refactor: use origin workload of proxy mode (#621)

2025-12-24 11:51:13 +08:00 · 2025-06-04 14:30:24 +08:00
parent a750327d9e
commit fd59ed242c
14 changed files with 467 additions and 222 deletions
--- a/pkg/inject/controller.go
+++ b/pkg/inject/controller.go
@@ -38,7 +38,7 @@ func RemoveContainers(spec *v1.PodTemplateSpec) {
 }

 // AddMeshContainer todo envoy support ipv6
-func AddMeshContainer(spec *v1.PodTemplateSpec, ns, nodeId string, c util.PodRouteConfig, ipv6 bool, connectNamespace string, secret *v1.Secret) {
+func AddMeshContainer(spec *v1.PodTemplateSpec, ns, nodeID string, c util.PodRouteConfig, ipv6 bool, connectNamespace string, secret *v1.Secret) {
 	// remove envoy proxy containers if already exist
 	RemoveContainers(spec)

@@ -144,9 +144,9 @@ kubevpn server -l "tun:/localhost:8422?net=${TunIPv4}&net6=${TunIPv6}&route=${CI
 			"--base-id",
 			"1",
 			"--service-node",
-			util.GenEnvoyUID(ns, nodeId),
+			util.GenEnvoyUID(ns, nodeID),
 			"--service-cluster",
-			util.GenEnvoyUID(ns, nodeId),
+			util.GenEnvoyUID(ns, nodeID),
 			"--config-yaml",
 		},
 		Args: []string{
@@ -171,7 +171,7 @@ kubevpn server -l "tun:/localhost:8422?net=${TunIPv4}&net6=${TunIPv6}&route=${CI
 	})
 }

-func AddEnvoyContainer(spec *v1.PodTemplateSpec, ns, nodeId string, ipv6 bool, connectNamespace string, secret *v1.Secret) {
+func AddEnvoyContainer(spec *v1.PodTemplateSpec, ns, nodeID string, ipv6 bool, connectNamespace string, secret *v1.Secret) {
 	// remove envoy proxy containers if already exist
 	RemoveContainers(spec)

@@ -208,9 +208,9 @@ kubevpn server -l "ssh://:2222"`,
 			"--base-id",
 			"1",
 			"--service-node",
-			util.GenEnvoyUID(ns, nodeId),
+			util.GenEnvoyUID(ns, nodeID),
 			"--service-cluster",
-			util.GenEnvoyUID(ns, nodeId),
+			util.GenEnvoyUID(ns, nodeID),
 			"--config-yaml",
 		},
 		Args: []string{
--- a/pkg/inject/fargate.go
+++ b/pkg/inject/fargate.go
@@ -10,7 +10,6 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	k8sjson "k8s.io/apimachinery/pkg/util/json"
@@ -28,7 +27,7 @@ import (

 // InjectEnvoySidecar patch a sidecar, using iptables to do port-forward let this pod decide should go to 233.254.254.100 or request to 127.0.0.1
 // https://istio.io/latest/docs/ops/deployment/requirements/#ports-used-by-istio
-func InjectEnvoySidecar(ctx context.Context, f cmdutil.Factory, clientset *kubernetes.Clientset, connectNamespace string, object *runtimeresource.Info, headers map[string]string, portMap []string, secret *v1.Secret) (err error) {
+func InjectEnvoySidecar(ctx context.Context, nodeID string, f cmdutil.Factory, clientset *kubernetes.Clientset, connectNamespace string, current, object *runtimeresource.Info, headers map[string]string, portMap []string, secret *v1.Secret) (err error) {
 	u := object.Object.(*unstructured.Unstructured)
 	var templateSpec *v1.PodTemplateSpec
 	var path []string
@@ -37,8 +36,6 @@ func InjectEnvoySidecar(ctx context.Context, f cmdutil.Factory, clientset *kuber
 		return err
 	}

-	nodeID := fmt.Sprintf("%s.%s", object.Mapping.Resource.GroupResource().String(), object.Name)
-
 	c := util.PodRouteConfig{LocalTunIPv4: "127.0.0.1", LocalTunIPv6: netip.IPv6Loopback().String()}
 	ports, portmap := GetPort(templateSpec, portMap)
 	port := controlplane.ConvertContainerPort(ports...)
@@ -91,34 +88,22 @@ func InjectEnvoySidecar(ctx context.Context, f cmdutil.Factory, clientset *kuber
 		return err
 	}

+	if !util.IsK8sService(current) {
+		return nil
+	}
 	// 2) modify service containerPort to envoy listener port
-	err = ModifyServiceTargetPort(ctx, clientset, object.Namespace, templateSpec.Labels, containerPort2EnvoyListenerPort)
+	err = ModifyServiceTargetPort(ctx, clientset, object.Namespace, current.Name, containerPort2EnvoyListenerPort)
 	if err != nil {
 		return err
 	}
 	return nil
 }

-func ModifyServiceTargetPort(ctx context.Context, clientset *kubernetes.Clientset, namespace string, podLabels map[string]string, m map[int32]int32) error {
-	// service selector == pod labels
-	list, err := clientset.CoreV1().Services(namespace).List(ctx, metav1.ListOptions{})
+func ModifyServiceTargetPort(ctx context.Context, clientset *kubernetes.Clientset, namespace string, name string, m map[int32]int32) error {
+	svc, err := clientset.CoreV1().Services(namespace).Get(ctx, name, metav1.GetOptions{})
 	if err != nil {
 		return err
 	}
-
-	var svc *v1.Service
-	for _, item := range list.Items {
-		if item.Spec.Selector == nil {
-			continue
-		}
-		if labels.SelectorFromSet(item.Spec.Selector).Matches(labels.Set(podLabels)) {
-			svc = &item
-			break
-		}
-	}
-	if svc == nil {
-		return fmt.Errorf("can not found service with selector: %v", podLabels)
-	}
 	for i := range len(svc.Spec.Ports) {
 		if p, found := m[svc.Spec.Ports[i].Port]; found {
 			svc.Spec.Ports[i].TargetPort = intstr.FromInt32(p)
--- a/pkg/inject/mesh.go
+++ b/pkg/inject/mesh.go
@@ -31,7 +31,7 @@ import (
 // https://istio.io/latest/docs/ops/deployment/requirements/#ports-used-by-istio

 // InjectVPNAndEnvoySidecar patch a sidecar, using iptables to do port-forward let this pod decide should go to 233.254.254.100 or request to 127.0.0.1
-func InjectVPNAndEnvoySidecar(ctx context.Context, f cmdutil.Factory, mapInterface v12.ConfigMapInterface, connectNamespace string, object *runtimeresource.Info, c util.PodRouteConfig, headers map[string]string, portMaps []string, secret *v1.Secret) (err error) {
+func InjectVPNAndEnvoySidecar(ctx context.Context, nodeID string, f cmdutil.Factory, mapInterface v12.ConfigMapInterface, connectNamespace string, object *runtimeresource.Info, c util.PodRouteConfig, headers map[string]string, portMaps []string, secret *v1.Secret) (err error) {
 	u := object.Object.(*unstructured.Unstructured)
 	var templateSpec *v1.PodTemplateSpec
 	var path []string
@@ -70,8 +70,6 @@ func InjectVPNAndEnvoySidecar(ctx context.Context, f cmdutil.Factory, mapInterfa
 		}
 	}

-	nodeID := fmt.Sprintf("%s.%s", object.Mapping.Resource.GroupResource().String(), object.Name)
-
 	err = addEnvoyConfig(mapInterface, object.Namespace, nodeID, c, headers, ports, portmap)
 	if err != nil {
 		plog.G(ctx).Errorf("Failed to add envoy config: %v", err)
@@ -114,7 +112,7 @@ func InjectVPNAndEnvoySidecar(ctx context.Context, f cmdutil.Factory, mapInterfa
 	return err
 }

-func UnPatchContainer(ctx context.Context, factory cmdutil.Factory, mapInterface v12.ConfigMapInterface, object *runtimeresource.Info, isMeFunc func(isFargateMode bool, rule *controlplane.Rule) bool) (bool, error) {
+func UnPatchContainer(ctx context.Context, nodeID string, factory cmdutil.Factory, mapInterface v12.ConfigMapInterface, object *runtimeresource.Info, isMeFunc func(isFargateMode bool, rule *controlplane.Rule) bool) (bool, error) {
 	u := object.Object.(*unstructured.Unstructured)
 	templateSpec, depth, err := util.GetPodTemplateSpecPath(u)
 	if err != nil {
@@ -122,7 +120,6 @@ func UnPatchContainer(ctx context.Context, factory cmdutil.Factory, mapInterface
 		return false, err
 	}

-	nodeID := fmt.Sprintf("%s.%s", object.Mapping.Resource.GroupResource().String(), object.Name)
 	workload := util.ConvertUidToWorkload(nodeID)
 	var empty, found bool
 	empty, found, err = removeEnvoyConfig(mapInterface, object.Namespace, nodeID, isMeFunc)
--- a/pkg/inject/proxy.go
+++ b/pkg/inject/proxy.go
@@ -24,7 +24,7 @@ import (
 	util2 "github.com/wencaiwulue/kubevpn/v2/pkg/util"
 )

-func InjectVPNSidecar(ctx context.Context, f util.Factory, connectNamespace string, object *resource.Info, c util2.PodRouteConfig, secret *v1.Secret) error {
+func InjectVPNSidecar(ctx context.Context, nodeID string, f util.Factory, connectNamespace string, object *resource.Info, c util2.PodRouteConfig, secret *v1.Secret) error {
 	u := object.Object.(*unstructured.Unstructured)

 	podTempSpec, path, err := util2.GetPodTemplateSpecPath(u)
@@ -36,7 +36,6 @@ func InjectVPNSidecar(ctx context.Context, f util.Factory, connectNamespace stri
 	if err != nil {
 		return err
 	}
-	nodeID := fmt.Sprintf("%s.%s", object.Mapping.Resource.GroupResource().String(), object.Name)
 	var ports []v1.ContainerPort
 	for _, container := range podTempSpec.Spec.Containers {
 		ports = append(ports, container.Ports...)
@@ -123,51 +122,6 @@ func CreateAfterDeletePod(ctx context.Context, factory util.Factory, p *v1.Pod,
 	return nil
 }

-func removeInboundContainer(factory util.Factory, namespace, workloads string) error {
-	object, err := util2.GetUnstructuredObject(factory, namespace, workloads)
-	if err != nil {
-		return err
-	}
-
-	u := object.Object.(*unstructured.Unstructured)
-
-	podTempSpec, path, err := util2.GetPodTemplateSpecPath(u)
-	if err != nil {
-		return err
-	}
-
-	helper := resource.NewHelper(object.Client, object.Mapping)
-
-	// pods
-	if len(path) == 0 {
-		_, err = helper.DeleteWithOptions(object.Namespace, object.Name, &v12.DeleteOptions{
-			GracePeriodSeconds: pointer.Int64(0),
-		})
-		if err != nil {
-			return err
-		}
-	}
-	// how to scale to one
-	RemoveContainer(&podTempSpec.Spec)
-
-	bytes, err := json.Marshal([]struct {
-		Op    string      `json:"op"`
-		Path  string      `json:"path"`
-		Value interface{} `json:"value"`
-	}{{
-		Op:    "replace",
-		Path:  "/" + strings.Join(append(path, "spec"), "/"),
-		Value: podTempSpec.Spec,
-	}})
-	if err != nil {
-		return err
-	}
-	_, err = helper.Patch(object.Namespace, object.Name, types.JSONPatchType, bytes, &v12.PatchOptions{
-		//Force: &t,
-	})
-	return err
-}
-
 func CleanupUselessInfo(pod *v1.Pod) {
 	pod.SetSelfLink("")
 	pod.SetGeneration(0)