diff --git a/pkg/config/const.go b/pkg/config/const.go index 1e66720e..a8a3f638 100644 --- a/pkg/config/const.go +++ b/pkg/config/const.go @@ -20,8 +20,6 @@ const ( LogFile = "daemon.log" - KubeVPNRestorePatchKey = "kubevpn-probe-restore-patch" - ConfigFile = "config.yaml" ) diff --git a/pkg/handler/clone.go b/pkg/handler/clone.go index 6d26980c..d78770b7 100644 --- a/pkg/handler/clone.go +++ b/pkg/handler/clone.go @@ -229,9 +229,6 @@ func (d *CloneOptions) DoClone(ctx context.Context, kubeconfigJsonBytes []byte) containers := spec.Spec.Containers // remove vpn sidecar for i := 0; i < len(containers); i++ { - containers[i].ReadinessProbe = nil - containers[i].LivenessProbe = nil - containers[i].StartupProbe = nil containerName := containers[i].Name if err == nil && (containerName == config.ContainerSidecarVPN || containerName == config.ContainerSidecarEnvoyProxy) { containers = append(containers[:i], containers[i+1:]...) diff --git a/pkg/inject/exchange.go b/pkg/inject/exchange.go index 776ebf4f..ffdbedde 100644 --- a/pkg/inject/exchange.go +++ b/pkg/inject/exchange.go @@ -81,6 +81,8 @@ func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) { // https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2 // for curl -g -6 [efff:ffff:ffff:ffff:ffff:ffff:ffff:999a]:9080/health or curl 127.0.0.1:9080/health hit local PC // output chain + // iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4} + // ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6} Args: []string{` sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv6.conf.all.disable_ipv6=0 @@ -97,8 +99,6 @@ iptables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv4} ip6tables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv6} iptables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE ip6tables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE -iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4} -ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6} kubevpn serve -L "tun:/127.0.0.1:8422?net=${TunIPv4}&route=${CIDR4}" -F "tcp://${TrafficManagerService}:10800"`, }, SecurityContext: &corev1.SecurityContext{ diff --git a/pkg/inject/mesh.go b/pkg/inject/mesh.go index d6dd3353..23342940 100644 --- a/pkg/inject/mesh.go +++ b/pkg/inject/mesh.go @@ -46,8 +46,6 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli return err } - origin := templateSpec.DeepCopy() - var ports []v1.ContainerPort for _, container := range templateSpec.Spec.Containers { ports = append(ports, container.Ports...) @@ -105,14 +103,6 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli enableIPv6, _ := util.DetectPodSupportIPv6(ctx1, factory, namespace) // (1) add mesh container - removePatch, restorePatch := patch(*origin, path) - var b []byte - b, err = k8sjson.Marshal(restorePatch) - if err != nil { - log.Errorf("Marshal patch error: %v", err) - return err - } - AddMeshContainer(templateSpec, nodeID, c, enableIPv6) helper := pkgresource.NewHelper(object.Client, object.Mapping) ps := []P{ @@ -121,14 +111,9 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli Path: "/" + strings.Join(append(path, "spec"), "/"), Value: templateSpec.Spec, }, - { - Op: "replace", - Path: "/metadata/annotations/" + config.KubeVPNRestorePatchKey, - Value: string(b), - }, } var bytes []byte - bytes, err = k8sjson.Marshal(append(ps, removePatch...)) + bytes, err = k8sjson.Marshal(append(ps)) if err != nil { return err } @@ -172,22 +157,12 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa log.Infof("Leaving workload %s", workload) RemoveContainers(templateSpec) - if u.GetAnnotations() != nil && u.GetAnnotations()[config.KubeVPNRestorePatchKey] != "" { - patchStr := u.GetAnnotations()[config.KubeVPNRestorePatchKey] - var ps []P - err = json.Unmarshal([]byte(patchStr), &ps) - if err != nil { - return fmt.Errorf("unmarshal json patch: %s failed, err: %v", patchStr, err) - } - fromPatchToProbe(templateSpec, depth, ps) - } if empty { helper := pkgresource.NewHelper(object.Client, object.Mapping) // pod without controller if len(depth) == 0 { log.Debugf("Workload %s is not under controller management", workload) - delete(templateSpec.ObjectMeta.GetAnnotations(), config.KubeVPNRestorePatchKey) pod := &v1.Pod{ObjectMeta: templateSpec.ObjectMeta, Spec: templateSpec.Spec} CleanupUselessInfo(pod) err = CreateAfterDeletePod(factory, pod, helper) @@ -203,11 +178,6 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa Path: "/" + strings.Join(append(depth, "spec"), "/"), Value: templateSpec.Spec, }, - { - Op: "replace", - Path: "/metadata/annotations/" + config.KubeVPNRestorePatchKey, - Value: "", - }, }) if err != nil { log.Errorf("Failed to generate json patch: %v", err) diff --git a/pkg/inject/proxy.go b/pkg/inject/proxy.go index d644df4b..fefe7857 100644 --- a/pkg/inject/proxy.go +++ b/pkg/inject/proxy.go @@ -5,7 +5,6 @@ import ( "encoding/json" errors2 "errors" "fmt" - "strconv" "strings" "time" @@ -15,14 +14,12 @@ import ( v12 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/types" - json2 "k8s.io/apimachinery/pkg/util/json" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/cli-runtime/pkg/resource" "k8s.io/client-go/util/retry" "k8s.io/kubectl/pkg/cmd/util" "k8s.io/utils/pointer" - "github.com/wencaiwulue/kubevpn/v2/pkg/config" util2 "github.com/wencaiwulue/kubevpn/v2/pkg/util" ) @@ -58,18 +55,12 @@ func InjectVPNSidecar(ctx1 context.Context, factory util.Factory, namespace, wor return err } - origin := *podTempSpec AddContainer(&podTempSpec.Spec, c) helper := resource.NewHelper(object.Client, object.Mapping) // pods without controller if len(path) == 0 { log.Infof("Workload %s/%s is not controlled by any controller", namespace, workload) - for _, container := range podTempSpec.Spec.Containers { - container.LivenessProbe = nil - container.StartupProbe = nil - container.ReadinessProbe = nil - } p := &v1.Pod{ObjectMeta: podTempSpec.ObjectMeta, Spec: podTempSpec.Spec} CleanupUselessInfo(p) if err = CreateAfterDeletePod(factory, p, helper); err != nil { @@ -79,22 +70,14 @@ func InjectVPNSidecar(ctx1 context.Context, factory util.Factory, namespace, wor // controllers { log.Debugf("The %s is under controller management", workload) - // remove probe - removePatch, restorePatch := patch(origin, path) - b, _ := json.Marshal(restorePatch) p := []P{ { Op: "replace", Path: "/" + strings.Join(append(path, "spec"), "/"), Value: podTempSpec.Spec, }, - { - Op: "replace", - Path: "/metadata/annotations/" + config.KubeVPNRestorePatchKey, - Value: string(b), - }, } - marshal, _ := json.Marshal(append(p, removePatch...)) + marshal, _ := json.Marshal(append(p)) _, err = helper.Patch(object.Namespace, object.Name, types.JSONPatchType, marshal, &v12.PatchOptions{}) if err != nil { log.Errorf("Failed to inject proxy container: %v, exiting...", err) @@ -204,98 +187,3 @@ type P struct { Path string `json:"path,omitempty"` Value interface{} `json:"value,omitempty"` } - -func patch(spec v1.PodTemplateSpec, path []string) (remove []P, restore []P) { - for i := range spec.Spec.Containers { - index := strconv.Itoa(i) - readinessPath := "/" + strings.Join(append(path, "spec", "containers", index, "readinessProbe"), "/") - livenessPath := "/" + strings.Join(append(path, "spec", "containers", index, "livenessProbe"), "/") - startupPath := "/" + strings.Join(append(path, "spec", "containers", index, "startupProbe"), "/") - f := func(p *v1.Probe) string { - if p == nil { - return "" - } - marshal, err := json2.Marshal(p) - if err != nil { - log.Errorf("Failed to marshal json: %v", err) - return "" - } - return string(marshal) - } - remove = append(remove, P{ - Op: "replace", - Path: readinessPath, - Value: nil, - }, P{ - Op: "replace", - Path: livenessPath, - Value: nil, - }, P{ - Op: "replace", - Path: startupPath, - Value: nil, - }) - restore = append(restore, P{ - Op: "replace", - Path: readinessPath, - Value: f(spec.Spec.Containers[i].ReadinessProbe), - }, P{ - Op: "replace", - Path: livenessPath, - Value: f(spec.Spec.Containers[i].LivenessProbe), - }, P{ - Op: "replace", - Path: startupPath, - Value: f(spec.Spec.Containers[i].StartupProbe), - }) - } - return -} - -func fromPatchToProbe(spec *v1.PodTemplateSpec, path []string, patch []P) { - // 3 = readiness + liveness + startup - if len(patch) != 3*len(spec.Spec.Containers) { - log.Debugf("patch not match container num, not restore") - return - } - for i := range spec.Spec.Containers { - index := strconv.Itoa(i) - readinessPath := "/" + strings.Join(append(path, "spec", "containers", index, "readinessProbe"), "/") - livenessPath := "/" + strings.Join(append(path, "spec", "containers", index, "livenessProbe"), "/") - startupPath := "/" + strings.Join(append(path, "spec", "containers", index, "startupProbe"), "/") - var f = func(value any) *v1.Probe { - if value == nil { - return nil - } - str, ok := value.(string) - if ok && str == "" { - return nil - } - if !ok { - marshal, err := json2.Marshal(value) - if err != nil { - log.Errorf("Failed to marshal json: %v", err) - return nil - } - str = string(marshal) - } - var probe v1.Probe - err := json2.Unmarshal([]byte(str), &probe) - if err != nil { - log.Errorf("error while json unmarsh: %v", err) - return nil - } - return &probe - } - for _, p := range patch { - switch p.Path { - case readinessPath: - spec.Spec.Containers[i].ReadinessProbe = f(p.Value) - case livenessPath: - spec.Spec.Containers[i].LivenessProbe = f(p.Value) - case startupPath: - spec.Spec.Containers[i].StartupProbe = f(p.Value) - } - } - } -}