max/stddev = 54.293/55.380/56.270/0.728 ms ``` +测试应该可以直接 Ping 通,说明本地可以正常访问到集群网络了。 + ```shell ➜ ~ kubectl get services -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR @@ -151,6 +159,8 @@ ratings ClusterIP 172.21.3.247 9080/TCP reviews ClusterIP 172.21.8.24 9080/TCP 114d app=reviews ``` +找一个 service 的 IP,比如 `productpage` 的 IP `172.21.10.49`,试着访问一下服务 `productpage` + ```shell ➜ ~ curl 172.21.10.49:9080 @@ -162,8 +172,16 @@ reviews ClusterIP 172.21.8.24 9080/TCP ``` +可以看到也可以正常访问,也就是可以在本地访问到集群的 pod 和 service 了~ + ### 域名解析功能 +支持 k8s dns 解析。比如一个名为 `productpage` 的 Pod 或者 Service 处于 `default` 命名空间下可以被如下域名正常解析到: + +- `productpage` +- `productpage.default` +- `productpage.default.svc.cluster.local` + ```shell ➜ ~ curl productpage.default.svc.cluster.local:9080 @@ -175,8 +193,15 @@ reviews ClusterIP 172.21.8.24 9080/TCP ``` +可以看到能够被正常解析,并且返回相应内容。 + ### 短域名解析功能 +连接到此命名空间下,可以直接使用 `service` name 的方式访问,否则访问其它命令空间下的服务,需要带上命令空间作为域名的一部分,使用如下的域名即可。 + +- `productpage.default` +- `productpage.default.svc.cluster.local` + ```shell ➜ ~ curl productpage:9080 @@ -188,14 +213,25 @@ reviews ClusterIP 172.21.8.24 9080/TCP ... ``` +可以看到直接使用 service name 的方式,可以正常访问到集群资源。 + ### 链接到多集群网络 +有个两个模式 + +- 模式 `lite`: 可以链接到多个集群网络,但是仅支持链接到多集群。 +- 模式 `full`: 不仅支持链接到单个集群网络,还可以拦截工作负载流量到本地电脑。 + +可以看到已经链接到了一个集群 `ccijorbccotmqodvr189g`,是 `full` 模式 + ```shell ➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status 0 full ccijorbccotmqodvr189g /Users/naison/.kube/config default Connected ``` +此时还可以使用 `lite` 模式链接到其它集群 + ```shell ➜ ~ kubevpn connect -n default --kubeconfig ~/.kube/dev_config --lite Starting connect @@ -210,6 +246,8 @@ Configured DNS service +----------------------------------------------------------+ ``` +使用命令 `kubevpn status` 查看当前链接状态。 + ```shell ➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status @@ -218,8 +256,12 @@ ID Mode Cluster Kubeconfig Namespace Status ➜ ~ ``` +可以看到连接到了多个集群。 + ### 反向代理 +使用命令 `kubevpn proxy` 代理所有的入站流量到本地电脑。 + ```shell ➜ ~ kubevpn proxy deployment/productpage Connected to cluster @@ -234,6 +276,8 @@ Rollout successfully for deployment/productpage ➜ ~ ``` +此时在本地使用 `go` 启动一个服务,用于承接流量。 + ```go package main @@ -250,6 +294,8 @@ func main() { } ``` +使用 `service` name 的方式,直接访问集群中的 `productpage` 服务。 + ```shell ➜ ~ curl productpage:9080 Hello world!% @@ -257,12 +303,14 @@ Hello world!% Hello world!% ``` +可以看到直接击中了本地电脑的服务。 + ### 反向代理支持 service mesh -支持 HTTP, GRPC 和 WebSocket 等, 携带了指定 header `"a: 1"` 的流量,将会路由到本地 +支持 HTTP, GRPC 和 WebSocket 等, 携带了指定 header `"foo: bar"` 的流量,将会路由到本地 ```shell -➜ ~ kubevpn proxy deployment/productpage --headers a=1 +➜ ~ kubevpn proxy deployment/productpage --headers foo=bar Connected to cluster Injecting inbound sidecar for deployment/productpage Checking rollout status for deployment/productpage @@ -275,6 +323,8 @@ Rollout successfully for deployment/productpage ➜ ~ ``` +不带 header 直接访问集群资源,可以看到返回的是集群中的服务内容。 + ```shell ➜ ~ curl productpage:9080 @@ -287,8 +337,10 @@ Rollout successfully for deployment/productpage ... ``` +带上特定 header 访问集群资源,可以看到返回了本地服务的内容。 + ```shell -➜ ~ curl productpage:9080 -H "a: 1" +➜ ~ curl productpage:9080 -H "foo: bar" Hello world!% ``` @@ -310,7 +362,7 @@ Rollout successfully for deployments/productpage Docker。 ```shell -➜ ~ kubevpn dev deployment/authors --headers a=1 --entrypoint sh +➜ ~ kubevpn dev deployment/authors --headers foo=bar --entrypoint sh Starting connect Got network CIDR from cache Use exist traffic manager @@ -528,7 +580,7 @@ OK: 8 MiB in 19 packages >> Container Received request: GET / from 127.0.0.1:41230 Hello world!/opt/microservices # -/opt/microservices # curl authors:9080/health -H "a: 1" +/opt/microservices # curl authors:9080/health -H "foo: bar" >>Received request: GET /health from 223.254.0.109:57930 Hello world!/opt/microservices # /opt/microservices # curl localhost:9080/health @@ -546,6 +598,8 @@ exit ➜ ~ ``` +可以看到实际上是在本地使用 `Docker` 启动了三个容器。 + ```text ➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES @@ -557,6 +611,8 @@ d0b3dab8912a naison/kubevpn:v2.0.0 "/bin/bash" 5 minute ### 支持多种协议 +支持 OSI 模型三层及三层以上的协议,例如: + - TCP - UDP - ICMP diff --git a/cmd/kubevpn/cmds/clone.go b/cmd/kubevpn/cmds/clone.go index 0af532cd..5349ddc2 100644 --- a/cmd/kubevpn/cmds/clone.go +++ b/cmd/kubevpn/cmds/clone.go @@ -56,17 +56,17 @@ func CmdClone(f cmdutil.Factory) *cobra.Command { or kubevpn clone deployment authors productpage - # clone with mesh, traffic with header a=1, will hit cloned workloads, otherwise hit origin workloads - kubevpn clone deployment/productpage --headers a=1 + # clone with mesh, traffic with header foo=bar, will hit cloned workloads, otherwise hit origin workloads + kubevpn clone deployment/productpage --headers foo=bar # clone workloads which api-server behind of bastion host or ssh jump host - kubevpn clone deployment/productpage --ssh-addr 192.168.1.100:22 --ssh-username root --ssh-keyfile ~/.ssh/ssh.pem --headers a=1 + kubevpn clone deployment/productpage --ssh-addr 192.168.1.100:22 --ssh-username root --ssh-keyfile ~/.ssh/ssh.pem --headers foo=bar # It also supports ProxyJump, like ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ ┌────────────┐ │ pc ├────►│ ssh1 ├────►│ ssh2 ├────►│ ssh3 ├─────►... ─────► │ api-server │ └──────┘ └──────┘ └──────┘ └──────┘ └────────────┘ - kubevpn clone service/productpage --ssh-alias --headers a=1 + kubevpn clone service/productpage --ssh-alias --headers foo=bar # Support ssh auth GSSAPI kubevpn clone service/productpage --ssh-addr --ssh-username --gssapi-keytab /path/to/keytab @@ -155,7 +155,7 @@ func CmdClone(f cmdutil.Factory) *cobra.Command { return nil }, } - cmd.Flags().StringToStringVarP(&options.Headers, "headers", "H", map[string]string{}, "Traffic with special headers (use `and` to match all headers) with reverse it to target cluster cloned workloads, If not special, redirect all traffic to target cluster cloned workloads. eg: --headers a=1 --headers b=2") + cmd.Flags().StringToStringVarP(&options.Headers, "headers", "H", map[string]string{}, "Traffic with special headers (use `and` to match all headers) with reverse it to target cluster cloned workloads, If not special, redirect all traffic to target cluster cloned workloads. eg: --headers foo=bar --headers env=dev") cmd.Flags().BoolVar(&config.Debug, "debug", false, "Enable debug mode or not, true or false") cmd.Flags().StringVar(&config.Image, "image", config.Image, "Use this image to startup container") cmd.Flags().BoolVar(&transferImage, "transfer-image", false, "transfer image to remote registry, it will transfer image "+config.OriginImage+" to flags `--image` special image, default: "+config.Image) diff --git a/cmd/kubevpn/cmds/connect.go b/cmd/kubevpn/cmds/connect.go index d6d5f6bd..0645f11e 100644 --- a/cmd/kubevpn/cmds/connect.go +++ b/cmd/kubevpn/cmds/connect.go @@ -163,7 +163,7 @@ func CmdConnect(f cmdutil.Factory) *cobra.Command { cmd.Flags().BoolVar(&transferImage, "transfer-image", false, "transfer image to remote registry, it will transfer image "+config.OriginImage+" to flags `--image` special image, default: "+config.Image) cmd.Flags().StringVar((*string)(&connect.Engine), "engine", string(config.EngineRaw), fmt.Sprintf(`transport engine ("%s"|"%s") %s: use gvisor and raw both (both performance and stable), %s: use raw mode (best stable)`, config.EngineMix, config.EngineRaw, config.EngineMix, config.EngineRaw)) cmd.Flags().BoolVar(&foreground, "foreground", false, "Hang up") - cmd.Flags().BoolVar(&lite, "lite", false, "connect to multiple cluster in lite mode, you needs to special this options") + cmd.Flags().BoolVar(&lite, "lite", false, "connect to multiple cluster in lite mode. mode \"lite\": design for only connecting to multiple cluster network. mode \"full\": not only connect to cluster network, it also supports proxy workloads inbound traffic to local PC.") handler.AddExtraRoute(cmd.Flags(), extraRoute) pkgssh.AddSshFlags(cmd.Flags(), sshConf) diff --git a/cmd/kubevpn/cmds/dev.go b/cmd/kubevpn/cmds/dev.go index e04eced1..16cb61c6 100644 --- a/cmd/kubevpn/cmds/dev.go +++ b/cmd/kubevpn/cmds/dev.go @@ -45,8 +45,8 @@ func CmdDev(f cmdutil.Factory) *cobra.Command { - develop service kubevpn dev service/productpage - # Develop workloads with mesh, traffic with header a=1, will hit local PC, otherwise no effect - kubevpn dev service/productpage --headers a=1 + # Develop workloads with mesh, traffic with header foo=bar, will hit local PC, otherwise no effect + kubevpn dev service/productpage --headers foo=bar # Develop workloads without proxy traffic kubevpn dev service/productpage --no-proxy diff --git a/cmd/kubevpn/cmds/proxy.go b/cmd/kubevpn/cmds/proxy.go index 3e279580..4fa8b02c 100644 --- a/cmd/kubevpn/cmds/proxy.go +++ b/cmd/kubevpn/cmds/proxy.go @@ -54,20 +54,20 @@ func CmdProxy(f cmdutil.Factory) *cobra.Command { or kubevpn proxy deployment authors productpage - # Reverse proxy with mesh, traffic with header a=1, will hit local PC, otherwise no effect - kubevpn proxy service/productpage --headers a=1 + # Reverse proxy with mesh, traffic with header foo=bar, will hit local PC, otherwise no effect + kubevpn proxy service/productpage --headers foo=bar - # Reverse proxy with mesh, traffic with header a=1 and b=2, will hit local PC, otherwise no effect - kubevpn proxy service/productpage --headers a=1 --headers b=2 + # Reverse proxy with mesh, traffic with header foo=bar and env=dev, will hit local PC, otherwise no effect + kubevpn proxy service/productpage --headers foo=bar --headers env=dev # Connect to api-server behind of bastion host or ssh jump host and proxy kubernetes resource traffic into local PC - kubevpn proxy deployment/productpage --ssh-addr 192.168.1.100:22 --ssh-username root --ssh-keyfile ~/.ssh/ssh.pem --headers a=1 + kubevpn proxy deployment/productpage --ssh-addr 192.168.1.100:22 --ssh-username root --ssh-keyfile ~/.ssh/ssh.pem --headers foo=bar # It also supports ProxyJump, like ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ ┌────────────┐ │ pc ├────►│ ssh1 ├────►│ ssh2 ├────►│ ssh3 ├─────►... ─────► │ api-server │ └──────┘ └──────┘ └──────┘ └──────┘ └────────────┘ - kubevpn proxy service/productpage --ssh-alias --headers a=1 + kubevpn proxy service/productpage --ssh-alias --headers foo=bar # Support ssh auth GSSAPI kubevpn proxy service/productpage --ssh-addr --ssh-username --gssapi-keytab /path/to/keytab @@ -176,7 +176,7 @@ func CmdProxy(f cmdutil.Factory) *cobra.Command { return nil }, } - cmd.Flags().StringToStringVarP(&connect.Headers, "headers", "H", map[string]string{}, "Traffic with special headers (use `and` to match all headers) with reverse it to local PC, If not special, redirect all traffic to local PC. eg: --headers a=1 --headers b=2") + cmd.Flags().StringToStringVarP(&connect.Headers, "headers", "H", map[string]string{}, "Traffic with special headers (use `and` to match all headers) with reverse it to local PC, If not special, redirect all traffic to local PC. format: = eg: --headers foo=bar --headers env=dev") cmd.Flags().StringArrayVar(&connect.PortMap, "portmap", []string{}, "Port map, map container port to local port, format: [tcp/udp]/containerPort:localPort, If not special, localPort will use containerPort. eg: tcp/80:8080 or udp/5000:5001 or 80 or 80:8080") cmd.Flags().BoolVar(&config.Debug, "debug", false, "Enable debug mode or not, true or false") cmd.Flags().StringVar(&config.Image, "image", config.Image, "Use this image to startup container") diff --git a/docs/en/Architecture.md b/docs/en/Architecture.md index 66c5f139..322cc423 100644 --- a/docs/en/Architecture.md +++ b/docs/en/Architecture.md @@ -28,7 +28,7 @@ base on reverse mode, using envoy as proxy, if headers have special key-value pa │ │ cloud ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─┘─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ local - header: a=1 │ + header: foo=bar │ ┌───┘──────┐ │ │ ServiceB'├─────────────┘ └──────────┘ diff --git a/pkg/inject/mesh.go b/pkg/inject/mesh.go index 76f7e539..9e52dace 100644 --- a/pkg/inject/mesh.go +++ b/pkg/inject/mesh.go @@ -264,7 +264,7 @@ func addVirtualRule(v []*controlplane.Virtual, nodeID string, port []v1.Containe }) } - // 2) if already proxy deployment/xxx with header a=1. also want to add b=2 + // 2) if already proxy deployment/xxx with header foo=bar. also want to add env=dev for j, rule := range v[index].Rules { if rule.LocalTunIPv4 == tunIP.LocalTunIPv4 && rule.LocalTunIPv6 == tunIP.LocalTunIPv6 { @@ -274,7 +274,7 @@ func addVirtualRule(v []*controlplane.Virtual, nodeID string, port []v1.Containe } } - // 3) if already proxy deployment/xxx with header a=1, other user can replace it to self + // 3) if already proxy deployment/xxx with header foo=bar, other user can replace it to self for j, rule := range v[index].Rules { if reflect.DeepEqual(rule.Headers, headers) { v[index].Rules[j].LocalTunIPv6 = tunIP.LocalTunIPv6