feat: use origin probe (#390)

2025-12-24 11:51:13 +08:00 · 2024-12-09 19:13:43 +08:00
parent 9ebc95352a
commit d165dacd20
5 changed files with 4 additions and 151 deletions
--- a/pkg/config/const.go
+++ b/pkg/config/const.go
@@ -20,8 +20,6 @@ const (

 	LogFile = "daemon.log"

-	KubeVPNRestorePatchKey = "kubevpn-probe-restore-patch"
-
 	ConfigFile = "config.yaml"
 )

--- a/pkg/handler/clone.go
+++ b/pkg/handler/clone.go
@@ -229,9 +229,6 @@ func (d *CloneOptions) DoClone(ctx context.Context, kubeconfigJsonBytes []byte)
 			containers := spec.Spec.Containers
 			// remove vpn sidecar
 			for i := 0; i < len(containers); i++ {
-				containers[i].ReadinessProbe = nil
-				containers[i].LivenessProbe = nil
-				containers[i].StartupProbe = nil
 				containerName := containers[i].Name
 				if err == nil && (containerName == config.ContainerSidecarVPN || containerName == config.ContainerSidecarEnvoyProxy) {
 					containers = append(containers[:i], containers[i+1:]...)
--- a/pkg/inject/exchange.go
+++ b/pkg/inject/exchange.go
@@ -81,6 +81,8 @@ func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) {
 		// https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2
 		// for curl -g -6 [efff:ffff:ffff:ffff:ffff:ffff:ffff:999a]:9080/health or curl 127.0.0.1:9080/health hit local PC
 		// output chain
+		// iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4}
+		// ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6}
 		Args: []string{`
 sysctl -w net.ipv4.ip_forward=1
 sysctl -w net.ipv6.conf.all.disable_ipv6=0
@@ -97,8 +99,6 @@ iptables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv4}
 ip6tables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv6}
 iptables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE
 ip6tables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE
-iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4}
-ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6}
 kubevpn serve -L "tun:/127.0.0.1:8422?net=${TunIPv4}&route=${CIDR4}" -F "tcp://${TrafficManagerService}:10800"`,
 		},
 		SecurityContext: &corev1.SecurityContext{
--- a/pkg/inject/mesh.go
+++ b/pkg/inject/mesh.go
@@ -46,8 +46,6 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 		return err
 	}

-	origin := templateSpec.DeepCopy()
-
 	var ports []v1.ContainerPort
 	for _, container := range templateSpec.Spec.Containers {
 		ports = append(ports, container.Ports...)
@@ -105,14 +103,6 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli

 	enableIPv6, _ := util.DetectPodSupportIPv6(ctx1, factory, namespace)
 	// (1) add mesh container
-	removePatch, restorePatch := patch(*origin, path)
-	var b []byte
-	b, err = k8sjson.Marshal(restorePatch)
-	if err != nil {
-		log.Errorf("Marshal patch error: %v", err)
-		return err
-	}
-
 	AddMeshContainer(templateSpec, nodeID, c, enableIPv6)
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	ps := []P{
@@ -121,14 +111,9 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 			Path:  "/" + strings.Join(append(path, "spec"), "/"),
 			Value: templateSpec.Spec,
 		},
-		{
-			Op:    "replace",
-			Path:  "/metadata/annotations/" + config.KubeVPNRestorePatchKey,
-			Value: string(b),
-		},
 	}
 	var bytes []byte
-	bytes, err = k8sjson.Marshal(append(ps, removePatch...))
+	bytes, err = k8sjson.Marshal(append(ps))
 	if err != nil {
 		return err
 	}
@@ -172,22 +157,12 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa
 	log.Infof("Leaving workload %s", workload)

 	RemoveContainers(templateSpec)
-	if u.GetAnnotations() != nil && u.GetAnnotations()[config.KubeVPNRestorePatchKey] != "" {
-		patchStr := u.GetAnnotations()[config.KubeVPNRestorePatchKey]
-		var ps []P
-		err = json.Unmarshal([]byte(patchStr), &ps)
-		if err != nil {
-			return fmt.Errorf("unmarshal json patch: %s failed, err: %v", patchStr, err)
-		}
-		fromPatchToProbe(templateSpec, depth, ps)
-	}

 	if empty {
 		helper := pkgresource.NewHelper(object.Client, object.Mapping)
 		// pod without controller
 		if len(depth) == 0 {
 			log.Debugf("Workload %s is not under controller management", workload)
-			delete(templateSpec.ObjectMeta.GetAnnotations(), config.KubeVPNRestorePatchKey)
 			pod := &v1.Pod{ObjectMeta: templateSpec.ObjectMeta, Spec: templateSpec.Spec}
 			CleanupUselessInfo(pod)
 			err = CreateAfterDeletePod(factory, pod, helper)
@@ -203,11 +178,6 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa
 				Path:  "/" + strings.Join(append(depth, "spec"), "/"),
 				Value: templateSpec.Spec,
 			},
-			{
-				Op:    "replace",
-				Path:  "/metadata/annotations/" + config.KubeVPNRestorePatchKey,
-				Value: "",
-			},
 		})
 		if err != nil {
 			log.Errorf("Failed to generate json patch: %v", err)
--- a/pkg/inject/proxy.go
+++ b/pkg/inject/proxy.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	errors2 "errors"
 	"fmt"
-	"strconv"
 	"strings"
 	"time"

@@ -15,14 +14,12 @@ import (
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
-	json2 "k8s.io/apimachinery/pkg/util/json"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/cli-runtime/pkg/resource"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/utils/pointer"

-	"github.com/wencaiwulue/kubevpn/v2/pkg/config"
 	util2 "github.com/wencaiwulue/kubevpn/v2/pkg/util"
 )

@@ -58,18 +55,12 @@ func InjectVPNSidecar(ctx1 context.Context, factory util.Factory, namespace, wor
 		return err
 	}

-	origin := *podTempSpec
 	AddContainer(&podTempSpec.Spec, c)

 	helper := resource.NewHelper(object.Client, object.Mapping)
 	// pods without controller
 	if len(path) == 0 {
 		log.Infof("Workload %s/%s is not controlled by any controller", namespace, workload)
-		for _, container := range podTempSpec.Spec.Containers {
-			container.LivenessProbe = nil
-			container.StartupProbe = nil
-			container.ReadinessProbe = nil
-		}
 		p := &v1.Pod{ObjectMeta: podTempSpec.ObjectMeta, Spec: podTempSpec.Spec}
 		CleanupUselessInfo(p)
 		if err = CreateAfterDeletePod(factory, p, helper); err != nil {
@@ -79,22 +70,14 @@ func InjectVPNSidecar(ctx1 context.Context, factory util.Factory, namespace, wor
 	// controllers
 	{
 		log.Debugf("The %s is under controller management", workload)
-		// remove probe
-		removePatch, restorePatch := patch(origin, path)
-		b, _ := json.Marshal(restorePatch)
 		p := []P{
 			{
 				Op:    "replace",
 				Path:  "/" + strings.Join(append(path, "spec"), "/"),
 				Value: podTempSpec.Spec,
 			},
-			{
-				Op:    "replace",
-				Path:  "/metadata/annotations/" + config.KubeVPNRestorePatchKey,
-				Value: string(b),
-			},
 		}
-		marshal, _ := json.Marshal(append(p, removePatch...))
+		marshal, _ := json.Marshal(append(p))
 		_, err = helper.Patch(object.Namespace, object.Name, types.JSONPatchType, marshal, &v12.PatchOptions{})
 		if err != nil {
 			log.Errorf("Failed to inject proxy container: %v, exiting...", err)
@@ -204,98 +187,3 @@ type P struct {
 	Path  string      `json:"path,omitempty"`
 	Value interface{} `json:"value,omitempty"`
 }
-
-func patch(spec v1.PodTemplateSpec, path []string) (remove []P, restore []P) {
-	for i := range spec.Spec.Containers {
-		index := strconv.Itoa(i)
-		readinessPath := "/" + strings.Join(append(path, "spec", "containers", index, "readinessProbe"), "/")
-		livenessPath := "/" + strings.Join(append(path, "spec", "containers", index, "livenessProbe"), "/")
-		startupPath := "/" + strings.Join(append(path, "spec", "containers", index, "startupProbe"), "/")
-		f := func(p *v1.Probe) string {
-			if p == nil {
-				return ""
-			}
-			marshal, err := json2.Marshal(p)
-			if err != nil {
-				log.Errorf("Failed to marshal json: %v", err)
-				return ""
-			}
-			return string(marshal)
-		}
-		remove = append(remove, P{
-			Op:    "replace",
-			Path:  readinessPath,
-			Value: nil,
-		}, P{
-			Op:    "replace",
-			Path:  livenessPath,
-			Value: nil,
-		}, P{
-			Op:    "replace",
-			Path:  startupPath,
-			Value: nil,
-		})
-		restore = append(restore, P{
-			Op:    "replace",
-			Path:  readinessPath,
-			Value: f(spec.Spec.Containers[i].ReadinessProbe),
-		}, P{
-			Op:    "replace",
-			Path:  livenessPath,
-			Value: f(spec.Spec.Containers[i].LivenessProbe),
-		}, P{
-			Op:    "replace",
-			Path:  startupPath,
-			Value: f(spec.Spec.Containers[i].StartupProbe),
-		})
-	}
-	return
-}
-
-func fromPatchToProbe(spec *v1.PodTemplateSpec, path []string, patch []P) {
-	// 3 = readiness + liveness + startup
-	if len(patch) != 3*len(spec.Spec.Containers) {
-		log.Debugf("patch not match container num, not restore")
-		return
-	}
-	for i := range spec.Spec.Containers {
-		index := strconv.Itoa(i)
-		readinessPath := "/" + strings.Join(append(path, "spec", "containers", index, "readinessProbe"), "/")
-		livenessPath := "/" + strings.Join(append(path, "spec", "containers", index, "livenessProbe"), "/")
-		startupPath := "/" + strings.Join(append(path, "spec", "containers", index, "startupProbe"), "/")
-		var f = func(value any) *v1.Probe {
-			if value == nil {
-				return nil
-			}
-			str, ok := value.(string)
-			if ok && str == "" {
-				return nil
-			}
-			if !ok {
-				marshal, err := json2.Marshal(value)
-				if err != nil {
-					log.Errorf("Failed to marshal json: %v", err)
-					return nil
-				}
-				str = string(marshal)
-			}
-			var probe v1.Probe
-			err := json2.Unmarshal([]byte(str), &probe)
-			if err != nil {
-				log.Errorf("error while json unmarsh: %v", err)
-				return nil
-			}
-			return &probe
-		}
-		for _, p := range patch {
-			switch p.Path {
-			case readinessPath:
-				spec.Spec.Containers[i].ReadinessProbe = f(p.Value)
-			case livenessPath:
-				spec.Spec.Containers[i].LivenessProbe = f(p.Value)
-			case startupPath:
-				spec.Spec.Containers[i].StartupProbe = f(p.Value)
-			}
-		}
-	}
-}