feat: disable envoy stream timeout

2025-10-21 22:39:36 +08:00 · 2022-12-09 22:03:42 +08:00
parent 1004db36b9
commit 8356ff68d2
17 changed files with 155 additions and 76 deletions
--- a/cmd/kubevpn/cmds/connect.go
+++ b/cmd/kubevpn/cmds/connect.go
@@ -55,7 +55,7 @@ var connectCmd = &cobra.Command{
 		if err := connect.DoConnect(); err != nil {
 			log.Errorln(err)
 			handler.Cleanup(syscall.SIGQUIT)
-			return
+			select {}
 		}
 		fmt.Println(`---------------------------------------------------------------------------`)
 		fmt.Println(`    Now you can access resources in the kubernetes cluster, enjoy it :)    `)
--- a/pkg/controlplane/cache.go
+++ b/pkg/controlplane/cache.go
@@ -63,6 +63,7 @@ func (a *Virtual) To() (
 					Routes:  rr,
 				},
 			},
 			MaxDirectResponseBodySizeBytes: nil,
 		})
 	}
 	return
@@ -147,6 +148,12 @@ func ToRoute(clusterName string, headers map[string]string) *route.Route {
 				ClusterSpecifier: &route.RouteAction_Cluster{
 					Cluster: clusterName,
 				},
 				Timeout:     durationpb.New(0),
 				IdleTimeout: durationpb.New(0),
 				MaxStreamDuration: &route.RouteAction_MaxStreamDuration{
 					MaxStreamDuration:    durationpb.New(0),
 					GrpcTimeoutHeaderMax: durationpb.New(0),
 				},
 			},
 		},
 	}
@@ -164,6 +171,12 @@ func DefaultRoute() *route.Route {
 				ClusterSpecifier: &route.RouteAction_Cluster{
 					Cluster: "origin_cluster",
 				},
 				Timeout:     durationpb.New(0),
 				IdleTimeout: durationpb.New(0),
 				MaxStreamDuration: &route.RouteAction_MaxStreamDuration{
 					MaxStreamDuration:    durationpb.New(0),
 					GrpcTimeoutHeaderMax: durationpb.New(0),
 				},
 			},
 		},
 	}
@@ -188,9 +201,6 @@ func ToListener(listenerName string, routeName string, port int32, p corev1.Prot
 	httpManager := &httpconnectionmanager.HttpConnectionManager{
 		CodecType:  httpconnectionmanager.HttpConnectionManager_AUTO,
 		StatPrefix: "http",
 		HttpFilters: []*httpconnectionmanager.HttpFilter{{
 			Name: wellknown.Router,
 		}},
 		RouteSpecifier: &httpconnectionmanager.HttpConnectionManager_Rds{
 			Rds: &httpconnectionmanager.Rds{
 				ConfigSource: &core.ConfigSource{
@@ -211,6 +221,10 @@ func ToListener(listenerName string, routeName string, port int32, p corev1.Prot
 				RouteConfigName: routeName,
 			},
 		},
 		HttpFilters: []*httpconnectionmanager.HttpFilter{{
 			Name: wellknown.Router,
 		}},
 		StreamIdleTimeout: durationpb.New(0),
 	}
 	tcpConfig := &tcpproxy.TcpProxy{
--- a/pkg/controlplane/processor.go
+++ b/pkg/controlplane/processor.go
@@ -68,7 +68,7 @@ func (p *Processor) ProcessFile(file NotifyMessage) {
 			return
 		}
 		p.logger.Debugf("will serve snapshot %+v, nodeID: %s", snapshot, config.Uid)
-		if err = p.cache.SetSnapshot(context.TODO(), config.Uid, snapshot); err != nil {
+		if err = p.cache.SetSnapshot(context.Background(), config.Uid, snapshot); err != nil {
 			p.logger.Errorf("snapshot error %q for %v", err, snapshot)
 			p.logger.Fatal(err)
 		}
--- a/pkg/core/tunhandler.go
+++ b/pkg/core/tunhandler.go
@@ -86,7 +86,7 @@ func (h *tunHandler) Handle(ctx context.Context, conn net.Conn) {
 		case <-ctx.Done():
 			h.chExit <- struct{}{}
 		default:
-			log.Warnf("next loop, err: %v", err)
+			log.Debugf("next loop, err: %v", err)
 		}
 		if err != nil {
--- a/pkg/dns/dns_unix.go
+++ b/pkg/dns/dns_unix.go
@@ -79,7 +79,7 @@ func usingResolver(clientConfig *miekgdns.ClientConfig) {
 func usingNetworkSetup(ip string, namespace string) {
 	networkSetup(ip, namespace)
 	var ctx context.Context
-	ctx, cancel = context.WithCancel(context.TODO())
+	ctx, cancel = context.WithCancel(context.Background())
 	go func() {
 		ticker := time.NewTicker(time.Second * 10)
 		newWatcher, _ := fsnotify.NewWatcher()
--- a/pkg/exchange/controller.go
+++ b/pkg/exchange/controller.go
@@ -3,6 +3,7 @@ package exchange
 import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/utils/pointer"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 	"github.com/wencaiwulue/kubevpn/pkg/util"
@@ -20,8 +21,6 @@ func RemoveContainer(spec *corev1.PodSpec) {
 func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) {
 	// remove vpn container if already exist
 	RemoveContainer(spec)
 	t := true
 	zero := int64(0)
 	spec.Containers = append(spec.Containers, corev1.Container{
 		Name:  config.ContainerSidecarVPN,
 		Image: config.Image,
@@ -63,8 +62,8 @@ kubevpn serve -L "tun://0.0.0.0:8421/${TrafficManagerRealIP}:8422?net=${InboundP
 					//"SYS_MODULE",
 				},
 			},
-			RunAsUser:  &zero,
+			RunAsUser:  pointer.Int64(0),
-			Privileged: &t,
+			Privileged: pointer.Bool(true),
 		},
 		Resources: corev1.ResourceRequirements{
 			Requests: map[corev1.ResourceName]resource.Quantity{
--- a/pkg/handler/cleaner.go
+++ b/pkg/handler/cleaner.go
@@ -3,6 +3,7 @@ package handler
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"os/signal"
 	"strconv"
@@ -15,6 +16,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	v12 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/utils/pointer"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 	"github.com/wencaiwulue/kubevpn/pkg/dns"
@@ -59,7 +61,7 @@ func updateServiceRefCount(serviceInterface v12.ServiceInterface, name string, i
 		retry.DefaultRetry,
 		func(err error) bool { return !k8serrors.IsNotFound(err) },
 		func() error {
-			service, err := serviceInterface.Get(context.TODO(), name, v1.GetOptions{})
+			service, err := serviceInterface.Get(context.Background(), name, v1.GetOptions{})
 			if err != nil {
 				log.Errorf("update ref-count failed, increment: %d, error: %v", increment, err)
 				return err
@@ -75,7 +77,7 @@ func updateServiceRefCount(serviceInterface v12.ServiceInterface, name string, i
 					"value": strconv.Itoa(curCount + increment),
 				},
 			})
-			_, err = serviceInterface.Patch(context.TODO(), config.ConfigMapPodTrafficManager, types.JSONPatchType, p, v1.PatchOptions{})
+			_, err = serviceInterface.Patch(context.Background(), config.ConfigMapPodTrafficManager, types.JSONPatchType, p, v1.PatchOptions{})
 			return err
 		})
 	if err != nil {
@@ -87,7 +89,7 @@ func updateServiceRefCount(serviceInterface v12.ServiceInterface, name string, i
 func cleanUpTrafficManagerIfRefCountIsZero(clientset *kubernetes.Clientset, namespace string) {
 	updateServiceRefCount(clientset.CoreV1().Services(namespace), config.ConfigMapPodTrafficManager, -1)
-	pod, err := clientset.CoreV1().Services(namespace).Get(context.TODO(), config.ConfigMapPodTrafficManager, v1.GetOptions{})
+	pod, err := clientset.CoreV1().Services(namespace).Get(context.Background(), config.ConfigMapPodTrafficManager, v1.GetOptions{})
 	if err != nil {
 		log.Error(err)
 		return
@@ -99,12 +101,12 @@ func cleanUpTrafficManagerIfRefCountIsZero(clientset *kubernetes.Clientset, name
 	}
 	// if refcount is less than zero or equals to zero, means nobody is using this traffic pod, so clean it
 	if refCount <= 0 {
 		zero := int64(0)
 		log.Info("refCount is zero, prepare to clean up resource")
 		deleteOptions := v1.DeleteOptions{GracePeriodSeconds: &zero}
 		// keep configmap
-		//_ = clientset.CoreV1().ConfigMaps(namespace).Delete(context.TODO(), config.ConfigMapPodTrafficManager, deleteOptions)
+		p := []byte(fmt.Sprintf(`[{"op": "remove", "path": "/data/%s"}]`, config.KeyDHCP))
-		_ = clientset.CoreV1().Services(namespace).Delete(context.TODO(), config.ConfigMapPodTrafficManager, deleteOptions)
+		_, err = clientset.CoreV1().ConfigMaps(namespace).Patch(context.Background(), config.ConfigMapPodTrafficManager, types.JSONPatchType, p, v1.PatchOptions{})
-		_ = clientset.AppsV1().Deployments(namespace).Delete(context.TODO(), config.ConfigMapPodTrafficManager, deleteOptions)
+		deleteOptions := v1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)}
 		_ = clientset.CoreV1().Services(namespace).Delete(context.Background(), config.ConfigMapPodTrafficManager, deleteOptions)
 		_ = clientset.AppsV1().Deployments(namespace).Delete(context.Background(), config.ConfigMapPodTrafficManager, deleteOptions)
 	}
 }
--- a/pkg/handler/connect.go
+++ b/pkg/handler/connect.go
@@ -19,10 +19,12 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/cli-runtime/pkg/resource"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/kubectl/pkg/polymorphichelpers"
 	"k8s.io/kubectl/pkg/scheme"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 	"github.com/wencaiwulue/kubevpn/pkg/core"
@@ -64,6 +66,29 @@ func (c *ConnectOptions) createRemoteInboundPod() (err error) {
 				TrafficManagerRealIP: c.routerIP.String(),
 				Route:                config.CIDR.String(),
 			}
 			RollbackFuncList = append(RollbackFuncList, func() {
 				r := c.factory.NewBuilder().
 					WithScheme(scheme.Scheme, scheme.Scheme.PrioritizedVersionsAllGroups()...).
 					NamespaceParam(c.Namespace).DefaultNamespace().
 					ResourceTypeOrNameArgs(true, workload).
 					ContinueOnError().
 					Latest().
 					Flatten().
 					Do()
 				if r.Err() == nil {
 					_ = r.Visit(func(info *resource.Info, err error) error {
 						if err != nil {
 							return err
 						}
 						rollbacker, err := polymorphichelpers.RollbackerFn(c.factory, info.ResourceMapping())
 						if err != nil {
 							return err
 						}
 						_, err = rollbacker.Rollback(info.Object, nil, 0, cmdutil.DryRunNone)
 						return err
 					})
 				}
 			})
 			// means mesh mode
 			if len(c.Headers) != 0 {
 				err = InjectVPNAndEnvoySidecar(c.factory, c.clientset.CoreV1().ConfigMaps(c.Namespace), c.Namespace, workload, configInfo, c.Headers)
@@ -74,6 +99,7 @@ func (c *ConnectOptions) createRemoteInboundPod() (err error) {
 				log.Error(err)
 				return err
 			}
 			RollbackFuncList = RollbackFuncList[0 : len(RollbackFuncList)-1]
 		}
 	}
 	return
@@ -90,7 +116,7 @@ func (c *ConnectOptions) DoConnect() (err error) {
 	if err != nil {
 		return
 	}
-	c.routerIP, err = CreateOutboundPod(c.clientset, c.Namespace, trafficMangerNet.String(), c.cidrs)
+	c.routerIP, err = CreateOutboundPod(c.factory, c.clientset, c.Namespace, trafficMangerNet.String(), c.cidrs)
 	if err != nil {
 		return
 	}
@@ -349,12 +375,12 @@ func (c *ConnectOptions) PreCheckResource() {
 		if object.Mapping.Resource.Resource != "services" {
 			continue
 		}
-		get, err := c.clientset.CoreV1().Services(c.Namespace).Get(context.TODO(), object.Name, metav1.GetOptions{})
+		get, err := c.clientset.CoreV1().Services(c.Namespace).Get(context.Background(), object.Name, metav1.GetOptions{})
 		if err != nil {
 			continue
 		}
 		if ns, selector, err := polymorphichelpers.SelectorsForObject(get); err == nil {
-			list, err := c.clientset.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{
+			list, err := c.clientset.CoreV1().Pods(ns).List(context.Background(), metav1.ListOptions{
 				LabelSelector: selector.String(),
 			})
 			// if pod is not empty, using pods to find top controller
--- a/pkg/handler/envoy.go
+++ b/pkg/handler/envoy.go
@@ -30,8 +30,6 @@ import (
 //	patch a sidecar, using iptables to do port-forward let this pod decide should go to 233.254.254.100 or request to 127.0.0.1
 func InjectVPNAndEnvoySidecar(factory cmdutil.Factory, clientset v12.ConfigMapInterface, namespace, workloads string, c util.PodRouteConfig, headers map[string]string) error {
 	//t := true
 	//zero := int64(0)
 	object, err := util.GetUnstructuredObject(factory, namespace, workloads)
 	if err != nil {
 		return err
@@ -109,8 +107,6 @@ func InjectVPNAndEnvoySidecar(factory cmdutil.Factory, clientset v12.ConfigMapIn
 }
 func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterface, namespace, workloads string, headers map[string]string) error {
 	//t := true
 	//zero := int64(0)
 	object, err := util.GetUnstructuredObject(factory, namespace, workloads)
 	if err != nil {
 		return err
@@ -156,7 +152,7 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa
 }
 func addEnvoyConfig(mapInterface v12.ConfigMapInterface, nodeID string, localTUNIP string, headers map[string]string, port []v1.ContainerPort) error {
-	configMap, err := mapInterface.Get(context.TODO(), config.ConfigMapPodTrafficManager, metav1.GetOptions{})
+	configMap, err := mapInterface.Get(context.Background(), config.ConfigMapPodTrafficManager, metav1.GetOptions{})
 	if err != nil {
 		return err
 	}
@@ -199,7 +195,7 @@ func addEnvoyConfig(mapInterface v12.ConfigMapInterface, nodeID string, localTUN
 }
 func removeEnvoyConfig(mapInterface v12.ConfigMapInterface, nodeID string, headers map[string]string) (bool, error) {
-	configMap, err := mapInterface.Get(context.TODO(), config.ConfigMapPodTrafficManager, metav1.GetOptions{})
+	configMap, err := mapInterface.Get(context.Background(), config.ConfigMapPodTrafficManager, metav1.GetOptions{})
 	if k8serrors.IsNotFound(err) {
 		return true, nil
 	}
--- a/pkg/handler/remote.go
+++ b/pkg/handler/remote.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"k8s.io/utils/pointer"
 	"net"
 	"strconv"
 	"strings"
@@ -26,22 +25,37 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/kubectl/pkg/polymorphichelpers"
 	"k8s.io/kubectl/pkg/util/podutils"
 	"k8s.io/utils/pointer"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 	"github.com/wencaiwulue/kubevpn/pkg/exchange"
 	"github.com/wencaiwulue/kubevpn/pkg/util"
 )
-func CreateOutboundPod(clientset *kubernetes.Clientset, namespace string, trafficManagerIP string, nodeCIDR []*net.IPNet) (net.IP, error) {
+func CreateOutboundPod(factory cmdutil.Factory, clientset *kubernetes.Clientset, namespace string, trafficManagerIP string, nodeCIDR []*net.IPNet) (ip net.IP, err error) {
 	podInterface := clientset.CoreV1().Pods(namespace)
 	serviceInterface := clientset.CoreV1().Services(namespace)
 	service, err := serviceInterface.Get(context.Background(), config.ConfigMapPodTrafficManager, metav1.GetOptions{})
-	if err == nil && service != nil {
+	if err == nil {
-		log.Infoln("traffic manager already exist, reuse it")
+		_, err = polymorphichelpers.AttachablePodForObjectFn(factory, service, 2*time.Second)
-		updateServiceRefCount(serviceInterface, service.GetName(), 1)
+		if err == nil {
-		return net.ParseIP(service.Spec.ClusterIP), nil
+			log.Infoln("traffic manager already exist, reuse it")
 			updateServiceRefCount(serviceInterface, service.GetName(), 1)
 			return net.ParseIP(service.Spec.ClusterIP), nil
 		}
 	}
 	var f = func() {
 		_ = serviceInterface.Delete(context.Background(), config.ConfigMapPodTrafficManager, metav1.DeleteOptions{})
 		_ = clientset.AppsV1().Deployments(namespace).Delete(context.Background(), config.ConfigMapPodTrafficManager, metav1.DeleteOptions{})
 	}
 	defer func() {
 		if err != nil {
 			f()
 		}
 	}()
 	f()
 	log.Infoln("traffic manager not exist, try to create it...")
 	udp8422 := "8422-for-udp"
 	tcp10800 := "10800-for-tcp"
@@ -198,29 +212,42 @@ kubevpn serve -L "tcp://:10800" -L "tun://:8422?net=${TrafficManagerIP}" --debug
 			},
 		},
 	}
-	watchStream, err := podInterface.Watch(context.TODO(), metav1.ListOptions{
+	watchStream, err := podInterface.Watch(context.Background(), metav1.ListOptions{
 		LabelSelector: fields.OneTermEqualSelector("app", config.ConfigMapPodTrafficManager).String(),
 	})
 	if err != nil {
 		return nil, err
 	}
 	defer watchStream.Stop()
-	if _, err = clientset.AppsV1().Deployments(namespace).Create(context.TODO(), deployment, metav1.CreateOptions{}); err != nil {
+	if _, err = clientset.AppsV1().Deployments(namespace).Create(context.Background(), deployment, metav1.CreateOptions{}); err != nil {
 		return nil, err
 	}
-	var phase v1.PodPhase
+	var last string
 out:
 	for {
 		select {
 		case e := <-watchStream.ResultChan():
 			if podT, ok := e.Object.(*v1.Pod); ok {
-				if phase != podT.Status.Phase {
+				var sb = strings.Builder{}
-					log.Infof("pod %s status is %s", config.ConfigMapPodTrafficManager, podT.Status.Phase)
+				sb.WriteString(fmt.Sprintf("pod %s status is %s", config.ConfigMapPodTrafficManager, podT.Status.Phase))
 				for _, status := range podT.Status.ContainerStatuses {
 					if status.State.Waiting != nil {
 						if len(status.State.Waiting.Reason) != 0 {
 							sb.WriteString(fmt.Sprintf(" reason: %s", status.State.Waiting.Reason))
 						}
 						if len(status.State.Waiting.Message) != 0 {
 							sb.WriteString(fmt.Sprintf(" message: %s", status.State.Waiting.Message))
 						}
 					}
 				}
-				if podT.Status.Phase == v1.PodRunning {
+
 				if last != sb.String() {
 					log.Infof(sb.String())
 				}
 				if podutils.IsPodReady(podT) {
 					break out
 				}
-				phase = podT.Status.Phase
+				last = sb.String()
 			}
 		case <-time.Tick(time.Minute * 60):
 			return nil, errors.New(fmt.Sprintf("wait pod %s to be ready timeout", config.ConfigMapPodTrafficManager))
@@ -302,9 +329,8 @@ func InjectVPNSidecar(factory cmdutil.Factory, namespace, workloads string, conf
 }
 func createAfterDeletePod(factory cmdutil.Factory, p *v1.Pod, helper *pkgresource.Helper) error {
 	zero := int64(0)
 	if _, err := helper.DeleteWithOptions(p.Namespace, p.Name, &metav1.DeleteOptions{
-		GracePeriodSeconds: &zero,
+		GracePeriodSeconds: pointer.Int64(0),
 	}); err != nil {
 		log.Error(err)
 	}
@@ -318,7 +344,7 @@ func createAfterDeletePod(factory cmdutil.Factory, p *v1.Pod, helper *pkgresourc
 			return true
 		}
 		clientset, err := factory.KubernetesClientSet()
-		get, err := clientset.CoreV1().Pods(p.Namespace).Get(context.TODO(), p.Name, metav1.GetOptions{})
+		get, err := clientset.CoreV1().Pods(p.Namespace).Get(context.Background(), p.Name, metav1.GetOptions{})
 		if err != nil || get.Status.Phase != v1.PodRunning {
 			return true
 		}
@@ -353,10 +379,9 @@ func removeInboundContainer(factory cmdutil.Factory, namespace, workloads string
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	// pods
 	zero := int64(0)
 	if len(path) == 0 {
 		_, err = helper.DeleteWithOptions(object.Namespace, object.Name, &metav1.DeleteOptions{
-			GracePeriodSeconds: &zero,
+			GracePeriodSeconds: pointer.Int64(0),
 		})
 		if err != nil {
 			return err
@@ -377,7 +402,6 @@ func removeInboundContainer(factory cmdutil.Factory, namespace, workloads string
 	if err != nil {
 		return err
 	}
 	//t := true
 	_, err = helper.Patch(object.Namespace, object.Name, types.JSONPatchType, bytes, &metav1.PatchOptions{
 		//Force: &t,
 	})
--- a/pkg/handler/remote_test.go
+++ b/pkg/handler/remote_test.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"k8s.io/utils/pointer"
 	"net"
 	"os/exec"
 	"path/filepath"
@@ -180,9 +181,8 @@ func TestDeleteAndCreate(t *testing.T) {
 	err = json.Unmarshal(marshal, &pp)
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	zero := int64(0)
 	if _, err = helper.DeleteWithOptions(object.Namespace, object.Name, &metav1.DeleteOptions{
-		GracePeriodSeconds: &zero,
+		GracePeriodSeconds: pointer.Int64(0),
 	}); err != nil {
 		log.Fatal(err)
 	}
@@ -200,7 +200,7 @@ func TestDeleteAndCreate(t *testing.T) {
 			return true
 		}
 		clientset, err := factory.KubernetesClientSet()
-		get, err := clientset.CoreV1().Pods(p.Namespace).Get(context.TODO(), p.Name, metav1.GetOptions{})
+		get, err := clientset.CoreV1().Pods(p.Namespace).Get(context.Background(), p.Name, metav1.GetOptions{})
 		if err != nil || get.Status.Phase != corev1.PodRunning {
 			return true
 		}
@@ -230,11 +230,13 @@ func TestReadiness(t *testing.T) {
 	}
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	removePatch, restorePatch := patch(*podTemplateSpec, path)
-	_, err = patchs(helper, object.Namespace, object.Name, removePatch)
+	marshal, _ := json.Marshal(removePatch)
 	bytes, _ := json.Marshal(restorePatch)
 	_, err = patchs(helper, object.Namespace, object.Name, marshal)
 	if err != nil {
 		panic(err)
 	}
-	_, err = patchs(helper, object.Namespace, object.Name, restorePatch)
+	_, err = patchs(helper, object.Namespace, object.Name, bytes)
 	if err != nil {
 		panic(err)
 	}
--- a/pkg/mesh/controller.go
+++ b/pkg/mesh/controller.go
@@ -6,6 +6,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/utils/pointer"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 	"github.com/wencaiwulue/kubevpn/pkg/util"
@@ -23,8 +24,6 @@ func RemoveContainers(spec *v1.PodTemplateSpec) {
 func AddMeshContainer(spec *v1.PodTemplateSpec, nodeId string, c util.PodRouteConfig) {
 	// remove envoy proxy containers if already exist
 	RemoveContainers(spec)
 	zero := int64(0)
 	t := true
 	spec.Spec.Containers = append(spec.Spec.Containers, v1.Container{
 		Name:    config.ContainerSidecarVPN,
 		Image:   config.Image,
@@ -62,8 +61,8 @@ kubevpn serve -L "tun:/${TrafficManagerRealIP}:8422?net=${InboundPodTunIP}&route
 					//"SYS_MODULE",
 				},
 			},
-			RunAsUser:  &zero,
+			RunAsUser:  pointer.Int64(0),
-			Privileged: &t,
+			Privileged: pointer.Bool(true),
 		},
 		Resources: v1.ResourceRequirements{
 			Requests: map[v1.ResourceName]resource.Quantity{
--- a/pkg/test/function_test.go
+++ b/pkg/test/function_test.go
@@ -49,7 +49,7 @@ func TestFunctions(t *testing.T) {
 }
 func pingPodIP(t *testing.T) {
-	ctx, f := context.WithTimeout(context.TODO(), time.Second*60)
+	ctx, f := context.WithTimeout(context.Background(), time.Second*60)
 	defer f()
 	list, err := clientset.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{})
 	if err != nil {
@@ -74,7 +74,7 @@ func pingPodIP(t *testing.T) {
 }
 func healthCheckPod(t *testing.T) {
-	podList, err := clientset.CoreV1().Pods(namespace).List(context.TODO(), metav1.ListOptions{
+	podList, err := clientset.CoreV1().Pods(namespace).List(context.Background(), metav1.ListOptions{
 		LabelSelector: fields.OneTermEqualSelector("app", "productpage").String(),
 	})
 	if err != nil {
@@ -97,7 +97,7 @@ func healthCheckPod(t *testing.T) {
 }
 func healthCheckService(t *testing.T) {
-	serviceList, err := clientset.CoreV1().Services(namespace).List(context.TODO(), metav1.ListOptions{
+	serviceList, err := clientset.CoreV1().Services(namespace).List(context.Background(), metav1.ListOptions{
 		LabelSelector: fields.OneTermEqualSelector("app", "productpage").String(),
 	})
 	if err != nil {
@@ -121,7 +121,7 @@ func healthCheckService(t *testing.T) {
 func shortDomain(t *testing.T) {
 	var app = "productpage"
-	serviceList, err := clientset.CoreV1().Services(namespace).List(context.TODO(), metav1.ListOptions{
+	serviceList, err := clientset.CoreV1().Services(namespace).List(context.Background(), metav1.ListOptions{
 		LabelSelector: fields.OneTermEqualSelector("app", app).String(),
 	})
 	if err != nil {
@@ -145,7 +145,7 @@ func shortDomain(t *testing.T) {
 func fullDomain(t *testing.T) {
 	var app = "productpage"
-	serviceList, err := clientset.CoreV1().Services(namespace).List(context.TODO(), metav1.ListOptions{
+	serviceList, err := clientset.CoreV1().Services(namespace).List(context.Background(), metav1.ListOptions{
 		LabelSelector: fields.OneTermEqualSelector("app", app).String(),
 	})
 	if err != nil {
@@ -267,7 +267,7 @@ func server(port int) {
 func kubevpnConnect(t *testing.T) {
 	var ctx context.Context
-	ctx, cancelFunc = context.WithCancel(context.TODO())
+	ctx, cancelFunc = context.WithCancel(context.Background())
 	ctx, cancel := context.WithTimeout(ctx, 2*time.Hour)
 	cmd := exec.CommandContext(ctx, "kubevpn", "connect", "--debug", "--workloads", "deployments/reviews")
--- a/pkg/util/cidr.go
+++ b/pkg/util/cidr.go
@@ -74,7 +74,7 @@ func GetCIDRFromResourceUgly(clientset *kubernetes.Clientset, namespace string)
 	//172.17.0.3
 	//172.17.0.7
 	//172.17.0.2
-	podList, _ := clientset.CoreV1().Pods(namespace).List(context.TODO(), v1.ListOptions{})
+	podList, _ := clientset.CoreV1().Pods(namespace).List(context.Background(), v1.ListOptions{})
 	for _, pod := range podList.Items {
 		if pod.Spec.HostNetwork {
 			continue
@@ -87,7 +87,7 @@ func GetCIDRFromResourceUgly(clientset *kubernetes.Clientset, namespace string)
 	}
 	// (2) get service CIDR
-	serviceList, _ := clientset.CoreV1().Services(namespace).List(context.TODO(), v1.ListOptions{})
+	serviceList, _ := clientset.CoreV1().Services(namespace).List(context.Background(), v1.ListOptions{})
 	for _, service := range serviceList.Items {
 		if ip := net.ParseIP(service.Spec.ClusterIP); ip != nil {
 			mask := net.CIDRMask(16, 32)
--- a/pkg/util/getcidr.go
+++ b/pkg/util/getcidr.go
@@ -27,7 +27,7 @@ import (
 // get cidr by dump cluster info
 func getCIDRByDumpClusterInfo(clientset *kubernetes.Clientset) ([]*net.IPNet, error) {
-	p, err := clientset.CoreV1().Pods("kube-system").List(context.TODO(), v1.ListOptions{
+	p, err := clientset.CoreV1().Pods("kube-system").List(context.Background(), v1.ListOptions{
 		FieldSelector: fields.OneTermEqualSelector("status.phase", string(v12.PodRunning)).String(),
 	})
 	if err != nil {
@@ -102,7 +102,7 @@ func getCIDRFromCNI(clientset *kubernetes.Clientset, restclient *rest.RESTClient
 func getServiceCIDRByCreateSvc(serviceInterface corev1.ServiceInterface) (*net.IPNet, error) {
 	defaultCIDRIndex := "valid IPs is"
-	_, err := serviceInterface.Create(context.TODO(), &v12.Service{
+	_, err := serviceInterface.Create(context.Background(), &v12.Service{
 		ObjectMeta: v1.ObjectMeta{GenerateName: "foo-svc-"},
 		Spec:       v12.ServiceSpec{Ports: []v12.ServicePort{{Port: 80}}, ClusterIP: "0.0.0.0"},
 	}, v1.CreateOptions{})
@@ -135,7 +135,7 @@ func getPodCIDRFromCNI(clientset *kubernetes.Clientset, restclient *rest.RESTCli
 	conf, err := libcni.ConfListFromFile(content)
 	if err == nil {
-		log.Infoln("get cni %s config", conf.Name)
+		log.Infoln("get cni config", conf.Name)
 	}
 	result := parseCIDRFromString(content)
@@ -270,7 +270,7 @@ func createCIDRPod(clientset *kubernetes.Clientset, namespace string) (*v12.Pod,
 }
 func getPodCIDRFromPod(clientset *kubernetes.Clientset, namespace string, svc *net.IPNet) ([]*net.IPNet, error) {
-	get, err := clientset.CoreV1().Pods(namespace).Get(context.TODO(), name, v1.GetOptions{})
+	get, err := clientset.CoreV1().Pods(namespace).Get(context.Background(), name, v1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/util/getcidr_test.go
+++ b/pkg/util/getcidr_test.go
@@ -62,3 +62,21 @@ func TestElegant(t *testing.T) {
 		fmt.Println(net.String())
 	}
 }
 func TestCal(t *testing.T) {
 	ints := []int{
 		5, 26,
 		8, 22,
 		25, 8,
 		8, 10,
 		25, 23,
 		8, 22,
 		8, 24,
 		8, 23,
 	}
 	sum := 0
 	for _, i := range ints {
 		sum += i
 	}
 	println(sum)
 }
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -42,7 +42,6 @@ import (
 	"k8s.io/kubectl/pkg/cmd/exec"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/kubectl/pkg/polymorphichelpers"
 	"k8s.io/kubectl/pkg/util/interrupt"
 	"github.com/wencaiwulue/kubevpn/pkg/config"
 )
@@ -74,7 +73,7 @@ func GetAvailableTCPPortOrDie() int {
 }
 func WaitPod(podInterface v12.PodInterface, list metav1.ListOptions, checker func(*v1.Pod) bool) error {
-	ctx, cancelFunc := context.WithTimeout(context.TODO(), time.Minute*60)
+	ctx, cancelFunc := context.WithTimeout(context.Background(), time.Minute*60)
 	defer cancelFunc()
 	watch, err := podInterface.Watch(ctx, list)
 	if err != nil {
@@ -379,18 +378,18 @@ func RolloutStatus(factory cmdutil.Factory, namespace, workloads string, timeout
 	lw := &cache.ListWatch{
 		ListFunc: func(options metav1.ListOptions) (k8sruntime.Object, error) {
 			options.FieldSelector = fieldSelector
-			return client.Resource(info.Mapping.Resource).Namespace(info.Namespace).List(context.TODO(), options)
+			return client.Resource(info.Mapping.Resource).Namespace(info.Namespace).List(context.Background(), options)
 		},
 		WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
 			options.FieldSelector = fieldSelector
-			return client.Resource(info.Mapping.Resource).Namespace(info.Namespace).Watch(context.TODO(), options)
+			return client.Resource(info.Mapping.Resource).Namespace(info.Namespace).Watch(context.Background(), options)
 		},
 	}
 	// if the rollout isn't done yet, keep watching deployment status
 	ctx, cancel := watchtools.ContextWithOptionalTimeout(context.Background(), timeout)
-	intr := interrupt.New(nil, cancel)
+	defer cancel()
-	return intr.Run(func() error {
+	return func() error {
 		_, err = watchtools.UntilWithSync(ctx, lw, &unstructured.Unstructured{}, nil, func(e watch.Event) (bool, error) {
 			switch t := e.Type; t {
 			case watch.Added, watch.Modified:
@@ -415,7 +414,7 @@ func RolloutStatus(factory cmdutil.Factory, namespace, workloads string, timeout
 			}
 		})
 		return err
-	})
+	}()
 }
 type proxyWriter struct {